From 4462ccc54915499aa665c196d2ed7efef3c2c946 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 17 Apr 2025 15:26:57 -0400
Subject: [PATCH] cross account pulls

---
 lab/_envcommon/common-variables.hcl | 10 +++++++++-
 lab/root.hcl                        |  9 +++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl
index bfdaeac..94ced2c 100644
--- a/lab/_envcommon/common-variables.hcl
+++ b/lab/_envcommon/common-variables.hcl
@@ -17,13 +17,21 @@ locals {
     }
   }
   eecr_account_id = local.enterprise_ecr_account.lab["account_id"]
-
+  eecr_alias = local.enterprise_ecr_account.lab["alias"]
+  eecr_role = local.enterprise_ecr_account.lab["role"]
+  eecr_profile = format("%v-%v.%v", local.eecr_account_id, local.eecr_alias, local.eecr_role)
   enterprise_ecr_account = {
     lab = {
       "account_id" = "269222635945"
+      "alias"      = "lab-gov-shared-nonprod"
+      "region"     = "us-gov-east-1"
+      "role"       = "inf-admin-t1"
     }
     prod = {
       "account_id" = "067074201825"
+      "alias"      = "ent-gov-shared-prod"
+      "region"     = "us-gov-east-1"
+      "role"       = "inf-admin-t1"
     }
   }
 }
diff --git a/lab/root.hcl b/lab/root.hcl
index 0035dbf..879fa66 100644
--- a/lab/root.hcl
+++ b/lab/root.hcl
@@ -39,7 +39,7 @@ locals {
   aws_region            = local.region_vars.locals.aws_region
   cluster_name          = local.cluster_vars.locals.cluster_name
   eecr_account_id       = local.common_vars.locals.eecr_account_id
-  eecr_profile          = replace(local.aws_profile, local.account_id, local.eecr_account_id)
+  eecr_profile          = local.common_vars.locals.eecr_profile
   environment_abbr      = local.account_vars.locals.environment_abbr
   finops_project_name   = local.cluster_vars.locals.finops_project_name
   finops_project_number = local.cluster_vars.locals.finops_project_number
@@ -162,11 +162,8 @@ generate "eecr-provider" {
   contents  = <<-EOF
   provider "aws" {
     alias   = "eecr"
-    profile = var.profile
-    assume_role {
-      role_arn     = format("arn:%v:iam::%v:role/r-ent-ecr", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
-      session_name = var.os_username
-    }
+    profile = "${local.eecr_profile}"
+    region = "${local.aws_region}"
   }
 EOF
 }