fix: Allow for both amazonaws.com.cn and amazonaws.com conditions…

… in PassRole as required for AWS CN (#3422) * Allow for both amazonaws.com.cn and amazonaws.com conditions as required for AWS CN * Allow for both amazonaws.com.cn and amazonaws.com conditions as required for AWS CN - set in correct policy --------- Co-authored-by: Oliver Smith <osmith@netvirta.com>
SCT-Engineering · Jul 17, 2025 · 83b68fd · 83b68fd
1 parent 325c3fe
commit 83b68fd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
@@ -585,7 +585,7 @@ data "aws_iam_policy_document" "v1" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["ec2.${local.dns_suffix}"]
+      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
     }
   }