🐛 fix(access_entries): update regex so -route53 is excluded (#22)

access_entries.tf

@@ -11,7 +11,7 @@ data "aws_iam_roles" "sso_admins" {
 }
 
 data "aws_iam_roles" "roles" {
-  name_regex = "r-inf-terrafor(m|m-eks)"
+  name_regex = "r-inf-terraform(-eks)"
 }
 
 data "aws_iam_roles" "sso_read" {
@@ -21,31 +21,30 @@ data "aws_iam_roles" "sso_read" {
 
 locals {
   access_entries = merge(local.admins, local.viewers)
-  arns           = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
+  admin_arns     = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
   admins = {
-    for arn in local.arns :
+    for arn in local.admin_arns :
     arn => {
       principal_arn     = arn
       kubernetes_groups = ["eks-console-dashboard-full-access-group"]
       policy_associations = {
         admin = {
-          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          policy_arn = format("arn:%v:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", data.aws_arn.current.partition)
           access_scope = {
             type = "cluster"
           }
         }
       }
     }
   }
-
   viewers = {
     for arn in tolist(data.aws_iam_roles.sso_read.arns) :
     arn => {
       principal_arn     = arn
       kubernetes_groups = ["eks-console-dashboard-restricted-access-group"]
       policy_associations = {
         view = {
-          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
+          policy_arn = format("arn:%v:eks::aws:cluster-access-policy/AmazonEKSViewPolicy", data.aws_arn.current.partition)
           access_scope = {
             type = "cluster"
           }