From aef58653576abbaf5e60483c332b4362b077c7ea Mon Sep 17 00:00:00 2001
From: Matthew Creal Morgan <matthew.c.morgan@census.gov>
Date: Fri, 13 Sep 2024 13:47:03 -0700
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(access=5Fentries):=20update?=
 =?UTF-8?q?=20regex=20so=20-route53=20is=20excluded=20(#22)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 access_entries.tf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/access_entries.tf b/access_entries.tf
index d54c149..d206d07 100644
--- a/access_entries.tf
+++ b/access_entries.tf
@@ -11,7 +11,7 @@ data "aws_iam_roles" "sso_admins" {
 }
 
 data "aws_iam_roles" "roles" {
-  name_regex = "r-inf-terrafor(m|m-eks)"
+  name_regex = "r-inf-terraform(-eks)"
 }
 
 data "aws_iam_roles" "sso_read" {
@@ -21,15 +21,15 @@ data "aws_iam_roles" "sso_read" {
 
 locals {
   access_entries = merge(local.admins, local.viewers)
-  arns           = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
+  admin_arns     = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
   admins = {
-    for arn in local.arns :
+    for arn in local.admin_arns :
     arn => {
       principal_arn     = arn
       kubernetes_groups = ["eks-console-dashboard-full-access-group"]
       policy_associations = {
         admin = {
-          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          policy_arn = format("arn:%v:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", data.aws_arn.current.partition)
           access_scope = {
             type = "cluster"
           }
@@ -37,7 +37,6 @@ locals {
       }
     }
   }
-
   viewers = {
     for arn in tolist(data.aws_iam_roles.sso_read.arns) :
     arn => {
@@ -45,7 +44,7 @@ locals {
       kubernetes_groups = ["eks-console-dashboard-restricted-access-group"]
       policy_associations = {
         view = {
-          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
+          policy_arn = format("arn:%v:eks::aws:cluster-access-policy/AmazonEKSViewPolicy", data.aws_arn.current.partition)
           access_scope = {
             type = "cluster"
           }