update region

terraform-modules · Aug 12, 2025 · 6192807 · 6192807
1 parent 3a0bf82
commit 6192807
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 12 deletions.
diff --git a/main.tf b/main.tf
@@ -1,6 +1,7 @@
 locals {
   account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
   account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
   region_short = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
   iam_arn      = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
 

diff --git a/region.tf b/region.tf
diff --git a/role.tf b/role.tf
@@ -33,7 +33,7 @@ data "aws_iam_policy_document" "guardduty_malware_assume_role" {
     condition {
       test     = "ArnLike"
       variable = "aws:SourceArn"
-      values   = [format("arn:%v:guardduty:%v:%v:malware-protection-plan/*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)]
+      values   = [format("arn:%v:guardduty:%v:%v:malware-protection-plan/*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)]
     }
   }
 }
@@ -97,7 +97,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy_old" {
       "events:RemoveTargets",
     ]
     resources = [
-      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)
+      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)
     ]
     condition {
       test     = "StringLike"
@@ -113,7 +113,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy_old" {
       "events:ListTargetsByRule",
     ]
     resources = [
-      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)
+      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)
     ]
   }
   statement {
@@ -187,7 +187,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy" {
     sid    = "AllowManagedRuleToSendS3EventsToGuardDuty"
     effect = "Allow"
     resources = [
-      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)
+      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)
     ]
     actions = ["events:PutRule"]
 
@@ -230,7 +230,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy" {
     sid    = "AllowUpdateTargetAndDeleteManagedRule"
     effect = "Allow"
     resources = [
-      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)
+      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)
     ]
     actions = [
       "events:DeleteRule",
@@ -249,7 +249,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy" {
     sid    = "AllowGuardDutyToMonitorEventBridgeManagedRule"
     effect = "Allow"
     resources = [
-      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, var.region, data.aws_caller_identity.current.account_id)
+      format("arn:%v:events:%v:%v:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*", data.aws_arn.current.partition, local.region, data.aws_caller_identity.current.account_id)
     ]
     actions = [
       "events:DescribeRule",
@@ -358,7 +358,7 @@ data "aws_iam_policy_document" "guardduty_malware_access_policy" {
     condition {
       test     = "StringEquals"
       variable = "kms:ViaService"
-      values   = [format("s3.%v.amazonaws.com", var.region)]
+      values   = [format("s3.%v.amazonaws.com", local.region)]
     }
 
     condition {

diff --git a/secret.tf b/secret.tf
@@ -77,7 +77,7 @@ data "aws_iam_policy_document" "app_secret_key" {
 }
 
 resource "aws_kms_key" "app_secret" {
-  description         = format("KMS CMK %v in %v", var.app_info.key_name, var.region)
+  description         = format("KMS CMK %v in %v", var.app_info.key_name, local.region)
   enable_key_rotation = true
   policy              = data.aws_iam_policy_document.app_secret_key.json
   multi_region        = false

diff --git a/version.tf b/version.tf
@@ -1,4 +1,4 @@
 locals {
   _module_name = "aws-app-ditd-darhts-s3-transfer"
-  _module_version = "0.9.3"
+  _module_version = "0.9.4"
 }