From 6c5b63cc71759ff7cc3ac51164f8ced306f2dc13 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 1 Aug 2025 16:23:36 -0400
Subject: [PATCH] * 2.4.1 -- 2025-08-01   - rolesanywhere: fix account_alias

---
 CHANGELOG.md                | 3 +++
 common/version.tf           | 2 +-
 rolesanywhere/aws_config.tf | 2 +-
 rolesanywhere/main.tf       | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a10c9fd..b053cee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -102,3 +102,6 @@ tag: 2.0.1
 * 2.4.0 -- 2025-07-29
   - move things to common
   - make submodule rolesanywhere
+
+* 2.4.1 -- 2025-08-01
+  - rolesanywhere: fix account_alias
diff --git a/common/version.tf b/common/version.tf
index f403a49..183f689 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.0"
+  _module_version = "2.4.1"
 }
diff --git a/rolesanywhere/aws_config.tf b/rolesanywhere/aws_config.tf
index 605670d..83fa2ec 100644
--- a/rolesanywhere/aws_config.tf
+++ b/rolesanywhere/aws_config.tf
@@ -3,7 +3,7 @@ resource "local_file" "aws_config_file" {
   file_permission      = "0644"
   directory_permission = "0755"
   content = templatefile("${path.module}/aws_config.tpl", {
-    account_alias    = var.account_alias
+    account_alias    = local.account_alias
     role_name        = local.role_name
     role_arn         = aws_iam_role.role.arn
     trust_anchor_arn = local.this_trust_arn
diff --git a/rolesanywhere/main.tf b/rolesanywhere/main.tf
index 7e3d3bc..9c35ca3 100644
--- a/rolesanywhere/main.tf
+++ b/rolesanywhere/main.tf
@@ -69,7 +69,7 @@ locals {
   account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
   region              = data.aws_region.current.name
   account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
-  account_alias       = var.account_alias != "" && var.account_alias != null ? var.account_alias : "none"
+  account_alias       = var.account_alias != "" ? var.account_alias : data.aws_iam_account_alias.current.account_alias
 
   role_name        = format("%v%v", lookup(local._prefixes, "role", ""), var.role_name)
   role_description = var.role_description == null ? var.role_name : var.role_description