Created
September 16, 2023 00:32
-
-
Save tamsky/1df5198c44e9b475785373e2e532647e to your computer and use it in GitHub Desktop.
cool replacement iam_role via https://github.com/plus3it/terraform-aws-tardigrade-security-hub/pull/44/files#diff-ce653f8bfad212a7fd6a0d85aa2023386fb0f106ca1290f1c245bce1aa820b86R26-R35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| # Replace a terraform-aws-provider sts assumed role with the equivalent iam role, i.e: | |
| # arn:aws:sts::<account-id>:assumed-role/<role-name>/<numeric-session-id> | |
| # => | |
| # arn:aws:iam::<account-id>:role/<role-name> | |
| # This allows a user to simply pass `role_arn = "${data.aws_caller_identity.this.arn}"` | |
| role_arn = replace( | |
| var.role_arn, | |
| "/(.*):sts:(.*):assumed-role/(.*)/[0-9]*$/", | |
| "$1:iam:$2:role/$3", | |
| ) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment