provider: Allow aws account ID in validateArn (#11450)

hashicorp · Jan 3, 2020 · 6d5931d · 6d5931d
1 parent bb3f0ec
commit 6d5931d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/aws/validators.go b/aws/validators.go
@@ -689,7 +689,7 @@ func validateArn(v interface{}, k string) (ws []string, errors []error) {
 	}
 
 	// http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
-	pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12})?:(.*)$`
+	pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(aws|\d{12})?:(.*)$`
 	if !regexp.MustCompile(pattern).MatchString(value) {
 		errors = append(errors, fmt.Errorf(
 			"%q doesn't look like a valid ARN (%q): %q",

diff --git a/aws/validators_test.go b/aws/validators_test.go
@@ -321,6 +321,7 @@ func TestValidateArn(t *testing.T) {
 	validNames := []string{
 		"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk
 		"arn:aws:iam::123456789012:user/David",                                             // IAM User
+		"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",                                 // Managed IAM policy
 		"arn:aws:rds:eu-west-1:123456789012:db:mysql-db",                                   // RDS
 		"arn:aws:s3:::my_corporate_bucket/exampleobject.png",                               // S3 object
 		"arn:aws:events:us-east-1:319201112229:rule/rule_name",                             // CloudWatch Rule