diff --git a/src/_nebari/template/stages/02-infrastructure/aws/main.tf b/src/_nebari/template/stages/02-infrastructure/aws/main.tf index 551b14d77a..913dcdabb4 100644 --- a/src/_nebari/template/stages/02-infrastructure/aws/main.tf +++ b/src/_nebari/template/stages/02-infrastructure/aws/main.tf @@ -5,12 +5,14 @@ data "aws_availability_zones" "awszones" { } } +data "aws_partition" "current" {} locals { # Only override_network if both existing_subnet_ids and existing_security_group_id are not null. override_network = (var.existing_subnet_ids != null) && (var.existing_security_group_id != null) subnet_ids = local.override_network ? var.existing_subnet_ids : module.network[0].subnet_ids security_group_id = local.override_network ? var.existing_security_group_id : module.network[0].security_group_id + partition = data.aws_partition.current.partition } # ==================== ACCOUNTING ====================== @@ -79,13 +81,14 @@ module "kubernetes" { name = local.cluster_name tags = local.additional_tags region = var.region + partition = local.partition kubernetes_version = var.kubernetes_version cluster_subnets = local.subnet_ids cluster_security_groups = [local.security_group_id] node_group_additional_policies = [ - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + "arn:${local.partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" ] node_groups = var.node_groups diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf index ab108957e5..46597190d1 100644 --- a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf +++ b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf @@ -1,14 +1,14 @@ locals { cluster_policies = concat([ - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", - "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", + "arn:${var.partition}:iam::aws:policy/AmazonEKSClusterPolicy", + "arn:${var.partition}:iam::aws:policy/AmazonEKSServicePolicy", + "arn:${var.partition}:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", ], var.cluster_additional_policies) node_group_policies = concat([ - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", + "arn:${var.partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "arn:${var.partition}:iam::aws:policy/AmazonEKS_CNI_Policy", + "arn:${var.partition}:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", aws_iam_policy.worker_autoscaling.arn ], var.node_group_additional_policies) diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf index 8c6a9ee958..b572ce83e4 100644 --- a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf +++ b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf @@ -19,6 +19,11 @@ variable "region" { type = string } +variable "partition" { + description = "AWS partition for EKS cluster" + type = string +} + variable "kubernetes_version" { description = "AWS kubernetes version for EKS cluster" type = string