From d0fb12f27a29bb93298b21c4884d31f51b53894c Mon Sep 17 00:00:00 2001 From: Hazmei Abdul Rahman Date: Mon, 8 Dec 2025 14:51:31 +0800 Subject: [PATCH 1/2] chore: add aws provider v6 support for region attribute --- data.tf | 14 ++++++-------- main.tf | 1 + variables.tf | 6 ++++++ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/data.tf b/data.tf index ba0edc5..6e30c3f 100644 --- a/data.tf +++ b/data.tf @@ -4,8 +4,6 @@ data "aws_iam_openid_connect_provider" "github" { data "aws_caller_identity" "current" {} -data "aws_region" "current" {} - data "aws_iam_policy_document" "update_lambda" { #checkov:skip=CKV_AWS_356: Read only statement { @@ -32,7 +30,7 @@ data "aws_iam_policy_document" "update_lambda" { "lambda:PutProvisionedConcurrencyConfig", "lambda:DeleteProvisionedConcurrencyConfig", ] - resources = ["arn:aws:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"] + resources = ["arn:aws:lambda:${var.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"] } dynamic "statement" { @@ -43,7 +41,7 @@ data "aws_iam_policy_document" "update_lambda" { "apigateway:POST", "apigateway:PUT", ] - resources = ["arn:aws:apigateway:${data.aws_region.current.region}::/restapis/${var.apigw_id}/*"] + resources = ["arn:aws:apigateway:${var.region}::/restapis/${var.apigw_id}/*"] } } @@ -54,7 +52,7 @@ data "aws_iam_policy_document" "update_lambda" { actions = [ "lambda:AddPermission", ] - resources = ["arn:aws:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"] + resources = ["arn:aws:lambda:${var.region}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"] } } @@ -65,7 +63,7 @@ data "aws_iam_policy_document" "update_lambda" { actions = [ "lambda:UpdateEventSourceMapping", ] - resources = ["arn:aws:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:event-source-mapping:*"] + resources = ["arn:aws:lambda:${var.region}:${data.aws_caller_identity.current.account_id}:event-source-mapping:*"] } } } @@ -175,7 +173,7 @@ data "aws_iam_policy_document" "sign_code" { ] resources = [ - "arn:aws:signer:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:/signing-jobs/*", + "arn:aws:signer:${var.region}:${data.aws_caller_identity.current.account_id}:/signing-jobs/*", ] } @@ -188,7 +186,7 @@ data "aws_iam_policy_document" "sign_code" { ] resources = [ - "arn:aws:signer:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:/signing-profiles/${var.signing_profile_name}", + "arn:aws:signer:${var.region}:${data.aws_caller_identity.current.account_id}:/signing-profiles/${var.signing_profile_name}", ] } } diff --git a/main.tf b/main.tf index 9cc0180..a4ef571 100644 --- a/main.tf +++ b/main.tf @@ -14,6 +14,7 @@ module "lambda" { function_name = var.function_name description = var.description lambda_role = var.lambda_role + region = var.region create_package = false diff --git a/variables.tf b/variables.tf index 5c42a96..2560646 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,9 @@ +variable "region" { + description = "The AWS region to create resources in." + type = string + default = "us-east-1" +} + variable "create_github_actions_oidc_provider" { description = "Controls Whether to create openid connect provider." type = bool From 92a4837fe6869bc3246872a04db2bff7f0f7f040 Mon Sep 17 00:00:00 2001 From: Hazmei Abdul Rahman Date: Mon, 8 Dec 2025 14:55:56 +0800 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Goh Hong Yi --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 2560646..f9985fd 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,7 @@ variable "region" { description = "The AWS region to create resources in." type = string - default = "us-east-1" + default = "ap-southeast-1" } variable "create_github_actions_oidc_provider" {