AWS gov cloud support (#1857)

Co-authored-by: Scott Blair <[email protected]>
nebari-dev · Jul 19, 2023 · bfe1314 · bfe1314
1 parent 6465975
commit bfe1314
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/src/_nebari/template/stages/02-infrastructure/aws/main.tf b/src/_nebari/template/stages/02-infrastructure/aws/main.tf
@@ -5,12 +5,14 @@ data "aws_availability_zones" "awszones" {
   }
 }
 
+data "aws_partition" "current" {}
 
 locals {
   # Only override_network if both existing_subnet_ids and existing_security_group_id are not null.
   override_network  = (var.existing_subnet_ids != null) && (var.existing_security_group_id != null)
   subnet_ids        = local.override_network ? var.existing_subnet_ids : module.network[0].subnet_ids
   security_group_id = local.override_network ? var.existing_security_group_id : module.network[0].security_group_id
+  partition         = data.aws_partition.current.partition
 }
 
 # ==================== ACCOUNTING ======================
@@ -79,13 +81,14 @@ module "kubernetes" {
   name               = local.cluster_name
   tags               = local.additional_tags
   region             = var.region
+  partition          = local.partition
   kubernetes_version = var.kubernetes_version
 
   cluster_subnets         = local.subnet_ids
   cluster_security_groups = [local.security_group_id]
 
   node_group_additional_policies = [
-    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+    "arn:${local.partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
   ]
 
   node_groups = var.node_groups

diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf
@@ -1,14 +1,14 @@
 locals {
   cluster_policies = concat([
-    "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
-    "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
-    "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
+    "arn:${var.partition}:iam::aws:policy/AmazonEKSClusterPolicy",
+    "arn:${var.partition}:iam::aws:policy/AmazonEKSServicePolicy",
+    "arn:${var.partition}:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
   ], var.cluster_additional_policies)
 
   node_group_policies = concat([
-    "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
-    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
-    "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
+    "arn:${var.partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+    "arn:${var.partition}:iam::aws:policy/AmazonEKS_CNI_Policy",
+    "arn:${var.partition}:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
     aws_iam_policy.worker_autoscaling.arn
   ], var.node_group_additional_policies)
 

diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf
@@ -19,6 +19,11 @@ variable "region" {
   type        = string
 }
 
+variable "partition" {
+  description = "AWS partition for EKS cluster"
+  type        = string
+}
+
 variable "kubernetes_version" {
   description = "AWS kubernetes version for EKS cluster"
   type        = string