[account-map] Backwards compatibility for terraform profile users and…

… eks/cluster (cloudposse/terraform-aws-components#731)
cloudposse-terraform-components · Jun 22, 2023 · 88178c6 · 88178c6
1 parent c1a3d93
commit 88178c6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 20 deletions.
diff --git a/src/README.md b/src/README.md
@@ -199,8 +199,6 @@ atmos terraform apply guardduty/org-settings/uw1 -s core-uw1-security
 | <a name="input_findings_notification_arn"></a> [findings\_notification\_arn](#input\_findings\_notification\_arn) | The ARN for an SNS topic to send findings notifications to. This is only used if create\_sns\_topic is false.<br>If you want to send findings to an existing SNS topic, set this to the ARN of the existing topic and set<br>create\_sns\_topic to false. | `string` | `null` | no |
 | <a name="input_global_environment"></a> [global\_environment](#input\_global\_environment) | Global environment name | `string` | `"gbl"` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
-| <a name="input_import_profile_name"></a> [import\_profile\_name](#input\_import\_profile\_name) | AWS Profile name to use when importing a resource | `string` | `null` | no |
-| <a name="input_import_role_arn"></a> [import\_role\_arn](#input\_import\_role\_arn) | IAM Role ARN to use when importing a resource | `string` | `null` | no |
 | <a name="input_kubernetes_audit_logs_enabled"></a> [kubernetes\_audit\_logs\_enabled](#input\_kubernetes\_audit\_logs\_enabled) | If `true`, enables Kubernetes audit logs as a data source for Kubernetes protection.<br><br>For more information, see:<br>https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector#audit_logs | `bool` | `false` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |

diff --git a/src/providers.tf b/src/providers.tf
@@ -1,23 +1,23 @@
 provider "aws" {
   region = var.region
 
-  profile = !var.privileged && module.iam_roles.profiles_enabled ? coalesce(var.import_profile_name, module.iam_roles.terraform_profile_name) : null
+  profile = !var.privileged && module.iam_roles.profiles_enabled ? module.iam_roles.terraform_profile_name : null
   dynamic "assume_role" {
-    for_each = var.privileged || module.iam_roles.profiles_enabled ? [] : ["role"]
+    for_each = var.privileged || module.iam_roles.profiles_enabled || (module.iam_roles.terraform_role_arn == null) ? [] : ["role"]
     content {
-      role_arn = coalesce(var.import_role_arn, module.iam_roles.terraform_role_arn)
+      role_arn = module.iam_roles.terraform_role_arn
     }
   }
 }
 
 provider "awsutils" {
   region = var.region
 
-  profile = !var.privileged && module.iam_roles.profiles_enabled ? coalesce(var.import_profile_name, module.iam_roles.terraform_profile_name) : null
+  profile = !var.privileged && module.iam_roles.profiles_enabled ? module.iam_roles.terraform_profile_name : null
   dynamic "assume_role" {
-    for_each = var.privileged || module.iam_roles.profiles_enabled ? [] : ["role"]
+    for_each = var.privileged || module.iam_roles.profiles_enabled || (module.iam_roles.terraform_role_arn == null) ? [] : ["role"]
     content {
-      role_arn = coalesce(var.import_role_arn, module.iam_roles.terraform_role_arn)
+      role_arn = module.iam_roles.terraform_role_arn
     }
   }
 }
@@ -28,15 +28,3 @@ module "iam_roles" {
 
   context = module.this.context
 }
-
-variable "import_profile_name" {
-  type        = string
-  default     = null
-  description = "AWS Profile name to use when importing a resource"
-}
-
-variable "import_role_arn" {
-  type        = string
-  default     = null
-  description = "IAM Role ARN to use when importing a resource"
-}