marked cloud_account_id var as deprecated, the new CaaS account is al…

…ways added to the invocation role now
monte-carlo-data · May 24, 2024 · e97efad · e97efad
1 parent ea83e13
commit e97efad
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 locals {
   # Wrapper metadata
-  mcd_wrapper_version       = "0.1.4"
+  mcd_wrapper_version       = "0.1.5"
   mcd_agent_platform        = "AWS"
   mcd_agent_service_name    = "REMOTE_AGENT"
   mcd_agent_deployment_type = "TERRAFORM"
@@ -9,6 +9,8 @@ locals {
   account_id     = data.aws_caller_identity.current.account_id
   partition_id   = data.aws_partition.current.id
   connect_to_vpc = length(var.private_subnets) >= 2 ? true : false
+  skip_cloud_account_policy = contains(["N/A", "590183797493"], var.cloud_account_id)
+  invocation_role_source_arns = local.skip_cloud_account_policy ? ["arn:aws:iam::590183797493:root"] : ["arn:aws:iam::${var.cloud_account_id}:root", "arn:aws:iam::590183797493:root"]
 
   # Data store properties
   mcd_agent_store_name        = "mcd-agent-store-${random_id.mcd_agent_id.hex}"
@@ -432,7 +434,7 @@ resource "aws_iam_role" "mcd_agent_service_invocation_role" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "AWS" : "arn:aws:iam::${var.cloud_account_id}:root"
+          "AWS" : local.invocation_role_source_arns
         },
         "Action" : "sts:AssumeRole",
         "Condition" : {

diff --git a/variables.tf b/variables.tf
@@ -6,15 +6,13 @@ variable "image" {
 
 variable "cloud_account_id" {
   description = <<EOF
-    Select the Monte Carlo account your collection service is hosted in.
-
-    This can be found in the 'settings/integrations/collectors' tab on the UI or via the 'montecarlo collectors list' command on the CLI
+    [Deprecated] For updates use the previous value, for new deployments use N/A.
   EOF
   type        = string
   default     = "190812797848"
   validation {
-    condition     = contains(["190812797848", "799135046351", "682816785079", "637423407294", "590183797493"], var.cloud_account_id)
-    error_message = "Valid value is one of the following: 190812797848, 799135046351, 682816785079, 637423407294, 590183797493."
+    condition     = contains(["N/A", "190812797848", "799135046351", "682816785079", "637423407294", "590183797493"], var.cloud_account_id)
+    error_message = "Valid value is one of the following: N/A, 190812797848, 799135046351, 682816785079, 637423407294, 590183797493."
   }
 }