From e97efad64bf446bea0a990d56b3a412eba7cd413 Mon Sep 17 00:00:00 2001
From: Martin Rostan <mrostan@montecarlodata.com>
Date: Fri, 24 May 2024 11:36:29 -0300
Subject: [PATCH] marked cloud_account_id var as deprecated, the new CaaS
 account is always added to the invocation role now

---
 main.tf      | 6 ++++--
 variables.tf | 8 +++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.tf b/main.tf
index 68455c4..b148706 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,6 @@
 locals {
   # Wrapper metadata
-  mcd_wrapper_version       = "0.1.4"
+  mcd_wrapper_version       = "0.1.5"
   mcd_agent_platform        = "AWS"
   mcd_agent_service_name    = "REMOTE_AGENT"
   mcd_agent_deployment_type = "TERRAFORM"
@@ -9,6 +9,8 @@ locals {
   account_id     = data.aws_caller_identity.current.account_id
   partition_id   = data.aws_partition.current.id
   connect_to_vpc = length(var.private_subnets) >= 2 ? true : false
+  skip_cloud_account_policy = contains(["N/A", "590183797493"], var.cloud_account_id)
+  invocation_role_source_arns = local.skip_cloud_account_policy ? ["arn:aws:iam::590183797493:root"] : ["arn:aws:iam::${var.cloud_account_id}:root", "arn:aws:iam::590183797493:root"]
 
   # Data store properties
   mcd_agent_store_name        = "mcd-agent-store-${random_id.mcd_agent_id.hex}"
@@ -432,7 +434,7 @@ resource "aws_iam_role" "mcd_agent_service_invocation_role" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "AWS" : "arn:aws:iam::${var.cloud_account_id}:root"
+          "AWS" : local.invocation_role_source_arns
         },
         "Action" : "sts:AssumeRole",
         "Condition" : {
diff --git a/variables.tf b/variables.tf
index 20e8b4b..5dcdf72 100644
--- a/variables.tf
+++ b/variables.tf
@@ -6,15 +6,13 @@ variable "image" {
 
 variable "cloud_account_id" {
   description = <<EOF
-    Select the Monte Carlo account your collection service is hosted in.
-
-    This can be found in the 'settings/integrations/collectors' tab on the UI or via the 'montecarlo collectors list' command on the CLI
+    [Deprecated] For updates use the previous value, for new deployments use N/A.
   EOF
   type        = string
   default     = "190812797848"
   validation {
-    condition     = contains(["190812797848", "799135046351", "682816785079", "637423407294", "590183797493"], var.cloud_account_id)
-    error_message = "Valid value is one of the following: 190812797848, 799135046351, 682816785079, 637423407294, 590183797493."
+    condition     = contains(["N/A", "190812797848", "799135046351", "682816785079", "637423407294", "590183797493"], var.cloud_account_id)
+    error_message = "Valid value is one of the following: N/A, 190812797848, 799135046351, 682816785079, 637423407294, 590183797493."
   }
 }