From 93ffdfc6fa380cb0b73df7380e7e62302ebb1a98 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 5 Jul 2024 14:36:49 -0400 Subject: [PATCH] fix: Revert #3058 - fix: Invoke aws_iam_session_context data source only when required (#3092) fix: Revert #3058 --- main.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index ef8b1f6095..4cb1200327 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,6 @@ data "aws_partition" "current" {} data "aws_caller_identity" "current" {} data "aws_iam_session_context" "current" { - count = (var.create && var.enable_cluster_creator_admin_permissions) || (var.create && var.create_kms_key && local.enable_cluster_encryption_config) ? 1 : 0 # This data source provides information on the IAM source role of an STS assumed role # For non-role ARNs, this data source simply passes the ARN through issuer ARN # Ref https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2327#issuecomment-1355581682 @@ -148,7 +147,7 @@ locals { # better controlled by users through Terraform bootstrap_cluster_creator_admin_permissions = { cluster_creator = { - principal_arn = data.aws_iam_session_context.current[0].issuer_arn + principal_arn = data.aws_iam_session_context.current.issuer_arn type = "STANDARD" policy_associations = { @@ -237,7 +236,7 @@ module "kms" { # Policy enable_default_policy = var.kms_key_enable_default_policy key_owners = var.kms_key_owners - key_administrators = coalescelist(var.kms_key_administrators, [data.aws_iam_session_context.current[0].issuer_arn]) + key_administrators = coalescelist(var.kms_key_administrators, [data.aws_iam_session_context.current.issuer_arn]) key_users = concat([local.cluster_role], var.kms_key_users) key_service_users = var.kms_key_service_users source_policy_documents = var.kms_key_source_policy_documents