Fix/secrets policies (telia-oss#74)

feraudet · web-flow · commit f021b238fc03 · 2022-10-17T10:21:02.000+02:00
diff --git a/policies.tf b/policies.tf
@@ -91,7 +91,7 @@ data "aws_iam_policy_document" "task_container_secrets" {
 
     resources = concat(
       [data.aws_kms_key.task_container_secrets_key.arn],
-      [for i in var.task_container_secrets : i["valueFrom"]]
+      [for i in var.task_container_secrets : replace(i["valueFrom"], "/:[^:]+::$/", "")]
     )
     actions = [
       "secretsmanager:GetSecretValue",

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ data "aws_iam_policy_document" "task_container_secrets" {`
`91`	`91`
`92`	`92`	`resources = concat(`
`93`	`93`	`[data.aws_kms_key.task_container_secrets_key.arn],`
`94`		`- [for i in var.task_container_secrets : i["valueFrom"]]`
	`94`	`+ [for i in var.task_container_secrets : replace(i["valueFrom"], "/:[^:]+::$/", "")]`
`95`	`95`	`)`
`96`	`96`	`actions = [`
`97`	`97`	`"secretsmanager:GetSecretValue",`