Chore/partitions and condition overrides (#44)

* adding partition and condition of module is disabled * adding partition and changing the condition if the module is disabled
cloudposse · Mar 7, 2024 · 02d0954 · 02d0954
1 parent 9644d94
commit 02d0954
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/eventbridge.tf b/eventbridge.tf
@@ -42,7 +42,7 @@ data "aws_iam_policy_document" "sns_kms_key_policy" {
 
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::${one(data.aws_caller_identity.this[*].account_id)}:root"]
+      identifiers = ["arn:${one(data.aws_partition.this[*].partition)}:iam::${one(data.aws_caller_identity.this[*].account_id)}:root"]
     }
   }
 

diff --git a/main.tf b/main.tf
@@ -40,7 +40,7 @@ locals {
   imported_findings_notification_arn = local.enable_notifications ? (var.imported_findings_notification_arn != null ? var.imported_findings_notification_arn : module.sns_topic[0].sns_topic.arn) : null
   enabled_standards_arns = toset([
     for standard in var.enabled_standards :
-    format("arn:%s:securityhub:%s::%s", one(data.aws_partition.this[*].partition), length(regexall("ruleset", standard)) == 0 ? one(data.aws_region.this[*].name) : "", standard)
+    format("arn:%s:securityhub:%s::%s", one(data.aws_partition.this[*].partition), length(regexall("ruleset", standard)) == 0 ? one(data.aws_region.this[*].name) : "", standard) if local.enabled
   ])
 }