Skip to content

Commit 2a8266b

Browse files
authored
Consolidating the IAM role for customer connections in US and EU regions (#75)
* Consolidating the IAM role for customer connections in US and EU regions Consolidating the IAM role for customer connections in US and EU regions * updating IAM role permissions in main.tf * Update main.tf
1 parent 5cf15b8 commit 2a8266b

File tree

2 files changed

+2
-13
lines changed

2 files changed

+2
-13
lines changed

aws_datalake/modules/iam/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ data "aws_iam_policy_document" "segment_data_lake_assume_role_policy_document" {
2323

2424
principals {
2525
type = "AWS"
26-
identifiers = "${var.segment_region!= "eu-west-1" ? var.segment_aws_accounts : var.segment_eu_aws_accounts}"
26+
identifiers = var.segment_aws_accounts
2727
}
2828

2929
effect = "Allow"

aws_datalake/modules/iam/variables.tf

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,21 +9,10 @@ variable "segment_aws_accounts" {
99
type = list(string)
1010

1111
default = [
12-
"arn:aws:iam::294048959147:role/datalakes-aws-worker",
13-
"arn:aws:iam::294048959147:role/datalakes-customer-service",
14-
"arn:aws:iam::294048959147:role/customer-datalakes-prod-admin",
12+
"arn:aws:iam::595280932656:role/segment-datalakes-production-access",
1513
]
1614
}
1715

18-
variable "segment_eu_aws_accounts" {
19-
description = "ARN of the EU AWS accounts used by Segment to connect to your Data Lake."
20-
type = list(string)
21-
22-
default = [
23-
"arn:aws:iam::595280932656:role/segment-datalakes-production-access",
24-
]
25-
}
26-
2716
variable "segment_region" {
2817
description = "Region the Data Lake will be set up in"
2918
type = string

0 commit comments

Comments
 (0)