From 5189170e15d2a93c617891232ae75f070877269d Mon Sep 17 00:00:00 2001
From: Chris McKnight <cmckni3@gmail.com>
Date: Sun, 14 Jun 2020 01:54:38 -0500
Subject: [PATCH] fix(cloudtrail): Invalid arn partition for GovCloud (#8248)

Use partition ref for lambda and s3 data events

Closes #8247


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts |  4 +-
 .../aws-cloudtrail/test/cloudtrail.test.ts    | 45 +++++++++++++++++--
 2 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts b/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
index 3b3f39d64eb4c..a7c18b6b87609 100644
--- a/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
+++ b/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
@@ -345,7 +345,7 @@ export class Trail extends Resource {
    * @default false
    */
   public logAllLambdaDataEvents(options: AddEventSelectorOptions = {}) {
-    return this.addEventSelector(DataResourceType.LAMBDA_FUNCTION, [ 'arn:aws:lambda' ], options);
+    return this.addEventSelector(DataResourceType.LAMBDA_FUNCTION, [ `arn:${this.stack.partition}:lambda` ], options);
   }
 
   /**
@@ -372,7 +372,7 @@ export class Trail extends Resource {
    * @default false
    */
   public logAllS3DataEvents(options: AddEventSelectorOptions = {}) {
-    return this.addEventSelector(DataResourceType.S3_OBJECT, [ 'arn:aws:s3:::' ], options);
+    return this.addEventSelector(DataResourceType.S3_OBJECT, [ `arn:${this.stack.partition}:s3:::` ], options);
   }
 
   /**
diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
index 50c2b766bb4c3..b78f6a5f5a741 100644
--- a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
+++ b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
@@ -257,7 +257,20 @@ describe('cloudtrail', () => {
             {
               DataResources: [{
                 Type: 'AWS::S3::Object',
-                Values: [ 'arn:aws:s3:::' ],
+                Values: [
+                  {
+                    'Fn::Join': [
+                      '',
+                      [
+                        'arn:',
+                        {
+                          Ref: 'AWS::Partition',
+                        },
+                        ':s3:::',
+                      ],
+                    ],
+                  },
+                ],
               }],
               IncludeManagementEvents: ABSENT,
               ReadWriteType: ABSENT,
@@ -331,7 +344,20 @@ describe('cloudtrail', () => {
             {
               DataResources: [{
                 Type: 'AWS::S3::Object',
-                Values: [ 'arn:aws:s3:::' ],
+                Values: [
+                  {
+                    'Fn::Join': [
+                      '',
+                      [
+                        'arn:',
+                        {
+                          Ref: 'AWS::Partition',
+                        },
+                        ':s3:::',
+                      ],
+                    ],
+                  },
+                ],
               }],
               IncludeManagementEvents: false,
               ReadWriteType: 'ReadOnly',
@@ -391,7 +417,20 @@ describe('cloudtrail', () => {
             {
               DataResources: [{
                 Type: 'AWS::Lambda::Function',
-                Values: [ 'arn:aws:lambda' ],
+                Values: [
+                  {
+                    'Fn::Join': [
+                      '',
+                      [
+                        'arn:',
+                        {
+                          Ref: 'AWS::Partition',
+                        },
+                        ':lambda',
+                      ],
+                    ],
+                  },
+                ],
               }],
             },
           ],