Using Pseudo Function to get Service URL Domain (#6632)

Co-authored-by: Himani Anil Deshpande <himanidp@amazon.com>
aws · Jan 3, 2025 · 28330be · 28330be
1 parent b4402b4
commit 28330be
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/cloudformation/ad/ad-integration.yaml b/cloudformation/ad/ad-integration.yaml
@@ -358,7 +358,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: ec2.amazonaws.com
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: "2012-10-17"
       ManagedPolicyArns:
         - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore

diff --git a/cloudformation/proxy/proxy.yaml b/cloudformation/proxy/proxy.yaml
@@ -170,7 +170,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: ec2.amazonaws.com
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: 2012-10-17
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
@@ -189,7 +189,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: ec2.amazonaws.com
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: 2012-10-17
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

diff --git a/tests/iam_policies/cluster-roles.cfn.yaml b/tests/iam_policies/cluster-roles.cfn.yaml
@@ -59,7 +59,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: !If [ GovCloud, 'ec2.amazonaws-us-gov.com', !If [ China, 'ec2.amazonaws.cn', 'ec2.amazonaws.com']]
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: '2012-10-17'
       Path: /parallelcluster/
       ManagedPolicyArns:
@@ -105,7 +105,7 @@ Resources:
                 Condition:
                   StringEquals:
                     iam:PassedToService:
-                      - !If [ GovCloud, 'ec2.amazonaws-us-gov.com', !If [ China, 'ec2.amazonaws.cn', 'ec2.amazonaws.com']]
+                      - !Sub ec2.${AWS::URLSuffix}
               - Action:
                   - ec2:DescribeInstances
                   - ec2:DescribeInstanceStatus
@@ -147,7 +147,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: !If [ GovCloud, 'ec2.amazonaws-us-gov.com', !If [ China, 'ec2.amazonaws.cn', 'ec2.amazonaws.com']]
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: '2012-10-17'
       Path: /parallelcluster/
       ManagedPolicyArns:
@@ -235,7 +235,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: !If [ GovCloud, 'ec2.amazonaws-us-gov.com', !If [ China, 'ec2.amazonaws.cn', 'ec2.amazonaws.com']]
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: '2012-10-17'
       Path: /parallelcluster/
       ManagedPolicyArns:

diff --git a/...tests/ad_integration/test_ad_integration/test_ad_integration_on_login_nodes/ad_stack.yaml b/...tests/ad_integration/test_ad_integration/test_ad_integration_on_login_nodes/ad_stack.yaml
@@ -73,7 +73,7 @@ Resources:
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
-              Service: ec2.amazonaws.com
+              Service: !Sub ec2.${AWS::URLSuffix}
         Version: "2012-10-17"
       ManagedPolicyArns:
         - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore