Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Correct Karpenter EC2 service principal DNS suffix in non-commercial regions #3157

Merged
merged 1 commit into from
Sep 16, 2024
Merged

fix: Correct Karpenter EC2 service principal DNS suffix in non-commercial regions #3157

merged 1 commit into from
Sep 16, 2024
+3 −2

Conversation

bryantbiggs
Copy link
Member

Description

  • Correct Karpenter EC2 service principal DNS suffix in non-commercial regions

Motivation and Context

Breaking Changes

  • No

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@bryantbiggs bryantbiggs merged commit 47ab3eb into terraform-aws-modules:master Sep 16, 2024
17 checks passed
@bryantbiggs bryantbiggs deleted the fix/karpenter-role-china branch September 16, 2024 15:36
antonbabenko pushed a commit that referenced this pull request Sep 16, 2024
@semantic-release-bot
chore(release): version 20.24.1 [skip ci]
2965d99 
## [20.24.1](v20.24.0...v20.24.1) (2024-09-16)

### Bug Fixes

* Correct Karpenter EC2 service principal DNS suffix in non-commercial regions ([#3157](#3157)) ([47ab3eb](47ab3eb))
@antonbabenko
Copy link
Member

This PR is included in version 20.24.1 🎉

@raonitimo
Copy link

Maybe having both names would be better. Found this in AWS doc:

Service principals in policies – In IAM policies where the principal is a service, the service principal name can include the following formats, with "service" replaced by the name of the service:

service.amazonaws.com

service.amazonaws.com.cn

Do not try to guess the service principal, because it is case sensitive and the format can vary across Amazon services. The service principal is defined by the service. To learn the service principal for a service, see the documentation for that service. For some services, see [Amazon services that work with IAM](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) and look for the services that have Yes in the Service-linked role column. Choose a Yes with a link to view the service-linked role documentation for that service. View the Service-linked role permissions section for that service to view the service principal.

@bryantbiggs
Copy link
Member Author

Why is that better?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonbabenko antonbabenko antonbabenko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Karpenter role doesn't work in China
3 participants
@bryantbiggs @antonbabenko @raonitimo