Skip to content

Commit 2858498

Browse files
horike37horike37
authored
Merge pull request #97 from glb/85-use-partition-pseudo-parameter
fix: use AWS::Partition pseudo-parameter in ARNs
2 parents bd51680 + f40bbdf commit 2858498

24 files changed

+142
-97
lines changed

lib/package/dynamodb/compileIamRoleToDynamodb.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ module.exports = {
2626
Action: `dynamodb:${action}`,
2727
Resource: {
2828
'Fn::Sub': [
29-
'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
29+
'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
3030
{ tableName }
3131
]
3232
}

lib/package/dynamodb/compileIamRoleToDynamodb.test.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ describe('#compileIamRoleToDynamodb()', () => {
9696
Action: 'dynamodb:PutItem',
9797
Resource: {
9898
'Fn::Sub': [
99-
'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
99+
'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
100100
{
101101
tableName: { Ref: 'mytable' }
102102
}
@@ -108,7 +108,7 @@ describe('#compileIamRoleToDynamodb()', () => {
108108
Action: 'dynamodb:GetItem',
109109
Resource: {
110110
'Fn::Sub': [
111-
'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
111+
'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
112112
{
113113
tableName: 'mytable'
114114
}
@@ -120,7 +120,7 @@ describe('#compileIamRoleToDynamodb()', () => {
120120
Action: 'dynamodb:DeleteItem',
121121
Resource: {
122122
'Fn::Sub': [
123-
'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
123+
'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
124124
{
125125
tableName: 'mytable'
126126
}

lib/package/dynamodb/compileMethodsToDynamodb.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ module.exports = {
5353
},
5454
Uri: {
5555
'Fn::Sub': [
56-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
56+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
5757
{ action: http.action }
5858
]
5959
},

lib/package/dynamodb/compileMethodsToDynamodb.test.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ describe('#compileMethodsToDynamodb()', () => {
146146

147147
const uri = {
148148
'Fn::Sub': [
149-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
149+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
150150
{
151151
action: 'PutItem'
152152
}
@@ -183,7 +183,7 @@ describe('#compileMethodsToDynamodb()', () => {
183183

184184
const uri = {
185185
'Fn::Sub': [
186-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
186+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
187187
{
188188
action: 'GetItem'
189189
}
@@ -220,7 +220,7 @@ describe('#compileMethodsToDynamodb()', () => {
220220

221221
const uri = {
222222
'Fn::Sub': [
223-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
223+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
224224
{
225225
action: 'DeleteItem'
226226
}
@@ -757,7 +757,7 @@ describe('#compileMethodsToDynamodb()', () => {
757757
Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },
758758
Uri: {
759759
'Fn::Sub': [
760-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
760+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
761761
{ action: 'PutItem' }
762762
]
763763
},
@@ -873,7 +873,7 @@ describe('#compileMethodsToDynamodb()', () => {
873873
Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },
874874
Uri: {
875875
'Fn::Sub': [
876-
'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
876+
'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
877877
{ action: 'PutItem' }
878878
]
879879
},

lib/package/eventbridge/compileIamRoleToEventBridge.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ module.exports = {
1919

2020
const policyResource = eventBusNames.map((eventBusName) => ({
2121
'Fn::Sub': [
22-
'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
22+
'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
2323
{ eventBusName }
2424
]
2525
}))

lib/package/eventbridge/compileIamRoleToEventBridge.test.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,13 +83,13 @@ describe('#compileIamRoleToEventBridge()', () => {
8383
Resource: [
8484
{
8585
'Fn::Sub': [
86-
'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
86+
'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
8787
{ eventBusName: { Ref: 'EventBus1' } }
8888
]
8989
},
9090
{
9191
'Fn::Sub': [
92-
'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
92+
'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
9393
{ eventBusName: { Ref: 'EventBus2' } }
9494
]
9595
}

lib/package/eventbridge/compileMethodsToEventBridge.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ module.exports = {
5353
Type: 'AWS',
5454
Credentials: roleArn,
5555
Uri: {
56-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
56+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
5757
},
5858
PassthroughBehavior: 'NEVER',
5959
RequestParameters: {

lib/package/eventbridge/compileMethodsToEventBridge.test.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ describe('#compileMethodsToEventBridge()', () => {
6969
Type: 'AWS',
7070
Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
7171
Uri: {
72-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
72+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
7373
},
7474
PassthroughBehavior: 'NEVER',
7575
RequestParameters: {
@@ -189,7 +189,7 @@ describe('#compileMethodsToEventBridge()', () => {
189189
Type: 'AWS',
190190
Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
191191
Uri: {
192-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
192+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
193193
},
194194
PassthroughBehavior: 'NEVER',
195195
RequestParameters: {
@@ -308,7 +308,7 @@ describe('#compileMethodsToEventBridge()', () => {
308308
Type: 'AWS',
309309
Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
310310
Uri: {
311-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
311+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
312312
},
313313
PassthroughBehavior: 'NEVER',
314314
RequestParameters: {
@@ -687,7 +687,7 @@ describe('#compileMethodsToEventBridge()', () => {
687687
Type: 'AWS',
688688
Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
689689
Uri: {
690-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
690+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
691691
},
692692
PassthroughBehavior: 'NEVER',
693693
RequestParameters: {
@@ -794,7 +794,7 @@ describe('#compileMethodsToEventBridge()', () => {
794794
Type: 'AWS',
795795
Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
796796
Uri: {
797-
'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
797+
'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
798798
},
799799
PassthroughBehavior: 'NEVER',
800800
RequestParameters: {

lib/package/kinesis/compileIamRoleToKinesis.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ module.exports = {
1919

2020
const policyResource = kinesisStreamNames.map((streamName) => ({
2121
'Fn::Sub': [
22-
'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
22+
'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
2323
{ streamName }
2424
]
2525
}))

lib/package/kinesis/compileIamRoleToKinesis.test.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,13 +83,13 @@ describe('#compileIamRoleToKinesis()', () => {
8383
Resource: [
8484
{
8585
'Fn::Sub': [
86-
'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
86+
'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
8787
{ streamName: { Ref: 'KinesisStream1' } }
8888
]
8989
},
9090
{
9191
'Fn::Sub': [
92-
'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
92+
'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
9393
{ streamName: { Ref: 'KinesisStream2' } }
9494
]
9595
}

0 commit comments

Comments
 (0)