fix: remove lookup of IAM account settings to fetch account ID as thi…

…s requires admin privileges (#751)
terraform-ibm-modules · Oct 21, 2024 · fb0cc4d · fb0cc4d
1 parent 62c5981
commit fb0cc4d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/solutions/secure-cross-regional-bucket/main.tf b/solutions/secure-cross-regional-bucket/main.tf
@@ -60,20 +60,22 @@ locals {
   }]
 }
 
+
 #######################################################################################################################
 # KMS Key
 #######################################################################################################################
 
-data "ibm_iam_account_settings" "iam_account_settings" {
-  count    = local.create_cross_account_auth_policy ? 1 : 0
-  provider = ibm.cos
+module "cos_crn_parser" {
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = var.existing_cos_instance_id
 }
 
 # Create IAM Authorization Policy to allow COS to access KMS for the encryption key
 resource "ibm_iam_authorization_policy" "cos_kms_policy" {
   count                       = local.create_cross_account_auth_policy ? 1 : 0
   provider                    = ibm.kms
-  source_service_account      = data.ibm_iam_account_settings.iam_account_settings[0].account_id
+  source_service_account      = module.cos_crn_parser.account_id
   source_service_name         = "cloud-object-storage"
   source_resource_instance_id = local.cos_instance_guid
   target_service_name         = local.kms_service_name

diff --git a/solutions/secure-regional-bucket/main.tf b/solutions/secure-regional-bucket/main.tf
@@ -68,16 +68,17 @@ locals {
 #######################################################################################################################
 # KMS Key
 #######################################################################################################################
-data "ibm_iam_account_settings" "iam_account_settings" {
-  count    = local.create_cross_account_auth_policy ? 1 : 0
-  provider = ibm.cos
+module "cos_crn_parser" {
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = var.existing_cos_instance_id
 }
 
 # Create IAM Authorization Policy to allow COS to access KMS for the encryption key
 resource "ibm_iam_authorization_policy" "cos_kms_policy" {
   count                       = local.create_cross_account_auth_policy ? 1 : 0
   provider                    = ibm.kms
-  source_service_account      = data.ibm_iam_account_settings.iam_account_settings[0].account_id
+  source_service_account      = module.cos_crn_parser.account_id
   source_service_name         = "cloud-object-storage"
   source_resource_instance_id = local.cos_instance_guid
   target_service_name         = local.kms_service_name