From 3b6e5033bb5652c2640b0b3304940a6e393346db Mon Sep 17 00:00:00 2001
From: Jooeun <jflow@hanyang.ac.kr>
Date: Wed, 20 May 2020 16:14:51 +0900
Subject: [PATCH 1/2] add usgov support

---
 examples/complete/init-tf-backend.tf |  6 +++---
 examples/complete/provider.tf        |  6 +++---
 examples/simple/init-tf-backend.tf   |  6 +++---
 examples/simple/provider.tf          |  6 +++---
 locals.tf                            |  3 +++
 main.tf                              | 18 +++++++++---------
 outputs.tf                           |  8 ++++----
 variables.tf                         |  6 ++++++
 8 files changed, 34 insertions(+), 25 deletions(-)
 create mode 100644 locals.tf

diff --git a/examples/complete/init-tf-backend.tf b/examples/complete/init-tf-backend.tf
index 7c4cb4c..325d22d 100644
--- a/examples/complete/init-tf-backend.tf
+++ b/examples/complete/init-tf-backend.tf
@@ -4,9 +4,9 @@ module "tfbackend" {
   source  = "tf-mod/tfbackend/aws"
   version = "1.0.0"
 
-  aws_account_id          = "${var.aws_account_id}"
-  bucket_name             = "${var.bucket_name}"
-  dynamodb_table          = "${var.dynamodb_table}"
+  aws_account_id          = var.aws_account_id
+  bucket_name             = var.bucket_name
+  dynamodb_table          = var.dynamodb_table
   dynamodb_read_capacity  = "10"
   dynamodb_write_capacity = "10"
 }
diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf
index 02c65e2..786d302 100644
--- a/examples/complete/provider.tf
+++ b/examples/complete/provider.tf
@@ -3,8 +3,8 @@ terraform {
 }
 
 provider "aws" {
-  region              = "${var.aws_region}"
-  profile             = "${var.aws_profile}"
-  allowed_account_ids = ["${var.aws_account_id}"]
+  region              = var.aws_region
+  profile             = var.aws_profile
+  allowed_account_ids = [var.aws_account_id]
   version             = ">= 1.15.0"
 }
diff --git a/examples/simple/init-tf-backend.tf b/examples/simple/init-tf-backend.tf
index 9d5f597..26ef5a7 100644
--- a/examples/simple/init-tf-backend.tf
+++ b/examples/simple/init-tf-backend.tf
@@ -4,7 +4,7 @@ module "tfbackend" {
   source  = "tf-mod/tfbackend/aws"
   version = "1.0.0"
 
-  aws_account_id = "${var.aws_account_id}"
-  bucket_name    = "${var.bucket_name}"
-  dynamodb_table = "${var.dynamodb_table}"
+  aws_account_id = var.aws_account_id
+  bucket_name    = var.bucket_name
+  dynamodb_table = var.dynamodb_table
 }
diff --git a/examples/simple/provider.tf b/examples/simple/provider.tf
index 02c65e2..786d302 100644
--- a/examples/simple/provider.tf
+++ b/examples/simple/provider.tf
@@ -3,8 +3,8 @@ terraform {
 }
 
 provider "aws" {
-  region              = "${var.aws_region}"
-  profile             = "${var.aws_profile}"
-  allowed_account_ids = ["${var.aws_account_id}"]
+  region              = var.aws_region
+  profile             = var.aws_profile
+  allowed_account_ids = [var.aws_account_id]
   version             = ">= 1.15.0"
 }
diff --git a/locals.tf b/locals.tf
new file mode 100644
index 0000000..b54a0a9
--- /dev/null
+++ b/locals.tf
@@ -0,0 +1,3 @@
+locals {
+    arn_prefix = format("arn:%s", lookup(var.tfbackends_opt, "account_code", "aws"))
+}
diff --git a/main.tf b/main.tf
index 17b41ac..e9e56e2 100644
--- a/main.tf
+++ b/main.tf
@@ -1,8 +1,8 @@
 # DynamoDB table for lock info storage
 resource "aws_dynamodb_table" "terraform_lock" {
-  name           = "${var.dynamodb_table}"
-  read_capacity  = "${var.dynamodb_read_capacity}"
-  write_capacity = "${var.dynamodb_write_capacity}"
+  name           = var.dynamodb_table
+  read_capacity  = var.dynamodb_read_capacity
+  write_capacity = var.dynamodb_write_capacity
   hash_key       = "LockID"
 
   attribute {
@@ -20,7 +20,7 @@ resource "aws_dynamodb_table" "terraform_lock" {
 
 # S3 bucket for storing terraform state
 resource "aws_s3_bucket" "terraform_state" {
-  bucket = "${var.bucket_name}"
+  bucket = var.bucket_name
 
   versioning {
     enabled = true
@@ -28,8 +28,8 @@ resource "aws_s3_bucket" "terraform_state" {
 }
 
 resource "aws_s3_bucket_policy" "bucket_policy" {
-  bucket = "${aws_s3_bucket.terraform_state.id}"
-  policy = "${data.aws_iam_policy_document.bucket_policy.json}"
+  bucket = aws_s3_bucket.terraform_state.id
+  policy = data.aws_iam_policy_document.bucket_policy.json
 }
 
 data "aws_iam_policy_document" "bucket_policy" {
@@ -40,15 +40,15 @@ data "aws_iam_policy_document" "bucket_policy" {
     ]
 
     resources = [
-      "arn:aws:s3:::${var.bucket_name}/*",
-      "arn:aws:s3:::${var.bucket_name}",
+      format("%s:s3:::%s/*", local.arn_prefix, var.bucket_name),
+      format("%s:s3:::%s", local.arn_prefix, var.bucket_name),
     ]
 
     principals {
       type = "AWS"
 
       identifiers = [
-        "arn:aws:iam::${var.aws_account_id}:root",
+        format("%s:iam::%s:root", local.arn_prefix, var.aws_account_id)
       ]
     }
   }
diff --git a/outputs.tf b/outputs.tf
index 1e6ce3d..e4f6a10 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,15 +1,15 @@
 output "bucket_name" {
-  value = "${aws_s3_bucket.terraform_state.id}"
+  value = aws_s3_bucket.terraform_state.id
 }
 
 output "bucket_arn" {
-  value = "${aws_s3_bucket.terraform_state.arn}"
+  value = aws_s3_bucket.terraform_state.arn
 }
 
 output "dynamodb_table" {
-  value = "${aws_dynamodb_table.terraform_lock.id}"
+  value = aws_dynamodb_table.terraform_lock.id
 }
 
 output "dynamodb_table_arn" {
-  value = "${aws_dynamodb_table.terraform_lock.arn}"
+  value = aws_dynamodb_table.terraform_lock.arn
 }
diff --git a/variables.tf b/variables.tf
index fe7895c..fef34b4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -19,3 +19,9 @@ variable "dynamodb_write_capacity" {
   description = "The write_capacity value for the DynamoDB table to store lock object"
   default     = 5
 }
+
+variable "tfbackends_opt" {
+  description = "The options for tfbackends. account_code for ARNs. China -> aws-cn, US GOV -> aws-us-gov"
+  type    = map(string)
+  default = {}
+}

From b5fff5a02a4b6c5d37cb1c6a0755ce53eb96aa00 Mon Sep 17 00:00:00 2001
From: Jooeun <jflow@hanyang.ac.kr>
Date: Wed, 20 May 2020 16:56:47 +0900
Subject: [PATCH 2/2] add data.aws_partition.current.partition

---
 locals.tf    | 3 ---
 main.tf      | 8 +++++---
 variables.tf | 6 ------
 3 files changed, 5 insertions(+), 12 deletions(-)
 delete mode 100644 locals.tf

diff --git a/locals.tf b/locals.tf
deleted file mode 100644
index b54a0a9..0000000
--- a/locals.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
-    arn_prefix = format("arn:%s", lookup(var.tfbackends_opt, "account_code", "aws"))
-}
diff --git a/main.tf b/main.tf
index e9e56e2..147e7e4 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,5 @@
+data "aws_partition" "current" {}
+
 # DynamoDB table for lock info storage
 resource "aws_dynamodb_table" "terraform_lock" {
   name           = var.dynamodb_table
@@ -40,15 +42,15 @@ data "aws_iam_policy_document" "bucket_policy" {
     ]
 
     resources = [
-      format("%s:s3:::%s/*", local.arn_prefix, var.bucket_name),
-      format("%s:s3:::%s", local.arn_prefix, var.bucket_name),
+      format("arn:%s:s3:::%s/*", data.aws_partition.current.partition, var.bucket_name),
+      format("arn:%s:s3:::%s", data.aws_partition.current.partition, var.bucket_name),
     ]
 
     principals {
       type = "AWS"
 
       identifiers = [
-        format("%s:iam::%s:root", local.arn_prefix, var.aws_account_id)
+        format("arn:%s:iam::%s:root", data.aws_partition.current.partition, var.aws_account_id)
       ]
     }
   }
diff --git a/variables.tf b/variables.tf
index fef34b4..fe7895c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -19,9 +19,3 @@ variable "dynamodb_write_capacity" {
   description = "The write_capacity value for the DynamoDB table to store lock object"
   default     = 5
 }
-
-variable "tfbackends_opt" {
-  description = "The options for tfbackends. account_code for ARNs. China -> aws-cn, US GOV -> aws-us-gov"
-  type    = map(string)
-  default = {}
-}