From 47ab3eb884ab243a99322998445127ea6802fcaf Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Mon, 16 Sep 2024 10:36:15 -0500
Subject: [PATCH] fix: Correct Karpenter EC2 service principal DNS suffix in
 non-commercial regions (#3157)

---
 .pre-commit-config.yaml   | 2 +-
 modules/karpenter/main.tf | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 28c6063b6d..9530aa8f8a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.95.0
+    rev: v1.96.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index fc4a5dca57..d03dfa49f8 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -4,6 +4,7 @@ data "aws_caller_identity" "current" {}
 
 locals {
   account_id = data.aws_caller_identity.current.account_id
+  dns_suffix = data.aws_partition.current.dns_suffix
   partition  = data.aws_partition.current.partition
   region     = data.aws_region.current.name
 }
@@ -286,7 +287,7 @@ data "aws_iam_policy_document" "node_assume_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
+      identifiers = ["ec2.${local.dns_suffix}"]
     }
   }
 }