Hardcoded aws_partition causes failures for aws-us-gov regions

[exzero16]

The below files have the AWS partition hardcoded to "arn:aws:". This breaks for customers in AWS GOV because the AWS partition for AWS US GOV is "arn:aws-us-gov:"

terraform-aws-cloud-modules\modules\fortigate\fgt_asg\main.tf:243: Resource = "arn:aws:logs:::"
terraform-aws-cloud-modules\modules\fortigate\fgt_asg\main.tf:278: Resource = "**arn:aws:events:::rule/**"

Suggestion:
replace hardcoded
arn:aws:
with
arn:${data.aws_partition.current.partition}: in the file above

add:
data "aws_partition" "current" {}

│ Error: putting IAM Role (lambda_terraform_module_fgt20260303184413379700000008) Policy (lambda_terraform_module_fgt20260303184414997600000012): operation error IAM: PutRolePolicy, https response error StatusCode: 400, RequestID: 58af8860-7aab-4c12-8d70-0f2b780fd5bb, MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:logs:::".
│
│ with module.fgt_asg["fgt_on_demand_asg"].aws_iam_role_policy.iam_policy,
│ on ....\modules\fortigate\fgt_asg\main.tf line 229, in resource "aws_iam_role_policy" "iam_policy":
│ 229: resource "aws_iam_role_policy" "iam_policy" {
│
│ Error: putting IAM Role (lambda_terraform_module_fgt20260303184413397900000009) Policy (lambda_terraform_module_fgt20260303184414935600000011): operation error IAM: PutRolePolicy, https response error StatusCode: 400, RequestID: de018b1d-d75c-4343-84df-367fec8f5d36, MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:logs:::".
│
│ with module.fgt_asg["fgt_byol_asg"].aws_iam_role_policy.iam_policy,
│ on ....\modules\fortigate\fgt_asg\main.tf line 229, in resource "aws_iam_role_policy" "iam_policy":
│ 229: resource "aws_iam_role_policy" "iam_policy" {
│
│ Error: creating Lambda Function (fgt_on_demand_asg_fgt-asg-lambda-internal): operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: a6cb17ba-0fb8-4dfd-8603-bc21ac9ef218, InvalidParameterValueException: The provided execution role does not have permissions to call CreateNetworkInterface on EC2
│
│ with module.fgt_asg["fgt_on_demand_asg"].aws_lambda_function.fgt_asg_lambda_internal,
│ on ....\modules\fortigate\fgt_asg\main.tf line 473, in resource "aws_lambda_function" "fgt_asg_lambda_internal":
│ 473: resource "aws_lambda_function" "fgt_asg_lambda_internal" {
│
│ Error: creating Lambda Function (fgt_byol_asg_fgt-asg-lambda-internal): operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: 6443762b-34e6-4a60-8ce3-ecdd00246192, InvalidParameterValueException: The provided execution role does not have permissions to call CreateNetworkInterface on EC2
│
│ with module.fgt_asg["fgt_byol_asg"].aws_lambda_function.fgt_asg_lambda_internal,
│ on ....\modules\fortigate\fgt_asg\main.tf line 473, in resource "aws_lambda_function" "fgt_asg_lambda_internal":
│ 473: resource "aws_lambda_function" "fgt_asg_lambda_internal" {
│

[lix-fortinet]

Hi @exzero16 ,

Thank you for raising this issue! We will fix it in the next release.

Thanks,
Xing

[lix-fortinet]

Hi @exzero16 ,

Release v1.1.5 fixed this issue. Please try it out and feel free to reopen this issue if the issue still exists on your side.

Thanks,
Xing