fix: vault aws bound principle rename in IAM

johnalotoski · johnalotoski · commit 43b8bcd4a268 · 2022-07-26T16:19:31.000-05:00
* re-assigns vault auth/aws/role/$CLUSTER-client bound principle
to the new IAM role name introduced in PR#165: core-$CLUSTER-client
diff --git a/profiles/bootstrap/default.nix b/profiles/bootstrap/default.nix
@@ -260,7 +260,7 @@ in {
 
           vault write auth/aws/role/${config.cluster.name}-client \
             auth_type=iam \
-            bound_iam_principal_arn="$arn:role/${config.cluster.name}-client" \
+            bound_iam_principal_arn="$arn:role/core-${config.cluster.name}-client" \
             policies=default,client,nomad-server \
             period=24h || true # only available after 'tf.clients.apply'
 
