From aa157f1954328ddb77fd5df59a0127bf98986eeb Mon Sep 17 00:00:00 2001
From: Tom von Schwerdtner <tomvons@gmail.com>
Date: Thu, 31 Jul 2025 12:03:37 -0400
Subject: [PATCH 1/6] Use provided region in aws:SourceArn condition

---
 modules/service/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index 6119c86..958d6bc 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -11,7 +11,6 @@ data "aws_caller_identity" "current" {
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   partition  = try(data.aws_partition.current[0].partition, "")
-  region     = try(data.aws_region.current[0].region, "")
 }
 
 ################################################################################
@@ -1184,7 +1183,7 @@ data "aws_iam_policy_document" "tasks_assume" {
     condition {
       test     = "ArnLike"
       variable = "aws:SourceArn"
-      values   = ["arn:${local.partition}:ecs:${local.region}:${local.account_id}:*"]
+      values   = ["arn:${local.partition}:ecs:${var.region}:${local.account_id}:*"]
     }
 
     condition {

From 0876baf08679db342896b60da787f1fb7d67bc71 Mon Sep 17 00:00:00 2001
From: Tom von Schwerdtner <tomvons@gmail.com>
Date: Thu, 31 Jul 2025 12:06:33 -0400
Subject: [PATCH 2/6] Remove un-used data source

---
 modules/service/main.tf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index 958d6bc..54f9eb7 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1,6 +1,3 @@
-data "aws_region" "current" {
-  count = var.create ? 1 : 0
-}
 data "aws_partition" "current" {
   count = var.create ? 1 : 0
 }

From 23494e6ac15f822e9f798b351e9cc13210f4810f Mon Sep 17 00:00:00 2001
From: Tom von Schwerdtner <tomvons@gmail.com>
Date: Thu, 31 Jul 2025 12:13:12 -0400
Subject: [PATCH 3/6] Update README

---
 modules/service/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/service/README.md b/modules/service/README.md
index 49e6c16..d188d33 100644
--- a/modules/service/README.md
+++ b/modules/service/README.md
@@ -222,7 +222,6 @@ module "ecs_service" {
 | [aws_iam_policy_document.tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.tasks_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
 
 ## Inputs

From 4d7f453cb46306c4acc163745e513815b23d1852 Mon Sep 17 00:00:00 2001
From: Tom von Schwerdtner <tomvons@gmail.com>
Date: Thu, 31 Jul 2025 12:18:18 -0400
Subject: [PATCH 4/6] Restore local.region

Given var.region can be null, add another try() to check for a provided value
before falling back to current region.
---
 modules/service/README.md | 1 +
 modules/service/main.tf   | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/service/README.md b/modules/service/README.md
index d188d33..49e6c16 100644
--- a/modules/service/README.md
+++ b/modules/service/README.md
@@ -222,6 +222,7 @@ module "ecs_service" {
 | [aws_iam_policy_document.tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.tasks_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
 
 ## Inputs
diff --git a/modules/service/main.tf b/modules/service/main.tf
index 54f9eb7..f6ae618 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1,3 +1,6 @@
+data "aws_region" "current" {
+  count = var.create ? 1 : 0
+}
 data "aws_partition" "current" {
   count = var.create ? 1 : 0
 }
@@ -8,6 +11,7 @@ data "aws_caller_identity" "current" {
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   partition  = try(data.aws_partition.current[0].partition, "")
+  region     = try(var.region, try(data.aws_region.current[0].region, ""))
 }
 
 ################################################################################
@@ -1180,7 +1184,7 @@ data "aws_iam_policy_document" "tasks_assume" {
     condition {
       test     = "ArnLike"
       variable = "aws:SourceArn"
-      values   = ["arn:${local.partition}:ecs:${var.region}:${local.account_id}:*"]
+      values   = ["arn:${local.partition}:ecs:${local.region}:${local.account_id}:*"]
     }
 
     condition {

From 95fac693c0b059de7aa9379119984128dc345942 Mon Sep 17 00:00:00 2001
From: Tom von Schwerdtner <tomvons@gmail.com>
Date: Thu, 31 Jul 2025 12:37:14 -0400
Subject: [PATCH 5/6] Fix logic

---
 modules/service/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index f6ae618..bbe654d 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -11,7 +11,7 @@ data "aws_caller_identity" "current" {
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   partition  = try(data.aws_partition.current[0].partition, "")
-  region     = try(var.region, try(data.aws_region.current[0].region, ""))
+  region     = var.region != null ? var.region : try(data.aws_region.current[0].region, "")
 }
 
 ################################################################################

From 86a4467c2ca58a1e1e32ed54bb27c9d702b0980f Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Thu, 31 Jul 2025 14:51:01 -0500
Subject: [PATCH 6/6] fix: Correct logic through region data source

---
 modules/service/main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index bbe654d..a920c9a 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1,4 +1,6 @@
 data "aws_region" "current" {
+  region = var.region
+
   count = var.create ? 1 : 0
 }
 data "aws_partition" "current" {
@@ -11,7 +13,7 @@ data "aws_caller_identity" "current" {
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   partition  = try(data.aws_partition.current[0].partition, "")
-  region     = var.region != null ? var.region : try(data.aws_region.current[0].region, "")
+  region     = try(data.aws_region.current[0].region, "")
 }
 
 ################################################################################