The access token is now passed in a http header (#83)

This is done to avoid exposure as the data.http.id (which contains the URL) in the logs.
cloudposse · Feb 1, 2024 · ece5d22 · ece5d22
1 parent 9cbefc9
commit ece5d22
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 10 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,7 @@
 # Crash log files
 crash.log
 test.log
+
+# MacOS service files
+.DS_Store
+
diff --git a/README.md b/README.md
@@ -115,7 +115,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.33.0 |
 
 ## Modules
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -11,7 +11,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.33.0 |
 
 ## Modules
 

diff --git a/modules/conformance-pack/main.tf b/modules/conformance-pack/main.tf
@@ -13,13 +13,7 @@ resource "aws_config_conformance_pack" "default" {
 }
 
 data "http" "conformance_pack" {
-  /*
-  To access a public GitHub repo the following URL is used:
-    https://raw.githubusercontent.com/<owner>/<repo>/<branch>/<path_to_file>
-  
-  To access a private GitHub repo an access token with appropriate permissions should be generated first and then provided in the url:
-    https://<private_access_token>@raw.githubusercontent.com/<owner>/<repo>/<branch>/<path_to_file>
-  */
 
-  url = var.access_token == "" ? var.conformance_pack : "${split("://", var.conformance_pack)[0]}://${var.access_token}@${split("://", var.conformance_pack)[1]}"
+  url             = var.conformance_pack
+  request_headers = var.access_token == "" ? {} : { Authorization = "token ${var.access_token}" }
 }