The AWSAT006 analyzer reports hardcoded AWS partition DNS suffixes. For tests
to work across AWS partitions, the DNS suffixes should not be hardcoded.
Flagged Code
func testAccAWSMisericordiamHumilitatemPulchritudo(name string) string {
return fmt.Sprintf(`
resource "aws_iam_role" "test" {
name = "%s"
assume_role_policy = <<POLICY
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": {
"Service": ""
"Action": "sts:AssumeRole"
`, name)
Passing Code
func testAccAWSMisericordiamHumilitatemPulchritudo(name string) string {
return fmt.Sprintf(`
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = "%s"
assume_role_policy = <<POLICY
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": {
"Service": "eks.${data.aws_partition.current.dns_suffix}"
"Action": "sts:AssumeRole"
`, name)
Ignoring Reports
Singular reports can be ignored by adding the a //lintignore:AWSAT006
Go code comment at the end of the offending line or on the line immediately proceding, e.g.
service = "" //lintignore:AWSAT006