gruntwork-io · Resonance1584 · Jan 9, 2026 · Dec 19, 2025 · Dec 19, 2025 · Jan 9, 2026
@@ -3,6 +3,9 @@ locals {
   terragrunt_scale_catalog_url = try(values.terragrunt_scale_catalog_url, "github.com/gruntwork-io/terragrunt-scale-catalog")
   terragrunt_scale_catalog_ref = try(values.terragrunt_scale_catalog_ref, "v1.3.1")
 
+  // AWS account values
+  aws_account_id = values.aws_account_id
+
   // OIDC values
   oidc_resource_prefix = try(values.oidc_resource_prefix, "pipelines")
 
@@ -99,6 +102,9 @@ unit "plan_iam_role" {
 
     iam_openid_connect_provider_config_path = "../../oidc-provider"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_openid_connect_provider_arn = "arn:aws:iam::${local.aws_account_id}:oidc-provider/${local.github_token_actions_domain}"
+
     name = "${local.oidc_resource_prefix}-plan"
 
     condition_operator = "StringLike"
@@ -137,6 +143,10 @@ unit "plan_iam_role_policy_attachment" {
     iam_role_config_path   = "../iam-role"
     iam_policy_config_path = "../iam-policy"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_role_name   = "${local.oidc_resource_prefix}-plan"
+    mock_iam_policy_arn  = "arn:aws:iam::${local.aws_account_id}:policy/${local.oidc_resource_prefix}-plan"
+
     import_arn = local.plan_iam_role_policy_attachment_import_arn
   }
 }
@@ -151,6 +161,9 @@ unit "apply_iam_role" {
 
     iam_openid_connect_provider_config_path = "../../oidc-provider"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_openid_connect_provider_arn = "arn:aws:iam::${local.aws_account_id}:oidc-provider/${local.github_token_actions_domain}"
+
     name = "${local.oidc_resource_prefix}-apply"
 
     sub_key   = local.sub_key
@@ -189,6 +202,10 @@ unit "apply_iam_role_policy_attachment" {
     iam_role_config_path   = "../iam-role"
     iam_policy_config_path = "../iam-policy"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_role_name   = "${local.oidc_resource_prefix}-apply"
+    mock_iam_policy_arn  = "arn:aws:iam::${local.aws_account_id}:policy/${local.oidc_resource_prefix}-apply"
+
     import_arn = local.apply_iam_role_policy_attachment_import_arn
   }
 }
@@ -3,6 +3,9 @@ locals {
   terragrunt_scale_catalog_url = try(values.terragrunt_scale_catalog_url, "github.com/gruntwork-io/terragrunt-scale-catalog")
   terragrunt_scale_catalog_ref = try(values.terragrunt_scale_catalog_ref, "v1.3.1")
 
+  // AWS account values
+  aws_account_id = values.aws_account_id
+
   // OIDC values
   oidc_resource_prefix = try(values.oidc_resource_prefix, "pipelines")
 
@@ -73,6 +76,9 @@ unit "plan_iam_role" {
 
     iam_openid_connect_provider_config_path = "../../oidc-provider"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_openid_connect_provider_arn = "arn:aws:iam::${local.aws_account_id}:oidc-provider/${local.gitlab_server_domain}"
+
     name = "${local.oidc_resource_prefix}-plan"
 
     condition_operator = "StringLike"
@@ -106,6 +112,10 @@ unit "plan_iam_role_policy_attachment" {
 
     iam_role_config_path   = "../iam-role"
     iam_policy_config_path = "../iam-policy"
+
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_role_name   = "${local.oidc_resource_prefix}-plan"
+    mock_iam_policy_arn  = "arn:aws:iam::${local.aws_account_id}:policy/${local.oidc_resource_prefix}-plan"
   }
 }
 
@@ -119,6 +129,9 @@ unit "apply_iam_role" {
 
     iam_openid_connect_provider_config_path = "../../oidc-provider"
 
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_openid_connect_provider_arn = "arn:aws:iam::${local.aws_account_id}:oidc-provider/${local.gitlab_server_domain}"
+
     name = "${local.oidc_resource_prefix}-apply"
 
     sub_key   = local.sub_key
@@ -152,5 +165,9 @@ unit "apply_iam_role_policy_attachment" {
 
     iam_role_config_path   = "../iam-role"
     iam_policy_config_path = "../iam-policy"
+
+    // Used to generate accurate mock values; actual values come from dependencies
+    mock_iam_role_name   = "${local.oidc_resource_prefix}-apply"
+    mock_iam_policy_arn  = "arn:aws:iam::${local.aws_account_id}:policy/${local.oidc_resource_prefix}-apply"
   }
 }
@@ -291,4 +291,3 @@ unit "apply_service_principal_to_apply_custom_role_assignment" {
     description          = "Assign custom apply role to service principal at the subscription scope"
   }
 }
-
@@ -11,6 +11,8 @@ stack "bootstrap" {
   values = {
     terragrunt_scale_catalog_ref = "{{ .TerragruntScaleCatalogRef }}"
 
+    aws_account_id = "{{ .AWSAccountID }}"
+
     oidc_resource_prefix = "{{ .OIDCResourcePrefix }}"
 
     github_org_name  = "{{ .GitHubOrgName }}"

@@ -9,6 +9,8 @@ stack "bootstrap" {
   path   = "bootstrap"
 
   values = {
+    aws_account_id = "{{ .AWSAccountID }}"
+
     oidc_resource_prefix = "{{ .OIDCResourcePrefix }}"
 
     gitlab_group_name   = "{{ .GitLabGroupName }}"

@@ -22,7 +22,7 @@ dependency "iam_openid_connect_provider" {
   config_path = values.iam_openid_connect_provider_config_path
 
   mock_outputs = {
-    arn = "arn:aws:iam::123456789012:oidc-provider/mock-oidc-provider"
+    arn = try(values.mock_iam_openid_connect_provider_arn, "arn:aws:iam::123456789012:oidc-provider/mock-oidc-provider")
   }
 }
 

@@ -10,15 +10,15 @@ dependency "iam_role" {
   config_path = values.iam_role_config_path
 
   mock_outputs = {
-    name = "mock-role"
+    name = try(values.mock_iam_role_name, "mock-role")
   }
 }
 
 dependency "iam_policy" {
   config_path = values.iam_policy_config_path
 
   mock_outputs = {
-    arn = "arn:aws:iam::123456789012:policy/mock-policy"
+    arn = try(values.mock_iam_policy_arn, "arn:aws:iam::123456789012:policy/mock-policy")
   }
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -291,4 +291,3 @@ unit "apply_service_principal_to_apply_custom_role_assignment" {
		description = "Assign custom apply role to service principal at the subscription scope"
		}
		}