CN - SpokeRegistration Lambda - Policy statements for AWS organisation

[paulbaudrier]

Describe the bug

In the CN (China) variant of the AWS instance scheduler, the scheduler’s main stack creates a Lambda function "SpokeRegistration" along with an associated IAM role.
Normally, the policy associated with the role is configured to use the AWS Organization ID rather than a wildcard "" using condition.
However, in China regions, the policy appears to default to "", even though it's not explicitly specified as such.
This could lead to unintended access permissions without raising any error.

To Reproduce

Deploy the China-specific (CN) template for the Instance Scheduler solution in a China region (e.g., cn-north-1) with AWS Organization "active".
Observe the creation of the Lambda function "SpokeRegistration" and associated IAM role in the stack.
Note that the policy behaves using a wildcard "*" rather than the AWS Organization ID.

Expected behavior

The policy should respect the AWS Organization ID when AWS Organisation is active on template.

Please complete the following information about the solution:

Version: [v1.5.1]
Region: [cn-north-1]
Was the solution modified from the version published on this repository? No
If the answer to the previous question was yes, are the changes available on GitHub? N/A
Have you checked your service quotas for the services this solution uses? Yes
Were there any errors in the CloudWatch Logs? No, but the policy defaults to "*" implicitly.

Screenshots

N/A

Additional context

N/A

[CrypticCabub]

Thanks for reporting this issue. we will investigate further and add a fix to our backlog as soon as we can repduce the error

[CrypticCabub]

@paulbaudrier are you able to confirm which version of instance scheduler you are running? Your report mentions v1.5.1 but the description of the issue sounds much more like v3.0.x than 1.5.x