Creates a trust policy for an IAM role that can be assumed by a Kubernetes service account.
The cluster OIDC provider value can be found with the command:
aws eks describe-cluster \
--name "${CLUSTER_NAME}" \
--query "cluster.identity.oidc.issuer" \
--output text | sed -e "s/^https:\\/\\///"Example:
module "k8s_assume_role_policy" {
source = "github.com/andreswebs/terraform-aws-eks-irsa-policy-document"
k8s_sa_name = "hyperapp"
k8s_sa_namespace = "frontend"
cluster_oidc_provider = var.cluster_oidc_provider
}
resource "aws_iam_role" "hyperapp" {
name = "hyperapp"
assume_role_policy = module.k8s_assume_role_policy.json
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_oidc_provider | OpenID Connect (OIDC) Identity Provider associated with the Kubernetes cluster | string |
n/a | yes |
| k8s_sa_name | Name of the Kubernetes service account | string |
"default" |
no |
| k8s_sa_namespace | Namespace of the Kubernetes namespace | string |
"default" |
no |
No modules.
| Name | Description |
|---|---|
| json | The IAM policy JSON contents |
| k8s_sa_name | Name of the Kubernetes service account |
| k8s_sa_namespace | Namespace of the Kubernetes namespace |
| oidc_provider | Cluster OIDC provider |
| Name | Version |
|---|---|
| aws | >= 3.50.0 |
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 3.50.0 |
| Name | Type |
|---|---|
| aws_caller_identity.current | data source |
| aws_iam_policy_document.this | data source |
| aws_partition.current | data source |
Andre Silva - @andreswebs
This project is licensed under the Unlicense.