IAM identity mappings not being created from `eksctl_cluster` resource

Question

IAM identity mappings not being created from `eksctl_cluster` resource

myisaak opened this issue 2 years ago · 0 comments

When adding an iamIdentityMapping field to the YAML spec in eksctl_cluster as follows:

resource "eksctl_cluster" "podly" {
  eksctl_bin = "eksctl"
  name = var.name
  version = "1.24"
  region = var.region
  spec = <<-EOS
  iamIdentityMappings:
    - arn: ${var.github_oidc_iam.role_arn}
      username: ${var.github_oidc_iam.username}
      groups:
        - system:masters
      noDuplicateARNs: true
  # rest of config...
  EOS
}

No IAM identity mapping is created. Confirm by running:

eksctl get iamidentitymapping --cluster <cluster_name> -o yaml

Current workaround is to manually create one:

eksctl create iamidentitymapping --cluster <cluster_name> --region <region> --arn <github_oidc_iam_role_arn> --group system:masters --username <github_oidc_iam_role_arn>

Could #22 have something to do with it? The iam_identity_mapping block seems redundant since eksctl config supports a iamIdentityMappings field without running the CLI.