Commit f111832

authored

feat: Add default IRSA policy name, fix incorrect policy attachment for iam-user (#594)

1 parent 8b2ab9d commit f111832Copy full SHA for f111832

File tree

3 files changed

+25

-7

lines changed

modules
- iam-role-for-service-accounts
  - main.tf
- iam-user
  - README.md
  - main.tf

3 files changed

+25

-7

lines changed

`‎modules/iam-role-for-service-accounts/main.tf`

Lines changed: 22 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,28 @@ locals {`
`25`	`25`	`var.attach_velero_policy ? "Provides Velero permissions to backup and restore cluster resources" : null,`
`26`	`26`	`var.attach_vpc_cni_policy ? "Provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IPv4/IPv6 address configuration on your EKS worker nodes" : null,`
`27`	`27`	`), null)`
	`28`	`+`
	`29`	`+ policy_name = try(coalesce(`
	`30`	`+ var.policy_name,`
	`31`	`+ var.attach_aws_gateway_controller_policy ? "AWS_Gateway_Controller" : null,`
	`32`	`+ var.attach_cert_manager_policy ? "Cert_Manager" : null,`
	`33`	`+ var.attach_cluster_autoscaler_policy ? "Cluster_Autoscaler" : null,`
	`34`	`+ var.attach_ebs_csi_policy ? "EBS_CSI" : null,`
	`35`	`+ var.attach_efs_csi_policy ? "EFS_CSI" : null,`
	`36`	`+ var.attach_mountpoint_s3_csi_policy ? "Mountpoint_S3_CSI" : null,`
	`37`	`+ var.attach_external_dns_policy ? "External_DNS" : null,`
	`38`	`+ var.attach_external_secrets_policy ? "External_Secrets" : null,`
	`39`	`+ var.attach_fsx_lustre_csi_policy ? "FSX_Lustre_CSI" : null,`
	`40`	`+ var.attach_fsx_openzfs_csi_policy ? "FSX_OpenZFS_CSI" : null,`
	`41`	`+ var.attach_load_balancer_controller_policy ? "AWS_Load_Balancer_Controller" : null,`
	`42`	`+ var.attach_load_balancer_controller_targetgroup_binding_only_policy ? "AWS_LBC_TargetGroup_Binding_Only" : null,`
	`43`	`+ var.attach_amazon_managed_service_prometheus_policy ? "Amazon_Managed_Service_Prometheus" : null,`
	`44`	`+ var.attach_node_termination_handler_policy ? "Node_Termination_Handler" : null,`
	`45`	`+ var.attach_velero_policy ? "Velero" : null,`
	`46`	`+ var.attach_vpc_cni_policy ? "VPC_CNI_${var.vpc_cni_enable_ipv4 ? "IPv4" : "IPv6"}" : null,`
	`47`	`+ var.name,`
	`48`	`+ "default"`
	`49`	`+ ))`
`28`	`50`	`}`
`29`	`51`
`30`	`52`	`################################################################################`
`@@ -161,10 +183,6 @@ data "aws_iam_policy_document" "this" {`
`161`	`183`	`}`
`162`	`184`	`}`
`163`	`185`
`164`		`-locals {`
`165`		`- policy_name = try(coalesce(var.policy_name, var.name), "")`
`166`		`-}`
`167`		`-`
`168`	`186`	`resource "aws_iam_policy" "this" {`
`169`	`187`	`count = local.create_policy ? 1 : 0`
`170`	`188`

`‎modules/iam-user/README.md`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -50,9 +50,9 @@ No modules.`
`50`	`50`	`\| Name \| Type \|`
`51`	`51`	`\|------\|------\|`
`52`	`52`	`\| [aws_iam_access_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) \| resource \|`
`53`		`-\| [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) \| resource \|`
`54`	`53`	`\| [aws_iam_user.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) \| resource \|`
`55`	`54`	`\| [aws_iam_user_login_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile) \| resource \|`
	`55`	`+\| [aws_iam_user_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) \| resource \|`
`56`	`56`	`\| [aws_iam_user_ssh_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_ssh_key) \| resource \|`
`57`	`57`
`58`	`58`	`## Inputs`

`‎modules/iam-user/main.tf`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,10 +13,10 @@ resource "aws_iam_user" "this" {`
`13`	`13`	`tags = var.tags`
`14`	`14`	`}`
`15`	`15`
`16`		`-resource "aws_iam_role_policy_attachment" "additional" {`
	`16`	`+resource "aws_iam_user_policy_attachment" "additional" {`
`17`	`17`	`for_each = { for k, v in var.policies : k => v if var.create }`
`18`	`18`
`19`		`- role = aws_iam_user.this[0].name`
	`19`	`+ user = aws_iam_user.this[0].name`
`20`	`20`	`policy_arn = each.value`
`21`	`21`	`}`
`22`	`22`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit f111832

File tree

3 files changed

3 files changed

`‎modules/iam-role-for-service-accounts/main.tf`

`‎modules/iam-user/README.md`

`‎modules/iam-user/main.tf`

0 commit comments