GitHub - ticketmaster/terraform-module-eks-iam-role: Module to create an IAM role for use with AWS IAM Roles for Service Accounts

Module to create an IAM role for use with AWS IAM Roles for Service Accounts

Usage

module "iam_role" {
  source = "https://github.com/Ticketmaster/terraform-module-eks-iam-role.git"
  role_name = "my-cross-account-role"
  eks_cluster_name = "my-eks-cluster"
  service_account_name = "myapp-serviceaccount"
  service_account_namespace = "default"
  iam_policy = "${data.aws_iam_policy_document.example.json}"
}

data "aws_iam_policy_document" "example" {
  statement {
    sid = "1"

    actions = [
      "s3:ListAllMyBuckets",
      "s3:GetBucketLocation",
    ]

    resources = [
      "arn:aws:s3:::*",
    ]
  }

  statement {
    actions = [
      "s3:ListBucket",
    ]

    resources = [
      "arn:aws:s3:::${var.s3_bucket_name}",
    ]

    condition {
      test     = "StringLike"
      variable = "s3:prefix"

      values = [
        "",
        "home/",
        "home/&{aws:username}/",
      ]
    }
  }

  statement {
    actions = [
      "s3:*",
    ]

    resources = [
      "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}",
      "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}/*",
    ]
  }
}

You'll also need to create a Service account on your cluster:

apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md
iam.tf		iam.tf
main.tf		main.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Usage

About

Releases

Packages

Languages

ticketmaster/terraform-module-eks-iam-role

Folders and files

Latest commit

History

Repository files navigation

Usage

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages