Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andreswebs/terraform-aws-eks-irsa-policy-document

Creates a trust policy for an IAM role that can be assumed by a Kubernetes service account
https://github.com/andreswebs/terraform-aws-eks-irsa-policy-document

aws eks kubernetes terraform

Last synced: about 2 months ago
JSON representation

Creates a trust policy for an IAM role that can be assumed by a Kubernetes service account

Host: GitHub
URL: https://github.com/andreswebs/terraform-aws-eks-irsa-policy-document
Owner: andreswebs
License: unlicense
Created: 2021-07-20T12:59:53.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-04-17T11:14:25.000Z (9 months ago)
Last Synced: 2024-08-17T01:02:16.527Z (5 months ago)
Topics: aws, eks, kubernetes, terraform
Language: HCL
Homepage: https://registry.terraform.io/modules/andreswebs/eks-irsa-policy-document/aws/latest
Size: 19.5 KB
Stars: 2
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- Security: SECURITY.md

Awesome Lists containing this project

README

        # terraform-aws-eks-irsa-policy-document

[//]: # (BEGIN_TF_DOCS)

Creates a trust policy for an IAM role that can be assumed by

a Kubernetes service account.

The cluster OIDC provider value can be found with the

command:

```sh

aws eks describe-cluster \

  --name "${CLUSTER_NAME}" \

  --query "cluster.identity.oidc.issuer" \

  --output text | sed -e "s/^https:\\/\\///"

```

## Usage

Example:

```hcl

module "k8s_assume_role_policy" {

  source                = "github.com/andreswebs/terraform-aws-eks-irsa-policy-document"

  k8s_sa_name           = "hyperapp"

  k8s_sa_namespace      = "frontend"

  cluster_oidc_provider = var.cluster_oidc_provider

}

resource "aws_iam_role" "hyperapp" {

  name               = "hyperapp"

  assume_role_policy = module.k8s_assume_role_policy.json

}

```

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cluster\_oidc\_provider](#input\_cluster\_oidc\_provider) | OpenID Connect (OIDC) Identity Provider associated with the Kubernetes cluster | `string` | n/a | yes |

|  [k8s\_sa\_name](#input\_k8s\_sa\_name) | Name of the Kubernetes service account | `string` | `"default"` | no |

|  [k8s\_sa\_namespace](#input\_k8s\_sa\_namespace) | Namespace of the Kubernetes namespace | `string` | `"default"` | no |

## Modules

No modules.

## Outputs

| Name | Description |

|------|-------------|

|  [json](#output\_json) | The IAM policy JSON contents |

|  [k8s\_sa\_name](#output\_k8s\_sa\_name) | Name of the Kubernetes service account |

|  [k8s\_sa\_namespace](#output\_k8s\_sa\_namespace) | Namespace of the Kubernetes namespace |

|  [oidc\_provider](#output\_oidc\_provider) | Cluster OIDC provider |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 3.50.0 |

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0.0 |

|  [aws](#requirement\_aws) | >= 3.50.0 |

## Resources

| Name | Type |

|------|------|

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

[//]: # (END_TF_DOCS)

## Authors

**Andre Silva** - [@andreswebs](https://github.com/andreswebs)

## License

This project is licensed under the [Unlicense](UNLICENSE.md).