feat: Add support for custom IAM role policy (#3087)

2026-03-21 17:09:04 +01:00 · 2024-07-02 10:56:19 -04:00
parent 17448b4782
commit 1604c6cdc8
15 changed files with 314 additions and 1 deletions
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -383,6 +383,47 @@ data "aws_iam_policy_document" "controller" {
    resources = ["arn:${local.partition}:eks:${local.region}:${local.account_id}:cluster/${var.cluster_name}"]
    actions   = ["eks:DescribeCluster"]
  }
+
+  dynamic "statement" {
+    for_each = var.iam_policy_statements
+
+    content {
+      sid           = try(statement.value.sid, null)
+      actions       = try(statement.value.actions, null)
+      not_actions   = try(statement.value.not_actions, null)
+      effect        = try(statement.value.effect, null)
+      resources     = try(statement.value.resources, null)
+      not_resources = try(statement.value.not_resources, null)
+
+      dynamic "principals" {
+        for_each = try(statement.value.principals, [])
+
+        content {
+          type        = principals.value.type
+          identifiers = principals.value.identifiers
+        }
+      }
+
+      dynamic "not_principals" {
+        for_each = try(statement.value.not_principals, [])
+
+        content {
+          type        = not_principals.value.type
+          identifiers = not_principals.value.identifiers
+        }
+      }
+
+      dynamic "condition" {
+        for_each = try(statement.value.conditions, [])
+
+        content {
+          test     = condition.value.test
+          values   = condition.value.values
+          variable = condition.value.variable
+        }
+      }
+    }
+  }
 }

 resource "aws_iam_policy" "controller" {