github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-29 13:41:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add AmazonEKSVPCResourceController to cluster policy to be able to set AWS Security Groups for pod (#1011)

Browse Source 
Co-authored-by: Thomas O'Neill <toneill@new-innov.com>
This commit is contained in:
Thomas O'Neill
2020-10-04 14:08:02 -04:00
committed by GitHub
parent bceb966dfd
commit 31ad394dbc
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cluster.tf
View File

@@ -43,6 +43,7 @@ resource "aws_eks_cluster" "this" {
aws_security_group_rule.cluster_https_worker_ingress, aws_security_group_rule.cluster_https_worker_ingress,
aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy, aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy,
aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy, aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,
aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy,
aws_cloudwatch_log_group.this aws_cloudwatch_log_group.this
] ]
} }
@@ -133,6 +134,12 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
role = local.cluster_iam_role_name role = local.cluster_iam_role_name
} }
resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSVPCResourceControllerPolicy" {
count = var.manage_cluster_iam_resources && var.create_eks ? 1 : 0
policy_arn = "${local.policy_arn_prefix}/AmazonEKSVPCResourceController"
role = local.cluster_iam_role_name
}
/* /*
Adding a policy to cluster IAM role that allow permissions Adding a policy to cluster IAM role that allow permissions
required to create AWSServiceRoleForElasticLoadBalancing service-linked role by EKS during ELB provisioning required to create AWSServiceRoleForElasticLoadBalancing service-linked role by EKS during ELB provisioning