From 405e170f90a6b0ac0ef9b1e63e622996bf28dabe Mon Sep 17 00:00:00 2001
From: Max Williams <max.williams@deliveryhero.com>
Date: Thu, 30 Aug 2018 11:23:10 +0200
Subject: [PATCH] Adding aws_iam_service_linked_role to fix ELB creation error
 (#91)

* adding aws_iam_service_linked_role to fix ELB creation error

* setting default to false

* updating changelog

* moving resource to cluster.tf file
---
 CHANGELOG.md | 1 +
 README.md    | 1 +
 cluster.tf   | 5 +++++
 variables.tf | 5 +++++
 4 files changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ffb645..7faab14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - add spot_price option to aws_launch_configuration
 - add enable_monitoring option to aws_launch_configuration
 - add t3 instance class settings
+- add aws_iam_service_linked_role for elasticloadbalancing. (by @max-rocket-internet)
 - Added autoscaling policies into module that are optionally attached when enabled for a worker group. (by @max-rocket-internet)
 
 ### Changed
diff --git a/README.md b/README.md
index eac2e88..d4b8224 100644
--- a/README.md
+++ b/README.md
@@ -102,6 +102,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster_security_group_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `` | no |
 | cluster_version | Kubernetes version to use for the EKS cluster. | string | `1.10` | no |
 | config_output_path | Determines where config files are placed if using configure_kubectl_session and you want config files to land outside the current working directory. Should end in a forward slash / . | string | `./` | no |
+| create_elb_service_linked_role | Whether to create the service linked role for the elasticloadbalancing service. Without this EKS cannot create ELBs. | string | `false` | no |
 | kubeconfig_aws_authenticator_additional_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `<list>` | no |
 | kubeconfig_aws_authenticator_command | Command to use to to fetch AWS EKS credentials. | string | `aws-iam-authenticator` | no |
 | kubeconfig_aws_authenticator_env_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `<map>` | no |
diff --git a/cluster.tf b/cluster.tf
index 756991f..f6d8b41 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -58,3 +58,8 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
   role       = "${aws_iam_role.cluster.name}"
 }
+
+resource "aws_iam_service_linked_role" "elasticloadbalancing" {
+  count            = "${var.create_elb_service_linked_role}"
+  aws_service_name = "elasticloadbalancing.amazonaws.com"
+}
diff --git a/variables.tf b/variables.tf
index 31eb15d..b23cf47 100644
--- a/variables.tf
+++ b/variables.tf
@@ -22,6 +22,11 @@ variable "write_kubeconfig" {
   default     = true
 }
 
+variable "create_elb_service_linked_role" {
+  description = "Whether to create the service linked role for the elasticloadbalancing service. Without this EKS cannot create ELBs."
+  default     = false
+}
+
 variable "manage_aws_auth" {
   description = "Whether to write and apply the aws-auth configmap file."
   default     = true