github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-29 21:51:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add IRSA support (#632)

Browse Source
This commit is contained in:
Alaa Qutaish
2019-12-19 16:38:12 +01:00
committed by Max Williams
parent 77f947ec91
commit 583c32d286
4 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
irsa.tf Normal file
View File

@@ -0,0 +1,15 @@
# Enable IAM Roles for EKS Service-Accounts (IRSA).
# The Root CA Thumbprint for an OpenID Connect Identity Provider is currently
# Being passed as a default value which is the same for all regions and
# Is valid until (Jun 28 17:39:16 2034 GMT).
# https://crt.sh/?q=9E99A48A9960B14926BB7F3B02E22DA2B0AB7280
# https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
# https://github.com/terraform-providers/terraform-provider-aws/issues/10104
resource "aws_iam_openid_connect_provider" "oidc_provider" {
count = var.enable_irsa ? 1 : 0
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
url = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]
}