mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-01-16 00:34:31 +01:00
fix: Use IAM session context data source to resolve the identities role when using assumed_role (#2347)
This commit is contained in:
Bryant Biggs
@@ -270,6 +270,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
|
|||||||
| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
|
| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
|
||||||
| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||||
| [aws_iam_policy_document.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
| [aws_iam_policy_document.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||||
|
| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |
|
||||||
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
|
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
|
||||||
| [tls_certificate.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
|
| [tls_certificate.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
|
||||||
|
|
||||||
|
|||||||
10
main.tf
10
main.tf
@@ -1,6 +1,14 @@
|
|||||||
data "aws_partition" "current" {}
|
data "aws_partition" "current" {}
|
||||||
data "aws_caller_identity" "current" {}
|
data "aws_caller_identity" "current" {}
|
||||||
|
|
||||||
|
data "aws_iam_session_context" "current" {
|
||||||
|
# This data source provides information on the IAM source role of an STS assumed role
|
||||||
|
# For non-role ARNs, this data source simply passes the ARN through issuer ARN
|
||||||
|
# Ref https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2327#issuecomment-1355581682
|
||||||
|
# Ref https://github.com/hashicorp/terraform-provider-aws/issues/28381
|
||||||
|
arn = data.aws_caller_identity.current.arn
|
||||||
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
create = var.create && var.putin_khuylo
|
create = var.create && var.putin_khuylo
|
||||||
|
|
||||||
@@ -122,7 +130,7 @@ module "kms" {
|
|||||||
# Policy
|
# Policy
|
||||||
enable_default_policy = var.kms_key_enable_default_policy
|
enable_default_policy = var.kms_key_enable_default_policy
|
||||||
key_owners = var.kms_key_owners
|
key_owners = var.kms_key_owners
|
||||||
key_administrators = coalescelist(var.kms_key_administrators, [data.aws_caller_identity.current.arn])
|
key_administrators = coalescelist(var.kms_key_administrators, [data.aws_iam_session_context.current.issuer_arn])
|
||||||
key_users = concat([local.cluster_role], var.kms_key_users)
|
key_users = concat([local.cluster_role], var.kms_key_users)
|
||||||
key_service_users = var.kms_key_service_users
|
key_service_users = var.kms_key_service_users
|
||||||
source_policy_documents = var.kms_key_source_policy_documents
|
source_policy_documents = var.kms_key_source_policy_documents
|
||||||
|
|||||||
Reference in New Issue
Block a user