github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-22 17:39:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make "dangerous" policy attachments optional (#539)

Browse Source
This commit is contained in:
Daniel Piddock
2019-10-04 14:25:19 +02:00
committed by Max Williams
parent 09635a36b7
commit 813c607e90
5 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workers.tf
View File

@@ -342,7 +342,7 @@ resource "aws_iam_role_policy_attachment" "workers_AmazonEKSWorkerNodePolicy" {
}
resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" {
count = var.manage_worker_iam_resources ? 1 : 0
count = var.manage_worker_iam_resources && var.attach_worker_cni_policy ? 1 : 0
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.workers[0].name
}
@@ -360,13 +360,13 @@ resource "aws_iam_role_policy_attachment" "workers_additional_policies" {
}
resource "aws_iam_role_policy_attachment" "workers_autoscaling" {
count = var.manage_worker_iam_resources ? 1 : 0
count = var.manage_worker_iam_resources && var.manage_worker_autoscaling_policy && var.attach_worker_autoscaling_policy ? 1 : 0
policy_arn = aws_iam_policy.worker_autoscaling[0].arn
role = aws_iam_role.workers[0].name
}
resource "aws_iam_policy" "worker_autoscaling" {
count = var.manage_worker_iam_resources ? 1 : 0
count = var.manage_worker_iam_resources && var.manage_worker_autoscaling_policy ? 1 : 0
name_prefix = "eks-worker-autoscaling-${aws_eks_cluster.this.name}"
description = "EKS worker node autoscaling policy for cluster ${aws_eks_cluster.this.name}"
policy = data.aws_iam_policy_document.worker_autoscaling.json