Support custom IAM roles for cluster and workers (#338)

* allow specifying custom worker IAM instance profiles * allow specifying custom cluster IAM role * add doc * update changelog * use data.aws_iam_instance_profile.name
2026-03-27 03:41:05 +01:00 · 2019-05-07 05:46:06 -07:00
parent 613fb1ca96
commit 959e5330e3
10 changed files with 62 additions and 14 deletions
--- a/cluster.tf
+++ b/cluster.tf
@@ -1,7 +1,7 @@
 resource "aws_eks_cluster" "this" {
  name                      = "${var.cluster_name}"
  enabled_cluster_log_types = "${var.cluster_enabled_log_types}"
-  role_arn                  = "${aws_iam_role.cluster.arn}"
+  role_arn                  = "${local.cluster_iam_role_arn}"
  version                   = "${var.cluster_version}"

  vpc_config {
@@ -58,14 +58,17 @@ resource "aws_iam_role" "cluster" {
  permissions_boundary  = "${var.permissions_boundary}"
  path                  = "${var.iam_path}"
  force_detach_policies = true
+  count                 = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }

 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = "${aws_iam_role.cluster.name}"
+  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }

 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
  role       = "${aws_iam_role.cluster.name}"
+  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }