Support custom IAM roles for cluster and workers (#338)

* allow specifying custom worker IAM instance profiles

* allow specifying custom cluster IAM role

* add doc

* update changelog

* use data.aws_iam_instance_profile.name

local.tf

@@ -5,6 +5,9 @@ locals {
   # to workaround terraform not supporting short circut evaluation
   cluster_security_group_id = "${coalesce(join("", aws_security_group.cluster.*.id), var.cluster_security_group_id)}"
 
+  cluster_iam_role_name = "${coalesce(join("", aws_iam_role.cluster.*.name), var.cluster_iam_role_name)}"
+  cluster_iam_role_arn  = "${coalesce(join("", aws_iam_role.cluster.*.arn), join("", data.aws_iam_role.custom_cluster_iam_role.*.arn))}"
+
   worker_security_group_id = "${coalesce(join("", aws_security_group.workers.*.id), var.worker_security_group_id)}"
   default_iam_role_id      = "${element(concat(aws_iam_role.workers.*.id, list("")), 0)}"
   kubeconfig_name          = "${var.kubeconfig_name == "" ? "eks_${var.cluster_name}" : var.kubeconfig_name}"
@@ -34,7 +37,8 @@ locals {
     autoscaling_enabled           = false                           # Sets whether policy and matching tags will be added to allow autoscaling.
     additional_security_group_ids = ""                              # A comma delimited list of additional security group ids to include in worker launch config
     protect_from_scale_in         = false                           # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible.
-    iam_role_id                   = "${local.default_iam_role_id}"  # Use the specified IAM role if set.
+    iam_instance_profile_name     = ""                              # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id.
+    iam_role_id                   = "${local.default_iam_role_id}"  # A custom IAM role id. Incompatible with iam_instance_profile_name.
     suspended_processes           = "AZRebalance"                   # A comma delimited string of processes to to suspend. i.e. AZRebalance,HealthCheck,ReplaceUnhealthy
     target_group_arns             = ""                              # A comma delimited list of ALB target group ARNs to be associated to the ASG
     enabled_metrics               = ""                              # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity
@@ -79,7 +83,8 @@ locals {
     autoscaling_enabled                      = false                                         # Sets whether policy and matching tags will be added to allow autoscaling.
     additional_security_group_ids            = ""                                            # A comma delimited list of additional security group ids to include in worker launch config
     protect_from_scale_in                    = false                                         # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible.
-    iam_role_id                              = "${local.default_iam_role_id}"                # Use the specified IAM role if set.
+    iam_instance_profile_name                = ""                                            # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id.
+    iam_role_id                              = "${local.default_iam_role_id}"                # A custom IAM role id. Incompatible with iam_instance_profile_name.
     suspended_processes                      = "AZRebalance"                                 # A comma delimited string of processes to to suspend. i.e. AZRebalance,HealthCheck,ReplaceUnhealthy
     target_group_arns                        = ""                                            # A comma delimited list of ALB target group ARNs to be associated to the ASG
     enabled_metrics                          = ""                                            # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity