github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-29 13:41:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add support for overriding DNS suffix for cluster IAM role service principal endpoint (#1905)

Browse Source
This commit is contained in:
Bryant Biggs
2022-03-02 12:26:20 -05:00
committed by GitHub
parent 9a99689cc1
commit 9af0c2495a
4 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main.tf
View File

@@ -172,6 +172,10 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" {
locals {
iam_role_name = coalesce(var.iam_role_name, "${var.cluster_name}-cluster")
policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
# TODO - hopefully this can be removed once the AWS endpoint is named properly in China
# https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1904
dns_suffix = coalesce(var.cluster_iam_role_dns_suffix, data.aws_partition.current.dns_suffix)
}
data "aws_iam_policy_document" "assume_role_policy" {
@@ -183,7 +187,7 @@ data "aws_iam_policy_document" "assume_role_policy" {
principals {
type = "Service"
identifiers = ["eks.${data.aws_partition.current.dns_suffix}"]
identifiers = ["eks.${local.dns_suffix}"]
}
}
}