github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-05-01 21:04:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add optional permissions_boundary (#265)

Browse Source 
* Add optional permissions_boundary

* Update CHANGELOG
This commit is contained in:
Dylan Hellems
2019-02-07 10:38:16 -05:00
committed by Max Williams
parent a23c43caf2
commit a1a1644f80
5 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
##### Added
- Ability to specify a permissions_boundary for IAM roles (by @dylanhellems)
- Ability to configure force_delete for the worker group ASG (by @stefansedich)
- Ability to configure worker group ASG tags (by @stefansedich)
- Added EBS optimized mapping for the g3s.xlarge instance type (by @stefansedich)

1
README.md
View File

@@ -130,6 +130,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| map\_roles\_count | The count of roles in the map_roles list. | string | `"0"` | no |
| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
| map\_users\_count | The count of roles in the map_users list. | string | `"0"` | no |
| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no |
| subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes |
| tags | A map of tags to add to all resources. | map | `{}` | no |
| vpc\_id | VPC where the cluster and workers will be deployed. | string | n/a | yes |

1
cluster.tf
View File

@@ -52,6 +52,7 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
resource "aws_iam_role" "cluster" {
name_prefix = "${var.cluster_name}"
assume_role_policy = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
permissions_boundary = "${var.permissions_boundary}"
force_detach_policies = true
}

5
variables.tf
View File

@@ -216,3 +216,8 @@ variable "worker_create_security_group" {
description = "Whether to create a security group for the workers or attach the workers to `worker_security_group_id`."
default = true
}
variable "permissions_boundary" {
description = "If provided, all IAM roles will be created with this permissions boundary attached."
default = ""
}

1
workers.tf
View File

@@ -114,6 +114,7 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
resource "aws_iam_role" "workers" {
name_prefix = "${aws_eks_cluster.this.name}"
assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"
permissions_boundary = "${var.permissions_boundary}"
force_detach_policies = true
}