feat: Add permissions boundary to fargate execution IAM role (#1108)

2026-04-19 15:21:18 +02:00 · 2020-12-22 18:43:08 +08:00
parent ea2f6982d5
commit b0f51fdbe5
4 changed files with 14 additions and 5 deletions
--- a/modules/fargate/fargate.tf
+++ b/modules/fargate/fargate.tf
@@ -1,9 +1,10 @@
 resource "aws_iam_role" "eks_fargate_pod" {
-  count              = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0
-  name_prefix        = format("%s-fargate", var.cluster_name)
-  assume_role_policy = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json
-  tags               = var.tags
-  path               = var.iam_path
+  count                = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0
+  name_prefix          = format("%s-fargate", var.cluster_name)
+  assume_role_policy   = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json
+  permissions_boundary = var.permissions_boundary
+  tags                 = var.tags
+  path                 = var.iam_path
 }

 resource "aws_iam_role_policy_attachment" "eks_fargate_pod" {