github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-04-26 10:28:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add permissions boundary to fargate execution IAM role (#1108)

Browse Source
This commit is contained in:
Ryan
2020-12-22 18:43:08 +08:00
committed by GitHub
parent ea2f6982d5
commit b0f51fdbe5
4 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fargate.tf
View File

@@ -5,6 +5,7 @@ module "fargate" {
create_fargate_pod_execution_role = var.create_fargate_pod_execution_role create_fargate_pod_execution_role = var.create_fargate_pod_execution_role
fargate_pod_execution_role_name = var.fargate_pod_execution_role_name fargate_pod_execution_role_name = var.fargate_pod_execution_role_name
fargate_profiles = var.fargate_profiles fargate_profiles = var.fargate_profiles
permissions_boundary = var.permissions_boundary
iam_path = var.iam_path iam_path = var.iam_path
iam_policy_arn_prefix = local.policy_arn_prefix iam_policy_arn_prefix = local.policy_arn_prefix
subnets = var.subnets subnets = var.subnets

1
modules/fargate/README.md
View File

@@ -38,6 +38,7 @@ No requirements.
| fargate\_profiles | Fargate profiles to create. See `fargate_profile` keys section in README.md for more details | `any` | `{}` | no | | fargate\_profiles | Fargate profiles to create. See `fargate_profile` keys section in README.md for more details | `any` | `{}` | no |
| iam\_path | IAM roles will be created on this path. | `string` | `"/"` | no | | iam\_path | IAM roles will be created on this path. | `string` | `"/"` | no |
| iam\_policy\_arn\_prefix | IAM policy prefix with the correct AWS partition. | `string` | n/a | yes | | iam\_policy\_arn\_prefix | IAM policy prefix with the correct AWS partition. | `string` | n/a | yes |
| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
| subnets | A list of subnets for the EKS Fargate profiles. | `list(string)` | `[]` | no | | subnets | A list of subnets for the EKS Fargate profiles. | `list(string)` | `[]` | no |
| tags | A map of tags to add to all resources. | `map(string)` | `{}` | no | | tags | A map of tags to add to all resources. | `map(string)` | `{}` | no |

1
modules/fargate/fargate.tf
View File

@@ -2,6 +2,7 @@ resource "aws_iam_role" "eks_fargate_pod" {
count = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0 count = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0
name_prefix = format("%s-fargate", var.cluster_name) name_prefix = format("%s-fargate", var.cluster_name)
assume_role_policy = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json assume_role_policy = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json
permissions_boundary = var.permissions_boundary
tags = var.tags tags = var.tags
path = var.iam_path path = var.iam_path
} }

6
modules/fargate/variables.tf
View File

@@ -38,6 +38,12 @@ variable "fargate_profiles" {
default = {} default = {}
} }
variable "permissions_boundary" {
description = "If provided, all IAM roles will be created with this permissions boundary attached."
type = string
default = null
}
variable "subnets" { variable "subnets" {
description = "A list of subnets for the EKS Fargate profiles." description = "A list of subnets for the EKS Fargate profiles."
type = list(string) type = list(string)