allow specifying an IAM role for each worker group (#137)

* allow creating an IAM role for each worker group * moved change from 'changed' to 'added' * create multiple roles not just profiles * fix config_map_aws_auth generation * don't duplicate worker-role templating * specify ARNs for worker groups individually todo fix aws_auth configmap * fixed AWS auth * fix aws_iam_instance_profile.workers name fix iam_instance_profile fallback * fix outputs * fix iam_instance_profile calculation * hopefully fix aws auth configmap generation * manually fill out remainder of arn * remove depends_on in worker_role_arns template file this was causing resources to be recreated every time * fmt * fix typo, move iam_role_id default to defaults map
2026-03-30 14:11:58 +02:00 · 2018-09-24 07:08:35 -07:00
parent b6f6a82352
commit b623bc234a
8 changed files with 27 additions and 12 deletions
--- a/local.tf
+++ b/local.tf
@@ -30,6 +30,7 @@ locals {
    autoscaling_enabled           = false                           # Sets whether policy and matching tags will be added to allow autoscaling.
    additional_security_group_ids = ""                              # A comman delimited list of additional security group ids to include in worker launch config
    protect_from_scale_in         = false                           # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible.
+    iam_role_id                   = "${aws_iam_role.workers.id}"    # Use the specified IAM role if set.
  }

  workers_group_defaults = "${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}"