terraform-aws-kubernetes-iamserviceaccount

Terraform module to associate a Kubernetes Service Account to an AWS IAM Role.

This module is roughly equivalent to use the following command in eksctl:

eksctl create iamserviceaccount --cluster=<clusterName> --name=s3-read-only --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

The difference is that an IAM role is necessarily created so that we can have control over its assume policy. To add further permissions to this role, use the outputs of this module.

Requirements

Name	Version
terraform	>= 0.13.1
aws	>= 3.0.0
kubernetes	>= 1.0.0

Providers

Name	Version
aws	>= 3.0.0
kubernetes	>= 1.0.0

Modules

No modules.

Resources

Name	Type
aws_iam_role.this	resource
kubernetes_annotations.link_role_to_service_account	resource
kubernetes_service_account.this	resource
aws_caller_identity.current	data source
aws_eks_cluster.cluster	data source
kubernetes_service_account.this	data source

Inputs

Name	Description	Type	Default	Required
cluster_name	Name of the AWS EKS cluster.	`string`	n/a	yes
namespace	Namespace for the Service Account	`string`	n/a	yes
role_name	IAM role name.	`string`	n/a	yes
service_account_name	Name of the Service Account resource.	`string`	n/a	yes
tags	Tags to be inherited by AWS role	`map(string)`	`{}`	no
use_existing_service_account	Whether or not `service_account_name` refers to an existing Service Account. It will be created otherwise.	`bool`	`false`	no

Outputs

Name	Description
iam_role	IAM Role created by this module.
service_account	Service Account created / used by this module.

About

Terraform module to associate a Kubernetes Service Account to an AWS IAM Role

https://registry.terraform.io/modules/bigdatabr/kubernetes-iamserviceaccount/aws/latest

MIT License

Languages

Language:HCL 100.0%