terraform-aws-kubernetes-iamserviceaccount
Terraform module to associate a Kubernetes Service Account to an AWS IAM Role.
This module is roughly equivalent to use the following command in eksctl
:
eksctl create iamserviceaccount --cluster=< clusterName> --name=s3-read-only --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
The difference is that an IAM role is necessarily created so that we can have
control over its assume policy.
To add further permissions to this role, use the outputs of this module.
No modules.
Name
Description
Type
Default
Required
cluster_name
Name of the AWS EKS cluster.
string
n/a
yes
namespace
Namespace for the Service Account
string
n/a
yes
role_name
IAM role name.
string
n/a
yes
service_account_name
Name of the Service Account resource.
string
n/a
yes
tags
Tags to be inherited by AWS role
map(string)
{}
no
use_existing_service_account
Whether or not service_account_name
refers to an existing Service Account. It will be created otherwise.
bool
false
no
Name
Description
iam_role
IAM Role created by this module.
service_account
Service Account created / used by this module.