Terraform module that allows you to create and link a kubernetes (eks) service account with an AWS IAM role
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Christophe van de Kerchove 701930696c
feat: initial release
4 months ago
examples feat: initial release 4 months ago
.gitignore Initial commit 4 months ago
.pre-commit-config.yaml Initial commit 4 months ago
CHANGELOG.md feat: initial release 4 months ago
Jenkinsfile feat: initial release 4 months ago
LICENSE feat: initial release 4 months ago
README.md feat: initial release 4 months ago
main.tf feat: initial release 4 months ago
outputs.tf feat: initial release 4 months ago
variables.tf feat: initial release 4 months ago
versions.tf feat: initial release 4 months ago

README.md

terraform-module-aws-eks-service-account-role

Considerations

  • We currently only support service accounts to be allowed access to roles.
  • When applying a role to a service account, the pods that use that service account will need to be restart for the changes to take effect.

Requirements

Name Version
terraform >= 0.12
aws ~> 2.31

Providers

Name Version
aws ~> 2.31

Inputs

Name Description Type Default Required
enabled Whether or not to enable this module. bool true no
iam_openid_connect_provider_arn ARN of the AWS IAM OpenID Connect provider to use. string n/a yes
iam_openid_connect_provider_url URL of the AWS IAM OpenID Connect provider to use. string n/a yes
iam_policy_arns List of policy arns that will be attached to the role. list(string) n/a yes
iam_policy_arns_count The number of policies you want to attach to the role. number n/a yes
iam_role_description The description of the role. string null no
iam_role_force_dettach_policies Specifies to force detaching any policies the role has before destroying it. bool null no
iam_role_max_session_duration The maximum session duration (in seconds) that you want to set for the specified role. number null no
iam_role_name name of the role. string null no
iam_role_name_prefix name prefix of the role. string "external-role" no
iam_role_path The path to the role. string null no
iam_role_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the role. string null no
kubernetes_namespace Kubernetes namespace in which reside the service account you want to give access to the role. string n/a yes
kubernetes_service_account Kubernetes service account you want to give access to the role. string n/a yes
tags Tags that will be applied on all resources. map {} no

Outputs

Name Description
iam_role_arn n/a
iam_role_id n/a
iam_role_name n/a
iam_role_unique_id n/a
kubernetes_annotation Kubernetes annoations to add on the service account for it to be able to assume the role.

Versioning

This repository follows Semantic Versioning 2.0.0

Git Hooks

This repository uses pre-commit hooks.