Terraform module that allows you to create and link a kubernetes (eks) service account with an AWS IAM role
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles CÈBE 1aa865d144
fix: CHANGELOG.md file
1 month ago
examples/default refactor: lint code in examples and root 1 month ago
.gitignore Initial commit 1 year ago
.pre-commit-config.yaml chore: bumps pre-commit hooks versions 2 months ago
CHANGELOG.md fix: CHANGELOG.md file 1 month ago
Jenkinsfile feat: initial release 1 year ago
LICENSE refactor: lint code in root module 1 month ago
README.md refactor: lint code in root module 1 month ago
main.tf refactor: lint code in root module 1 month ago
outputs.tf refactor: lint code in root module 1 month ago
variables.tf refactor: lint code in root module 1 month ago
versions.tf refactor: lint code in examples and root 1 month ago

README.md

terraform-module-aws-eks-service-account-role

Considerations

  • We currently only support service accounts to be allowed access to roles.
  • When applying a role to a service account, the pods that use that service account will need to be restart for the changes to take effect.

Requirements

Name Version
terraform >= 0.14
aws >= 3.0

Providers

Name Version
aws >= 3.0

Modules

No modules.

Resources

Name Type
aws_iam_role.this resource
aws_iam_role_policy_attachment.this resource
aws_iam_policy_document.this data source

Inputs

Name Description Type Default Required
enabled Whether or not to enable this module. bool true no
iam_openid_connect_provider_arn ARN of the AWS IAM OpenID Connect provider to use. string n/a yes
iam_openid_connect_provider_url URL of the AWS IAM OpenID Connect provider to use. string n/a yes
iam_policy_arns List of policy arns that will be attached to the role. list(string) n/a yes
iam_policy_arns_count The number of policies you want to attach to the role. number n/a yes
iam_role_description The description of the role. string null no
iam_role_force_dettach_policies Specifies to force detaching any policies the role has before destroying it. bool null no
iam_role_max_session_duration The maximum session duration (in seconds) that you want to set for the specified role. number null no
iam_role_name name of the role. string null no
iam_role_name_prefix name prefix of the role. string "external-role" no
iam_role_path The path to the role. string null no
iam_role_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the role. string null no
kubernetes_namespace Kubernetes namespace in which reside the service account you want to give access to the role. string n/a yes
kubernetes_service_account Kubernetes service account you want to give access to the role. string n/a yes
tags Tags that will be applied on all resources. map {} no

Outputs

Name Description
iam_role_arn n/a
iam_role_id n/a
iam_role_name n/a
iam_role_unique_id n/a
kubernetes_annotation Kubernetes annoations to add on the service account for it to be able to assume the role.

Versioning

This repository follows Semantic Versioning 2.0.0

Git Hooks

This repository uses pre-commit hooks.