This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences.

Accept all cookies Accept only essential cookies

Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Select Git revision
  • df29288b4f40e32e87374316f652653ee838cdf4
  • v4.32.1-EBSI default
  • fix_v4_chine
  • gh-pages
  • main protected
  • upgrade_bluegreen_on_gitops_bridge
  • feat/example-update
  • feat/p5-1_23
  • feat/p5-distributed
  • blueprints-workshops
  • v4
  • argo-multi-cluster
  • v4.32.1-EBSI-patch3
  • v4.32.1-EBSI-patch2
  • EBSI-1
  • v5.0.0
  • v4.32.1
  • v4.32.0
  • v4.31.0
  • v4.30.0
  • v4.29.0
  • v4.28.0
  • v4.27.0
  • v4.26.0
  • v4.25.0
  • v4.24.0
  • v4.23.0
  • v4.22.0
  • v4.21.0
  • v4.20.0
  • v4.19.0
  • v4.18.1
32 results

iam.tf

    • user avatar
    IRSA for AWS for Fluent Bit Add-on (#186)
    Vara Bonthu authored and GitHub committed 
    * IRSA for AWS for Fluent Bit module

* terraform-docs: automated action

Co-authored-by: default avatargithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
    df29288b
    History
    user avatar df29288b
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    iam.tf 2.02 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55 
    

    

    

    resource "aws_iam_role" "self_managed_ng" {
  name                  = "${var.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}"
  assume_role_policy    = data.aws_iam_policy_document.self_managed_ng_assume_role_policy.json
  path                  = var.path
  force_detach_policies = true
  tags                  = var.tags
}

resource "aws_iam_instance_profile" "self_managed_ng" {
  name = "${var.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}"
  role = aws_iam_role.self_managed_ng.name

  path = var.path
  tags = var.tags

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_iam_role_policy_attachment" "self_managed_AmazonEKSWorkerNodePolicy" {
  policy_arn = "${local.policy_arn_prefix}/AmazonEKSWorkerNodePolicy"
  role       = aws_iam_role.self_managed_ng.name
}

resource "aws_iam_role_policy_attachment" "self_managed_AmazonEKS_CNI_Policy" {
  policy_arn = "${local.policy_arn_prefix}/AmazonEKS_CNI_Policy"
  role       = aws_iam_role.self_managed_ng.name
}

resource "aws_iam_role_policy_attachment" "self_managed_AmazonEC2ContainerRegistryReadOnly" {
  policy_arn = "${local.policy_arn_prefix}/AmazonEC2ContainerRegistryReadOnly"
  role       = aws_iam_role.self_managed_ng.name
}

resource "aws_iam_role_policy_attachment" "self_managed_AmazonSSMManagedInstanceCore" {
  policy_arn = "${local.policy_arn_prefix}/AmazonSSMManagedInstanceCore"
  role       = aws_iam_role.self_managed_ng.name
}

# Windows nodes only need read-only access to EC2
resource "aws_iam_policy" "eks_windows_cni" {
  count       = local.enable_windows_support ? 1 : 0
  name        = "${var.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}-cni-policy"
  description = "EKS Windows CNI policy"
  path        = var.path
  policy      = data.aws_iam_policy_document.eks_windows_cni.json
}

resource "aws_iam_role_policy_attachment" "eks_windows_cni" {
  count      = local.enable_windows_support ? 1 : 0
  policy_arn = aws_iam_policy.eks_windows_cni[0].arn
  role       = aws_iam_role.self_managed_ng.name
}

    For further information about the platform and support, please see https://code.europa.eu/info/about