Merge pull request #63 from aws-samples/bug-fix-emr-on-eks

emr on eks fix for service account

Merge pull request #63 from aws-samples/bug-fix-emr-on-eks
emr on eks fix for service account
3cc91606 · Kevin Coleman · GitHub · ba666b8c · 77acd2b0 · 3cc91606
Unverified Commit 3cc91606 authored 3 years ago by Kevin Coleman Committed by GitHub 3 years ago
--- a/docs/modules/emr-on-eks.md
+++ b/docs/modules/emr-on-eks.md
@@ -15,19 +15,20 @@ This module deploys the necessary resources to run EMR Spark Jobs on EKS Cluster


 ```hcl
+  #---------------------------------------
+  # ENABLE EMR ON EKS
+  #---------------------------------------
  enable_emr_on_eks = true

  emr_on_eks_teams = {
    data_team_a = {
-      emr_on_eks_username = "emr-containers"
-      emr_on_eks_namespace = "spark"
-      emr_on_eks_iam_role_name = "EMRonEKSExecution"
+      emr_on_eks_namespace     = "emr-data-team-a"
+      emr_on_eks_iam_role_name = "emr-eks-data-team-a"
    }

    data_team_b = {
-      emr_on_eks_username = "data-team-b-user"
-      emr_on_eks_namespace = "data-team-b"
-      emr_on_eks_iam_role_name = "data_team_b"
+      emr_on_eks_namespace     = "emr-data-team-b"
+      emr_on_eks_iam_role_name = "emr-eks-data-team-b"
    }
  }
 ```

--- a/locals.tf
+++ b/locals.tf
@@ -74,9 +74,9 @@ locals {

  # EMR on EKS IAM Roles for aws-auth
  emr_on_eks_config_map = var.enable_emr_on_eks == true ? [
-    for key, node in var.emr_on_eks_teams : {
+    {
      rolearn : "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/AWSServiceRoleForAmazonEMRContainers"
-      username : "${node.emr_on_eks_username}"
+      username : "emr-containers"
      groups : []
    }
  ] : []

--- a/modules/emr-on-eks/locals.tf
+++ b/modules/emr-on-eks/locals.tf

 locals {
  default_emr_on_eks_teams = {
-    emr_on_eks_username      = "emr-containers"
-    emr_on_eks_namespace     = "spark"
-    emr_on_eks_iam_role_name = "EMRonEKSExecution"
+    emr_on_eks_namespace     = "emr-on-eks-spark"
+    emr_on_eks_iam_role_name = "emr-on-eks-spark-iam-role"
  }
  emr_on_eks_team = merge(
    local.default_emr_on_eks_teams,
    var.emr_on_eks_teams
  )
+  emr_service_name = "emr-containers"
 }
--- a/modules/emr-on-eks/main.tf
+++ b/modules/emr-on-eks/main.tf
@@ -16,7 +16,7 @@ resource "kubernetes_namespace" "spark" {

 resource "kubernetes_role" "emr_containers" {
  metadata {
-    name      = local.emr_on_eks_team["emr_on_eks_username"]
+    name      = local.emr_service_name
    namespace = kubernetes_namespace.spark.id
  }

@@ -65,19 +65,19 @@ resource "kubernetes_role" "emr_containers" {

 resource "kubernetes_role_binding" "emr_containers" {
  metadata {
-    name      = local.emr_on_eks_team["emr_on_eks_username"]
+    name      = local.emr_service_name
    namespace = kubernetes_namespace.spark.id
  }

  subject {
    kind = "User"
-    name = local.emr_on_eks_team["emr_on_eks_username"]
+    name = local.emr_service_name
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "Role"
-    name      = local.emr_on_eks_team["emr_on_eks_username"]
+    name      = local.emr_service_name
  }
 }