eks-iam-role
cloudposse/eks-iam-role/aws
Terraform module to provision an EKS IAM Role for Service Account
This terraform-aws-eks-iam-role project provides a simplified mechanism for provisioning AWS EKS Service Account IAM roles. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Usage Here's how to invoke this module in your projects ``hcl module "eks_iam_role" { source = "cloudposse/eks-iam-role/aws" # Cloud Posse recommends pinning every module to a specific version # version = "x.x.x" namespace = var.namespace environment = var.environment stage = var.stage name = var.name delimiter = var.delimiter attributes = var.attributes tag
| Name | Type | Description | Default |
|---|---|---|---|
| eks_cluster_oidc_issuer_url | string | OIDC issuer URL for the EKS cluster (initial "https://" may be omitted) | |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| managed_policy_arns | set(string) | List of managed policies to attach to created role | [] |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| service_account_name | string | Kubernetes ServiceAccount name. Leave empty or set to "*" to indicate all Servic | null |
| service_account_namespace | string | Kubernetes Namespace where service account is deployed. Leave empty or set to "* | null |
| aws_account_number | string | AWS account number of EKS cluster owner. If an AWS account number is not provide | null |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| aws_iam_policy_document | any | JSON string representation of the IAM policy for this service account as list of | [] |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| aws_partition | string | AWS partition: 'aws', 'aws-cn', or 'aws-us-gov' | "aws" |
| permissions_boundary | string | ARN of the policy that is used to set the permissions boundary for the role. | null |
service_account_policy_arn — IAM policy ARNservice_account_namespace — Kubernetes Service Account namespaceservice_account_name — Kubernetes Service Account nameservice_account_role_name — IAM role nameservice_account_role_unique_id — IAM role unique IDservice_account_role_arn — IAM role ARNservice_account_policy_name — IAM policy nameservice_account_policy_id — IAM policy ID