Skip to content

Commit

Permalink
Added sts assume role
Browse files Browse the repository at this point in the history
  • Loading branch information
@abhiyerra
abhiyerra committed Oct 6, 2023
1 parent e9abfaf commit d6a5f5a
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions efs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,21 @@
# https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html
module "iam_assumable_role_efs_csi" {
count = var.efs_enabled ? 1 : 0
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "3.6.0"
create_role = true
role_name = "${var.environment_name}-AmazonEFSCSIDriverPolicy"
provider_url = replace(aws_iam_openid_connect_provider.cluster.url, "https://", "")
role_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy"]
count = var.efs_enabled ? 1 : 0
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "3.6.0"
create_role = true
allow_self_assume_role = true
role_name = "${var.environment_name}-AmazonEFSCSIDriverPolicy"
provider_url = replace(aws_iam_openid_connect_provider.cluster.url, "https://", "")
role_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy"]
# namespace and service account name
oidc_fully_qualified_subjects = [
"system:serviceaccount:kube-system:efs-csi-controller-sa",
"system:serviceaccount:kube-system:efs-csi-node-sa",
"system:serviceaccount:kube-system:efs-csi-*"
"system:serviceaccount:kube-system:efs-csi-*",
]
oidc_fully_qualified_audiences = [
"sts.amazonaws.com"
]
tags = {
"KubespotEnvironment" = var.environment_name
Expand Down

0 comments on commit d6a5f5a

Please sign in to comment.