-
Notifications
You must be signed in to change notification settings - Fork 4
/
irsa.tf
25 lines (21 loc) · 788 Bytes
/
irsa.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#-----------------------------------------
# IRSA- IAM role for service Account
#- it is supported for EKS >1.14,
#-----------------------------------------
data "tls_certificate" "this" {
count = var.enable_irsa ? 1 : 0
url = aws_eks_cluster.main.identity[0].oidc[0].issuer
}
resource "aws_iam_openid_connect_provider" "oidc_provider" {
count = var.enable_irsa ? 1 : 0
client_id_list = distinct(compact(concat(["sts.${data.aws_partition.current.dns_suffix}"], var.openid_connect_audiences)))
thumbprint_list = [data.tls_certificate.this[0].certificates[0].sha1_fingerprint]
url = aws_eks_cluster.main.identity[0].oidc[0].issuer
tags = merge(
var.common_tags,
local.generic_tags,
{
Name = "${local.eks_cluster_name}-eks-irsa"
}
)
}