feat: Add AmazonEKSVPCResourceController to cluster policy to be able…

… to set AWS Security Groups for pod (#1011) Co-authored-by: Thomas O'Neill <toneill@new-innov.com>
terraform-aws-modules · Oct 4, 2020 · 31ad394 · 31ad394
1 parent bceb966
commit 31ad394
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/cluster.tf b/cluster.tf
@@ -43,6 +43,7 @@ resource "aws_eks_cluster" "this" {
     aws_security_group_rule.cluster_https_worker_ingress,
     aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy,
     aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,
+    aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy,
     aws_cloudwatch_log_group.this
   ]
 }
@@ -133,6 +134,12 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
   role       = local.cluster_iam_role_name
 }
 
+resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSVPCResourceControllerPolicy" {
+  count      = var.manage_cluster_iam_resources && var.create_eks ? 1 : 0
+  policy_arn = "${local.policy_arn_prefix}/AmazonEKSVPCResourceController"
+  role       = local.cluster_iam_role_name
+}
+
 /*
  Adding a policy to cluster IAM role that allow permissions
  required to create AWSServiceRoleForElasticLoadBalancing service-linked role by EKS during ELB provisioning