avx-pmarie-aws-infra/infra/aws-load-balancer-iam-aws/terragrunt.hcl

include "root" {
  path = find_in_parent_folders()
}

terraform {
  source = "${get_repo_root()}//modules/aws-iam"
}

dependency "eks" {
  config_path = "../eks"

  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
  mock_outputs = {
    cluster_oidc_issuer_url = "https://oidc.eks.us-east-2.amazonaws.com/id/FAKEIDENTIFIERXXXXXXXXXXXXXXXXXX"
  }
}

locals {
  config_vars = read_terragrunt_config(find_in_parent_folders("config.hcl"))

  env                  = local.config_vars.locals.environment
  service_account_name = local.config_vars.locals.aws_load_balancer_service_account_name
  namespace            = local.config_vars.locals.aws_load_balancer_namespace
  iam_role_prefix      = local.config_vars.locals.aws_load_balancer_iam_role_prefix
}

generate = local.config_vars.generate

inputs = {
  iam_roles = {
    "${local.iam_role_prefix}${title(local.env)}" = {
      assume_role_policy = {
        Version = "2012-10-17",
        Statement = [
          {
            Effect = "Allow",
            Principal = {
              Federated = "arn:aws:iam::${get_aws_account_id()}:oidc-provider/${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}"
            },
            Action = "sts:AssumeRoleWithWebIdentity",
            Condition = {
              StringEquals = {
                "${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}:aud" : "sts.amazonaws.com",
                "${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}:sub" : "system:serviceaccount:${local.namespace}:${local.service_account_name}"
              }
            }
        }]
      }
      policy = jsondecode(file("policy.json"))
      tags   = {}
    }
  }
}
Initial commit. 2022-07-01 14:12:11 +02:00			`include "root" {`
			`path = find_in_parent_folders()`
			`}`

			`terraform {`
			`source = "${get_repo_root()}//modules/aws-iam"`
			`}`

			`dependency "eks" {`
			`config_path = "../eks"`

			`mock_outputs_allowed_terraform_commands = ["validate", "plan"]`
			`mock_outputs = {`
			`cluster_oidc_issuer_url = "https://oidc.eks.us-east-2.amazonaws.com/id/FAKEIDENTIFIERXXXXXXXXXXXXXXXXXX"`
			`}`
			`}`

			`locals {`
			`config_vars = read_terragrunt_config(find_in_parent_folders("config.hcl"))`

			`env = local.config_vars.locals.environment`
			`service_account_name = local.config_vars.locals.aws_load_balancer_service_account_name`
			`namespace = local.config_vars.locals.aws_load_balancer_namespace`
			`iam_role_prefix = local.config_vars.locals.aws_load_balancer_iam_role_prefix`
			`}`

			`generate = local.config_vars.generate`

			`inputs = {`
			`iam_roles = {`
			`"${local.iam_role_prefix}${title(local.env)}" = {`
			`assume_role_policy = {`
			`Version = "2012-10-17",`
			`Statement = [`
			`{`
			`Effect = "Allow",`
			`Principal = {`
			`Federated = "arn:aws:iam::${get_aws_account_id()}:oidc-provider/${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}"`
			`},`
			`Action = "sts:AssumeRoleWithWebIdentity",`
			`Condition = {`
			`StringEquals = {`
			`"${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}:aud" : "sts.amazonaws.com",`
			`"${replace("${dependency.eks.outputs.cluster_oidc_issuer_url}", "https://", "")}:sub" : "system:serviceaccount:${local.namespace}:${local.service_account_name}"`
			`}`
			`}`
			`}]`
			`}`
			`policy = jsondecode(file("policy.json"))`
			`tags = {}`
			`}`
			`}`
			`}`