resource "aws_iam_role" "self" {
  assume_role_policy = data.aws_iam_policy_document.self_assume_role_policy.json
  name               = "EksCsiEbsRole-${var.eks_cluster_id}"
}

resource "aws_iam_role_policy_attachment" "self" {
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
  role       = aws_iam_role.self.name
}

# resource "aws_eks_addon" "self" {
#   cluster_name  = var.eks_cluster_id
#   addon_name    = "aws-ebs-csi-driver"
#   addon_version = var.addon_version
# 
#   # Note: when installed using the cluster_addons, the service account role
#   # is "inherited from node". In this case, it is still required to create an IAM.
#   # It will be then required to annotate the service account with the arn of the created role:
#   # > kubectl annotate serviceaccount ebs-csi-controller-sa -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::563042046245:role/EksCsiEbsRole-avx-pmarie-eks
#   # Then to restart the ebs-csi-controller deployment to take effect:
#   # > kubectl rollout restart deployment ebs-csi-controller -n kube-system
#   service_account_role_arn = aws_iam_role.self.arn
# }