23 lines
1.1 KiB
HCL
23 lines
1.1 KiB
HCL
resource "aws_iam_role" "self" {
|
|
assume_role_policy = data.aws_iam_policy_document.self_assume_role_policy.json
|
|
name = "EksCsiEbsRole-${var.eks_cluster_id}"
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "self" {
|
|
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
|
|
role = aws_iam_role.self.name
|
|
}
|
|
|
|
# resource "aws_eks_addon" "self" {
|
|
# cluster_name = var.eks_cluster_id
|
|
# addon_name = "aws-ebs-csi-driver"
|
|
# addon_version = var.addon_version
|
|
#
|
|
# # Note: when installed using the cluster_addons, the service account role
|
|
# # is "inherited from node". In this case, it is still required to create an IAM.
|
|
# # It will be then required to annotate the service account with the arn of the created role:
|
|
# # > kubectl annotate serviceaccount ebs-csi-controller-sa -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::563042046245:role/EksCsiEbsRole-avx-pmarie-eks
|
|
# # Then to restart the ebs-csi-controller deployment to take effect:
|
|
# # > kubectl rollout restart deployment ebs-csi-controller -n kube-system
|
|
# service_account_role_arn = aws_iam_role.self.arn
|
|
# } |