forked from DrFaust92/terraform-kubernetes-efs-csi-driver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam.tf
18 lines (16 loc) · 881 Bytes
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
resource "aws_iam_policy" "efs_controller_policy" {
name_prefix = var.efs_csi_controller_role_policy_name_prefix == "" ? local.prefix : var.efs_csi_controller_role_policy_name_prefix
policy = file("${path.module}/iam-policy.json")
tags = var.tags
}
module "iam_assumable_role_with_oidc" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "~> 5.0"
create_role = true
role_name_prefix = var.efs_csi_controller_role_name == "" ? local.prefix : var.efs_csi_controller_role_name
oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${local.controller_name}"]
provider_url = var.oidc_url
role_policy_arns = [aws_iam_policy.efs_controller_policy.arn]
number_of_role_policy_arns = 1
tags = var.tags
}