KyMidd/ekscsism_iam_role_assume_policy.tf Secret

## ekscsism_iam_role_assume_policy.tf
data "aws_iam_policy_document" "app1_eks_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRoleWithWebIdentity"]
    effect  = "Allow"

    condition {
      test     = "StringEquals"
      variable = "${replace(aws_iam_openid_connect_provider.oid_provider.url, "https://", "")}:aud"
      values   = ["sts.amazonaws.com"]
    }

    # Condition to limit this role to be utilized by only the service account specified
    condition {
      test     = "StringEquals"
      variable = "${replace(aws_iam_openid_connect_provider.oid_provider.url, "https://", "")}:sub"
      values   = ["system:serviceaccount:default:our-eks-sa-name"]
    }

    principals {
      identifiers = [aws_iam_openid_connect_provider.oid_provider.arn]
      type        = "Federated"
    }
  }
}
	data "aws_iam_policy_document" "app1_eks_assume_role_policy" {
	statement {
	actions = ["sts:AssumeRoleWithWebIdentity"]
	effect = "Allow"

	condition {
	test = "StringEquals"
	variable = "${replace(aws_iam_openid_connect_provider.oid_provider.url, "https://", "")}:aud"
	values = ["sts.amazonaws.com"]
	}

	# Condition to limit this role to be utilized by only the service account specified
	condition {
	test = "StringEquals"
	variable = "${replace(aws_iam_openid_connect_provider.oid_provider.url, "https://", "")}:sub"
	values = ["system:serviceaccount:default:our-eks-sa-name"]
	}

	principals {
	identifiers = [aws_iam_openid_connect_provider.oid_provider.arn]
	type = "Federated"
	}
	}
	}
No results found