Skip to content

Instantly share code, notes, and snippets.

@blogumi

blogumi/terraform_iam.tf

Created April 4, 2020 18:52
Show Gist options
  • Save blogumi/4776154be1219656a77d026331e30e05 to your computer and use it in GitHub Desktop.
Save blogumi/4776154be1219656a77d026331e30e05 to your computer and use it in GitHub Desktop.
Download ZIP
The below is an example IAM role and policy to allow the EKS service to manage or retrieve data from other AWS services.
Raw
terraform_iam.tf
resource "aws_iam_role" "demo-node" {
name = "terraform-eks-demo-cluster"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = "${aws_iam_role.demo-node.name}"
}
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSServicePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
role = "${aws_iam_role.demo-node.name}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment