Created
March 28, 2021 18:20
-
-
Save tbaums/18e69aafd381e30c759a601909dda794 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export DOMAIN=arrikto.com | |
export SUBDOMAIN=aws-dev.arrikto.com | |
cd ~/ops/deployments | |
ZONES=$(aws route53 list-hosted-zones-by-name --output json --dns-name "${DOMAIN}." | jq -r '.HostedZones[].Id' | wc -l) | |
export AWS_ZONE_ID=$(aws route53 list-hosted-zones-by-name --output json --dns-name "${DOMAIN}." | jq -r '.HostedZones[].Id' | xargs) | |
export IAM_ROLE_NAME=eks-external-dns-$CLUSTERNAME | |
export IAM_ROLE_DESCRIPTION=ExternalDNS | |
export IAM_POLICY_NAME=AllowExternalDNSUpdates | |
export SERVICE_ACCOUNT_NAMESPACE=default | |
export SERVICE_ACCOUNT_NAME=external-dns | |
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) | |
export OIDC_PROVIDER=$(aws eks describe-cluster --name $CLUSTERNAME --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///") | |
j2 rok/eks/iamsa-trust.json.j2 -o iam-$IAM_ROLE_NAME-trust.json | |
git add iam-$IAM_ROLE_NAME-trust.json | |
git commit -m "Add JSON trust policy document for $IAM_ROLE_NAME" | |
aws iam create-role \ | |
--role-name $IAM_ROLE_NAME \ | |
--assume-role-policy-document file://iam-$IAM_ROLE_NAME-trust.json \ | |
--description "$IAM_ROLE_DESCRIPTION" | |
aws iam attach-role-policy \ | |
--role-name $IAM_ROLE_NAME \ | |
--policy-arn=arn:aws:iam::$AWS_ACCOUNT_ID:policy/$IAM_POLICY_NAME | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment