Skip to content

Instantly share code, notes, and snippets.

@tbaums

tbaums/expose-services.sh

Created March 28, 2021 18:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tbaums/18e69aafd381e30c759a601909dda794 to your computer and use it in GitHub Desktop.
Save tbaums/18e69aafd381e30c759a601909dda794 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
expose-services.sh
export DOMAIN=arrikto.com
export SUBDOMAIN=aws-dev.arrikto.com
cd ~/ops/deployments
ZONES=$(aws route53 list-hosted-zones-by-name --output json --dns-name "${DOMAIN}." | jq -r '.HostedZones[].Id' | wc -l)
export AWS_ZONE_ID=$(aws route53 list-hosted-zones-by-name --output json --dns-name "${DOMAIN}." | jq -r '.HostedZones[].Id' | xargs)
export IAM_ROLE_NAME=eks-external-dns-$CLUSTERNAME
export IAM_ROLE_DESCRIPTION=ExternalDNS
export IAM_POLICY_NAME=AllowExternalDNSUpdates
export SERVICE_ACCOUNT_NAMESPACE=default
export SERVICE_ACCOUNT_NAME=external-dns
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
export OIDC_PROVIDER=$(aws eks describe-cluster --name $CLUSTERNAME --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///")
j2 rok/eks/iamsa-trust.json.j2 -o iam-$IAM_ROLE_NAME-trust.json
git add iam-$IAM_ROLE_NAME-trust.json
git commit -m "Add JSON trust policy document for $IAM_ROLE_NAME"
aws iam create-role \
--role-name $IAM_ROLE_NAME \
--assume-role-policy-document file://iam-$IAM_ROLE_NAME-trust.json \
--description "$IAM_ROLE_DESCRIPTION"
aws iam attach-role-policy \
--role-name $IAM_ROLE_NAME \
--policy-arn=arn:aws:iam::$AWS_ACCOUNT_ID:policy/$IAM_POLICY_NAME
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment