Skip to content

Instantly share code, notes, and snippets.

@thepoppingone
Created November 5, 2020 17:49
Show Gist options
  • Save thepoppingone/9d20451ec843ad9415d5dea9749ab7a9 to your computer and use it in GitHub Desktop.
Save thepoppingone/9d20451ec843ad9415d5dea9749ab7a9 to your computer and use it in GitHub Desktop.
node group iam
#NodeGroup
resource "aws_iam_role" "your-eks-cluster-ng" {
name = "your-eks-cluster-node-group"
permissions_boundary = var.iam_permissions_boundary
tags = merge(var.default_tags, map("Name", "your-eks-cluster-ng-sg"))
assume_role_policy = jsonencode({
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
}]
Version = "2012-10-17"
})
}
resource "aws_iam_role_policy_attachment" "your-eks-cluster-ng-AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.your-eks-cluster-ng.name
}
resource "aws_iam_role_policy_attachment" "your-eks-cluster-ng-AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.your-eks-cluster-ng.name
}
resource "aws_iam_role_policy_attachment" "your-eks-cluster-ng-AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.your-eks-cluster-ng.name
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment