Difference between revisions of "Terraform resource: aws iam role policy attachment"

• aws_iam_role_policy_attachment (ref)

 aws_iam_policy + aws_iam_role -> aws_iam_role_policy_attachment

Examples[edit]

Module:

# module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
     + role       = (known after apply)
   }

resource "aws_iam_role_policy_attachment" "your_node_policy" {
  role       = aws_iam_role.your_node_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}

 resource "aws_eks_node_group" "example" {
 cluster_name    = aws_eks_cluster.example.name
 node_group_name = "example"
 node_role_arn   = aws_iam_role.example.arn
 subnet_ids      = aws_subnet.example[*].id

 scaling_config {
   desired_size = 1
   max_size     = 2
   min_size     = 1
 }

 update_config {
   max_unavailable = 1
 }

 # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
 # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
 depends_on = [
   aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
   aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
   aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
 ]
}

Related[edit]

• Terraform resource: aws_iam_role
• aws_eks_node_group
• aws_iam_instance_profile
• Terraform resource: aws_iam_role_policy

See also[edit]

• aws_iam_role_policy_attachment
• Terraform IAM resources: aws_iam_user, aws_iam_group, aws_iam_role, aws_iam_role_policy_attachment, aws_iam_policy, aws_iam_role_policy, aws_iam_user_policy, aws_iam_user_policy_attachment, aws_iam_access_key, aws_iam_group_policy, aws_iam_group_policy_attachment, aws_iam_openid_connect_provider