Difference between revisions of "Terraform resource: aws iam role policy attachment"

From wikieduonline
Jump to navigation Jump to search
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{lowercase}}
+
* <code>[[aws_iam_role_policy_attachment]]</code> ([https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment ref])
  
  # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] will be created
+
 
 +
  [[aws_iam_policy]] + [[aws_iam_role]] -> [[aws_iam_role_policy_attachment]]
 +
 
 +
== Examples ==
 +
 
 +
Module:
 +
  # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] [[will be created]]
 
   + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
 
   + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
 
       + id        = (known after apply)
 
       + id        = (known after apply)
       + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+
       + policy_arn = "arn:aws:iam::aws:policy/[[AmazonEKSClusterPolicy]]"
 
       + role      = (known after apply)
 
       + role      = (known after apply)
 
     }
 
     }
 +
 +
 +
resource "aws_iam_role_policy_attachment" "your_node_policy" {
 +
  role      = aws_iam_role.your_node_role.name
 +
  policy_arn = "[[arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]]"
 +
}
 +
 +
{{aws eks node group official example}}
  
 
== Related ==
 
== Related ==
 
* Terraform resource: <code>[[aws_iam_role]]</code>
 
* Terraform resource: <code>[[aws_iam_role]]</code>
 +
* <code>[[aws_eks_node_group]]</code>
 +
* <code>[[aws_iam_instance_profile]]</code>
 +
* Terraform resource: <code>[[aws_iam_role_policy]]</code>
  
 
== See also ==
 
== See also ==
* {{terraform aws}}
+
* {{aws_iam_role_policy_attachment}}
 +
* {{terraform aws iam resources}}
  
 
[[Category:Terraform]]
 
[[Category:Terraform]]

Latest revision as of 02:27, 17 June 2024


 aws_iam_policy + aws_iam_role -> aws_iam_role_policy_attachment

Examples[edit]

Module:

# module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
     + role       = (known after apply)
   }


resource "aws_iam_role_policy_attachment" "your_node_policy" {
  role       = aws_iam_role.your_node_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
 resource "aws_eks_node_group" "example" {
 cluster_name    = aws_eks_cluster.example.name
 node_group_name = "example"
 node_role_arn   = aws_iam_role.example.arn
 subnet_ids      = aws_subnet.example[*].id

 scaling_config {
   desired_size = 1
   max_size     = 2
   min_size     = 1
 }

 update_config {
   max_unavailable = 1
 }

 # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
 # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
 depends_on = [
   aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
   aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
   aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
 ]
}

Related[edit]

See also[edit]

Advertising: