Difference between revisions of "Terraform resource: aws iam role policy attachment"
Jump to navigation
Jump to search
| (7 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
| + | [[aws_iam_policy]] + [[aws_iam_role]] -> [[aws_iam_role_policy_attachment]] | ||
| + | == Examples == | ||
Module: | Module: | ||
| Line 11: | Line 13: | ||
+ role = (known after apply) | + role = (known after apply) | ||
} | } | ||
| + | |||
| + | |||
| + | resource "aws_iam_role_policy_attachment" "your_node_policy" { | ||
| + | role = aws_iam_role.your_node_role.name | ||
| + | policy_arn = "[[arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]]" | ||
| + | } | ||
| + | |||
| + | {{aws eks node group official example}} | ||
== Related == | == Related == | ||
* Terraform resource: <code>[[aws_iam_role]]</code> | * Terraform resource: <code>[[aws_iam_role]]</code> | ||
| − | * [[aws_eks_node_group]] | + | * <code>[[aws_eks_node_group]]</code> |
| + | * <code>[[aws_iam_instance_profile]]</code> | ||
| + | * Terraform resource: <code>[[aws_iam_role_policy]]</code> | ||
== See also == | == See also == | ||
| + | * {{aws_iam_role_policy_attachment}} | ||
* {{terraform aws iam resources}} | * {{terraform aws iam resources}} | ||
[[Category:Terraform]] | [[Category:Terraform]] | ||
Latest revision as of 02:27, 17 June 2024
aws_iam_policy + aws_iam_role -> aws_iam_role_policy_attachment
Examples[edit]
Module:
# module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] will be created + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" + role = (known after apply) }
resource "aws_iam_role_policy_attachment" "your_node_policy" {
role = aws_iam_role.your_node_role.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_eks_node_group" "example" { cluster_name = aws_eks_cluster.example.name node_group_name = "example" node_role_arn = aws_iam_role.example.arn subnet_ids = aws_subnet.example[*].id scaling_config { desired_size = 1 max_size = 2 min_size = 1 } update_config { max_unavailable = 1 } # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling. # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces. depends_on = [ aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy, aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy, aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly, ] }
Related[edit]
- Terraform resource:
aws_iam_role aws_eks_node_groupaws_iam_instance_profile- Terraform resource:
aws_iam_role_policy
See also[edit]
aws_iam_role_policy_attachment- Terraform IAM resources:
aws_iam_user, aws_iam_group, aws_iam_role, aws_iam_role_policy_attachment,aws_iam_policy,aws_iam_role_policy, aws_iam_user_policy, aws_iam_user_policy_attachment,aws_iam_access_key, aws_iam_group_policy, aws_iam_group_policy_attachment, aws_iam_openid_connect_provider
Advertising:
