fix support for EKS master roles passed in variables (#78)

dominodatalab · Apr 20, 2023 · 80f8bfc · 80f8bfc
1 parent 622dfe4
commit 80f8bfc
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/submodules/eks/README.md b/submodules/eks/README.md
@@ -59,6 +59,7 @@
 | [aws_iam_policy_document.kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.snapshot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_role.master_roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_ssm_parameter.eks_ami_release_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.eks_gpu_ami_release_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |

diff --git a/submodules/eks/main.tf b/submodules/eks/main.tf
@@ -1,6 +1,11 @@
 data "aws_partition" "current" {}
 data "aws_caller_identity" "aws_account" {}
 
+data "aws_iam_role" "master_roles" {
+  for_each = toset(var.eks.master_role_names)
+  name     = each.key
+}
+
 locals {
   kubeconfig_path   = try(abspath(pathexpand(var.eks.kubeconfig.path)), "${path.cwd}/kubeconfig")
   kubeconfig        = merge(var.eks.kubeconfig, { path = local.kubeconfig_path })
@@ -157,10 +162,21 @@ locals {
       arn               = aws_eks_cluster.this.arn
       security_group_id = aws_security_group.eks_cluster.id
       endpoint          = aws_eks_cluster.this.endpoint
-      roles = [{
-        arn  = aws_iam_role.eks_cluster.arn
-        name = aws_iam_role.eks_cluster.name
-      }]
+      roles = concat(
+        [
+          for role in data.aws_iam_role.master_roles :
+          {
+            arn  = role.arn,
+            name = role.id
+          }
+        ],
+        [
+          {
+            arn  = aws_iam_role.eks_cluster.arn
+            name = aws_iam_role.eks_cluster.name
+          }
+        ]
+      )
       custom_roles = var.eks.custom_role_maps
     }
     nodes = {