new(tf): add EKS permissions for GitHub Actions

Signed-off-by: Luca Guerra <[email protected]>
falcosecurity · Feb 20, 2024 · 29f9b22 · 29f9b22
1 parent 5a7e666
commit 29f9b22
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/config/clusters/eks.tf b/config/clusters/eks.tf
@@ -7,6 +7,7 @@ module "eks" {
   subnets                   = module.vpc.private_subnets
   write_kubeconfig          = true
   map_users                 = var.eks_users
+  map_roles                 = var.eks_roles
   enable_irsa               = true
   cluster_enabled_log_types = ["audit"]
 

diff --git a/config/clusters/eks_variables.tf b/config/clusters/eks_variables.tf
@@ -150,3 +150,19 @@ variable "eks_users" {
     }
   ]
 }
+variable "eks_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type = list(object({
+    rolearn = string
+    username = string
+    groups = list(string)
+  }))
+
+  default = [
+    {
+      rolearn  = "arn:aws:iam::292999226676:role/github_actions-test-infra-cluster"
+      username = "githubactions-test-infra-cluster"
+      groups   = ["system:masters"]
+    },
+  ]
+}