EKS Cluster with IAM Role for Service Accounts (IRSA)
This folder shows an example of how to use the EKS modules to deploy an EKS cluster with support for IAM Roles for
Service Accounts (IRSA). See the official docs for more information on
IRSA.
Note that by default this example does not setup kubectl to be able to access the cluster. You can use kubergrunt or
the AWS CLI to configure kubectl to authenticate to the deployed cluster. See How do I authenticate kubectl to the
EKS cluster? for more information.
How do you run this example?
To run this example, apply the Terraform templates:
Open variables.tf, set the environment variables specified at the top of the file, and fill in any other variables
that don't have a default.
Run terraform init.
Run terraform apply.
Assigning the IAM Role to a Pod
By default this example creates an IAM role with permissions to list EKS clusters that is configured to be assumed by
Service Accounts in the default Namespace. You can exchange the Service Account token for any Service Account in the
default Namespace for IAM credentials that correspond to the created IAM role. Refer to How do I associate IAM roles
to the Pods? section of the
eks-cluster-control-plane module README for more information on how to do that.
You can allow additional or different Namespaces by modifying the allowed_namespaces_for_iam_role input parameter. You
can also restrict to specific Service Accounts by using the allowed_service_accounts_for_iam_role input parameter.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"e634c582e53ab8c0571118cebf8033c4f558cee3"}]},{"name":".gitignore","path":".gitignore","sha":"7f6cf4bc746bbfd6da4c7a21dbcf1a2296aa0c10"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"b008949ef10a7bad93ab93e8821da77577a30c5c"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"db8a871849f2583384d581e2a4c35eb5d2c50625"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"a7cc7bd94443c252390564fa988755dbbe80d87d"},{"name":"GRUNTWORK_PHILOSOPHY.md","path":"GRUNTWORK_PHILOSOPHY.md","sha":"02d9873a74c99fe6d9b6b26bd9f8eb4a7a699c32"},{"name":"LICENSE.md","path":"LICENSE.md","sha":"a2cf01ecdd725fddd718ab91c80c115882c94f3c"},{"name":"README.adoc","path":"README.adoc","sha":"cbe4892028f4853adb1a57c7b23ded38a2266854"},{"name":"_docs","children":[{"name":"eks-architecture.png","path":"_docs/eks-architecture.png","sha":"b4c9c46f88ed465c5575e915af54ad9920b56941"},{"name":"eks-icon.png","path":"_docs/eks-icon.png","sha":"83a29dc46e7bc6234ba5bb825e8ae283c56229a0"}]},{"name":"core-concepts.md","path":"core-concepts.md","sha":"3c504a547fc55ecff5536141534a32ed8a4a4ae7"},{"name":"examples","children":[{"name":"README.md","path":"examples/README.md","sha":"a70f3adc0c888e07b0b03cb32fbd156547c354da"},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"examples/eks-cluster-managed-workers/README.md","sha":"21acaeb73c1d8a1819480bc7a8d1c35b8fa69081"},{"name":"dependencies.tf","path":"examples/eks-cluster-managed-workers/dependencies.tf","sha":"cf1b48a0d58571356ce788dda915332a48bb45c2"},{"name":"main.tf","path":"examples/eks-cluster-managed-workers/main.tf","sha":"e9da9c96de6c2fd4672f1821b208df7cacb83519"},{"name":"outputs.tf","path":"examples/eks-cluster-managed-workers/outputs.tf","sha":"431bebd71e3f9d5c299c1740ba16b2eef717cbf0"},{"name":"variables.tf","path":"examples/eks-cluster-managed-workers/variables.tf","sha":"a6ac89b858b4ade66cfd7034fa17732ed44547d3"}]},{"name":"eks-cluster-with-iam-role-mappings","children":[{"name":"README.md","path":"examples/eks-cluster-with-iam-role-mappings/README.md","sha":"6479e81678f2e08df477d467f2124f5dc53e9e53"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-iam-role-mappings/dependencies.tf","sha":"df21d64c3435ff2859c4099ce0b854e98483f624"},{"name":"main.tf","path":"examples/eks-cluster-with-iam-role-mappings/main.tf","sha":"5c84af2ccdf02579c56bda6ec4962554d6b93578"},{"name":"outputs.tf","path":"examples/eks-cluster-with-iam-role-mappings/outputs.tf","sha":"3876c30890ffef1726d533a869c23e66fa244e6c"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-cluster-with-iam-role-mappings/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-iam-role-mappings/variables.tf","sha":"f97a3c500bfcc88e1e6d3ca7acd208accab4dc54"}]},{"name":"eks-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/README.md","sha":"1af610f60977f2f05bb6917c8a3040449028ddd5"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/core-services/README.md","sha":"e0bac13c7fd97d206766cbe3db0e7f269f7f0126"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/core-services/dependencies.tf","sha":"8ef506ceacdd4b57bcdea3ad91c84c3c2544ba03"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/core-services/main.tf","sha":"35ecbae3c848a60de5e7e2d07a517bad76fdca3e"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/core-services/outputs.tf","sha":"35eb7dffb12786d50f580e64fa4a6ef496c160e8"},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/core-services/variables.tf","sha":"e43a616334814e86479287150cfc822187226708"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/eks-cluster/README.md","sha":"8a60a01004a93bbbf2091b730f0207f6dd2cc07e"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"fdc70a25511df461747927bc6874cff7bc787def"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/main.tf","sha":"ae6cbf87e7ea5f61b4fca1045c5b254a035303d3"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"534f5957ab5d9225aebf863e7849baec0da96dbb"},{"name":"user-data","children":[{"name":"app_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/app_worker_user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"},{"name":"core_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/core_worker_user_data.sh","sha":"0fa26153108b3d030ceeaae777aeb0a7e115404e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"0171cf340977e66e663b8acdf852f6853da1ff46"}]},{"name":"nginx-service","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/nginx-service/README.md","sha":"58b899364432605520b890c407d1bcd0fafc8b27"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"a2819acb9c726887612d04e224c9473cb7e293fd"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/main.tf","sha":"24d8cbbff07b1aa3e5a4ef7eae83851a0e895a3f"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"298435e01df9fa495b15d512073c62662d292cd3"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/variables.tf","sha":"36ea6f8a36b19e34dbeeb25ae7e5fcf30c956b0f"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/packer/README.md","sha":"6a974a7fd5da7ac13309d9e0c4aaba7bd8cb46c7"},{"name":"build.json","path":"examples/eks-cluster-with-supporting-services/packer/build.json","sha":"34760ce3ea4fe41078097d7a34092e2c6bf3ee43"}]}]},{"name":"eks-fargate-cluster-with-irsa","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-irsa/README.md","sha":"89f62860fc905c957a71500aa73547c0c6e4c72b","toggled":true},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-irsa/dependencies.tf","sha":"b422b2aa58d724243115464cebd86dfc9d22de19"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-irsa/main.tf","sha":"a3b87d3f502af9378c9b93be7b40efe5d9c0c9c1"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-irsa/outputs.tf","sha":"f059d7b74ffbfb06a0868d6d0a5d1831c8f45f10"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-irsa/variables.tf","sha":"0fe801b7b652580a8cd72d6332b3776e3a9b95ca"}],"toggled":true},{"name":"eks-fargate-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/README.md","sha":"e597364fdf056051daa5b24e43afb02b22d8ec5c"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/README.md","sha":"e0bac13c7fd97d206766cbe3db0e7f269f7f0126"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/dependencies.tf","sha":"c8a0975403bb81f5c9e8c2cddea1666df0adb8b0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/main.tf","sha":"6476d1e073caffbe5999320b9609d1dbba2aa7a0"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/outputs.tf","sha":"35eb7dffb12786d50f580e64fa4a6ef496c160e8"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/variables.tf","sha":"da657291959044d32535597ed3d384ddaa6f83bd"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"c1fa9e2c0d794ed6a8bf8afe6773d9645ea161d8"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/main.tf","sha":"c3664e03f462418d1b11b7ba5cfdb3b98e7d8c57"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"db0e767fd7ed3a0bcad5628a0c13b6208a442f13"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"b57caa8a22404f04a3042d4de398b4bc701b4287"}]},{"name":"nginx-service","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"3165e5c71fb1642d39a60f544be708d547825e7f"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/main.tf","sha":"d66648b4557bfb3ed32b094248fc137f41e98975"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"655914f91177135cb7c5f15b62166cfc82a62a91"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/variables.tf","sha":"d3c166441cdc556b0839930fbc281b7e8a1bd57f"}]}]},{"name":"eks-fargate-cluster","children":[{"name":"README.md","path":"examples/eks-fargate-cluster/README.md","sha":"df681cdbe945d0592ca57bd3a8eb9ae5d88c2f4a"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster/dependencies.tf","sha":"b422b2aa58d724243115464cebd86dfc9d22de19"},{"name":"main.tf","path":"examples/eks-fargate-cluster/main.tf","sha":"5ec913fc253d103360bb32e29f825b99b7be5417"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster/outputs.tf","sha":"5115288e4192921035aba980990103fe4c4b7150"},{"name":"terraform.tfvars.back","path":"examples/eks-fargate-cluster/terraform.tfvars.back","sha":"6cb73f75cc7828c6b3efdc2a9b1787f75ed276d1"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-fargate-cluster/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster/variables.tf","sha":"0844b3c9dfbb16eb4d9eccbbe33d4bb41336800c"}]}],"toggled":true},{"name":"modules","children":[{"name":"eks-alb-ingress-controller-iam-policy","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller-iam-policy/README.md","sha":"d85eecf670ea161dcfe4b69c09926f31eef55c73"},{"name":"iampolicy.json","path":"modules/eks-alb-ingress-controller-iam-policy/iampolicy.json","sha":"5cba0c1500ee2520d72e8d47b86e318958e4dbc7"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller-iam-policy/main.tf","sha":"a79f5a2e6a0ba72562c5a87182db516d8824ed21"},{"name":"outputs.tf","path":"modules/eks-alb-ingress-controller-iam-policy/outputs.tf","sha":"b551b0bcc6eb1b43bfff1606696566658564cfb4"},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller-iam-policy/variables.tf","sha":"250152e6bfeb02a16bed4151ffc7156636db1bd9"}]},{"name":"eks-alb-ingress-controller","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller/README.md","sha":"f85f8d19d71b230c56f71d085d300c3135284a1e"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller/main.tf","sha":"a9afcdabc54036bc7626ce8604523d802de21a3b"},{"name":"templates","children":[{"name":"node_affinity.yaml","path":"modules/eks-alb-ingress-controller/templates/node_affinity.yaml","sha":"c6eaf8e94fa7c893857cc009df954443239a8fe0"},{"name":"values.yaml","path":"modules/eks-alb-ingress-controller/templates/values.yaml","sha":"e2a11271abc9ec1937a082db6bef91a5e0d69a6c"}]},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller/variables.tf","sha":"35941c1c6bdac42f50c810e61edee43829247d52"}]},{"name":"eks-cloudwatch-container-logs","children":[{"name":"README.md","path":"modules/eks-cloudwatch-container-logs/README.md","sha":"047fb9b3b97437261911c3fa4acec0cb419b1f1b"},{"name":"main.tf","path":"modules/eks-cloudwatch-container-logs/main.tf","sha":"f26b582dc8dad236cdf723d68fcd475285a29b8d"},{"name":"outputs.tf","path":"modules/eks-cloudwatch-container-logs/outputs.tf","sha":"7061ed458fec528c8b8b587291f0eccb4324fb72"},{"name":"templates","children":[{"name":"node_affinity.yaml","path":"modules/eks-cloudwatch-container-logs/templates/node_affinity.yaml","sha":"cf47b63d7c2b9699e0ab1e36e9a8dadad3a7f4c0"},{"name":"values.yaml","path":"modules/eks-cloudwatch-container-logs/templates/values.yaml","sha":"56bb63870ca40f0b60a3e1eb68dee108b59dae16"}]},{"name":"variables.tf","path":"modules/eks-cloudwatch-container-logs/variables.tf","sha":"e1b89a574ff63017bd992278048e690e1db6faf9"}]},{"name":"eks-cluster-control-plane","children":[{"name":"README.md","path":"modules/eks-cluster-control-plane/README.md","sha":"c583d597bbd30336813b87b01219bed382c39393"},{"name":"control_plane_scripts","children":[{"name":"bin","children":[{"name":"control_plane_scripts_py27_env.pex","path":"modules/eks-cluster-control-plane/control_plane_scripts/bin/control_plane_scripts_py27_env.pex","sha":"3b75ea0e3f39c5a2be32f1d17c370826fe062fcf"},{"name":"control_plane_scripts_py3_env.pex","path":"modules/eks-cluster-control-plane/control_plane_scripts/bin/control_plane_scripts_py3_env.pex","sha":"f5602767c99f0addee9cdf1ea1f1bfb7a26bfbc9"}]},{"name":"build.sh","path":"modules/eks-cluster-control-plane/control_plane_scripts/build.sh","sha":"33b5e9231babdb0c2c0997b04a964c27b98a4e13"},{"name":"cleanup_cluster_resources","children":[{"name":"__init__.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/cleanup_cluster_resources/__init__.py","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"global_vars.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/cleanup_cluster_resources/global_vars.py","sha":"47920d25645a8c168f196beb76eb37da60055dd3"},{"name":"main.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/cleanup_cluster_resources/main.py","sha":"21dfb38d1bf8f4d15a03da5e09ae3ba575eb4501"},{"name":"vpc.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/cleanup_cluster_resources/vpc.py","sha":"76d1c2084906d1ce04c2e2e527859f47eddc6530"}]},{"name":"control_plane_scripts_utils","children":[{"name":"__init__.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/control_plane_scripts_utils/__init__.py","sha":"37d050d1afd8ebb0c9d6916cff61fa674e6ac8a3"},{"name":"project_logging.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/control_plane_scripts_utils/project_logging.py","sha":"c29bfb0dfe0a3d4e04aeaabff0b2e58387ccf12b"}]},{"name":"dev_requirements.txt","path":"modules/eks-cluster-control-plane/control_plane_scripts/dev_requirements.txt","sha":"430b91474dc8220624012e70d8c2e43582f17161"},{"name":"requirements.txt","path":"modules/eks-cluster-control-plane/control_plane_scripts/requirements.txt","sha":"0ae8cdb74f4c793658c5dfdd13ce1ec723f7b2a1"},{"name":"upgrade_cluster","children":[{"name":"__init__.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/__init__.py","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"eks.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/eks.py","sha":"d0aca412ffa983300df0d8926bee8829e148f85e"},{"name":"exceptions.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/exceptions.py","sha":"c35893a0f70e2c0d86dd64b7bce8d092e84355b3"},{"name":"global_vars.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/global_vars.py","sha":"e223eefafed2576c8988a708395d92f6908b3f49"},{"name":"k8s.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/k8s.py","sha":"83b3a0d7419d4a21872d9416f7b76d589650895d"},{"name":"k8s_version_map.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/k8s_version_map.py","sha":"ed3b86c032b7829ba2983c1363efe936d85e4328"},{"name":"main.py","path":"modules/eks-cluster-control-plane/control_plane_scripts/upgrade_cluster/main.py","sha":"af8d29a692f2530b74b9581464aca7bd06c255cd"}]}]},{"name":"dependencies.tf","path":"modules/eks-cluster-control-plane/dependencies.tf","sha":"ff5c5efe0c1f84b9b17b995462f08d609ec454e6"},{"name":"main.tf","path":"modules/eks-cluster-control-plane/main.tf","sha":"53c6838fcd2f8087ab7a46ce5f8bf0e65c8836bf"},{"name":"outputs.tf","path":"modules/eks-cluster-control-plane/outputs.tf","sha":"a68f4000d7524e2f2db24d3c12d2a3bac273a42a"},{"name":"templates","children":[{"name":"kubectl_config.tpl","path":"modules/eks-cluster-control-plane/templates/kubectl_config.tpl","sha":"083a5e914505363541190db3ee412d8d9e15b4ec"}]},{"name":"variables.tf","path":"modules/eks-cluster-control-plane/variables.tf","sha":"6d6b70a6c7d19cc9438f215114c28a44e5127b18"}]},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"modules/eks-cluster-managed-workers/README.md","sha":"7c02b6cb8463d50ab1f7f0d64ede5617be7b8b71"},{"name":"main.tf","path":"modules/eks-cluster-managed-workers/main.tf","sha":"13454d6ece32b306cc703c23fa7dad39d99107b3"},{"name":"outputs.tf","path":"modules/eks-cluster-managed-workers/outputs.tf","sha":"ff528cd4101033d79defb8e8a6a9616a8b427849"},{"name":"variables.tf","path":"modules/eks-cluster-managed-workers/variables.tf","sha":"d8f332eaa8b195a7a7923f79d8ec05ccb2bc6539"}]},{"name":"eks-cluster-workers-cross-access","children":[{"name":"README.md","path":"modules/eks-cluster-workers-cross-access/README.md","sha":"6c4e50bda62acc6c06d836488ef54f7119f27aee"},{"name":"main.tf","path":"modules/eks-cluster-workers-cross-access/main.tf","sha":"30885a053867992d0c3ee3804ba6833ae463c116"},{"name":"outputs.tf","path":"modules/eks-cluster-workers-cross-access/outputs.tf","sha":"c6c7f7a89007c55be5470ffd639c05c3fb052ad7"},{"name":"variables.tf","path":"modules/eks-cluster-workers-cross-access/variables.tf","sha":"d64aab893b6e909416189e985f072dd8809dfa2f"}]},{"name":"eks-cluster-workers","children":[{"name":"README.md","path":"modules/eks-cluster-workers/README.md","sha":"87a618c5b138a0da843139fc7fb785e1883d2262"},{"name":"main.tf","path":"modules/eks-cluster-workers/main.tf","sha":"8c4bc978bf1cd62b7c6255218a6d5bdcb38955a9"},{"name":"outputs.tf","path":"modules/eks-cluster-workers/outputs.tf","sha":"a9c37412a97c287000f2000c9c092b87e2487c11"},{"name":"variables.tf","path":"modules/eks-cluster-workers/variables.tf","sha":"d4b78bd1444cc595bce91006e7f02d6921a7ed96"}]},{"name":"eks-iam-role-assume-role-policy-for-service-account","children":[{"name":"README.md","path":"modules/eks-iam-role-assume-role-policy-for-service-account/README.md","sha":"1994a871d9e1e17c67b34453b835dfa99a3c02c6"},{"name":"main.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/main.tf","sha":"be2fefe5e1a29a2582d1dcdc0b700b74f198cfc9"},{"name":"outputs.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/outputs.tf","sha":"c2910cec89910bb06a157311ac8c4bf72835dfe5"},{"name":"variables.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/variables.tf","sha":"dc660ddf84158851145289f6036a0fc19fbf7ce4"}]},{"name":"eks-k8s-cluster-autoscaler-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/README.md","sha":"cfd86f6261a849f9204b0b7c80e96f9b03efd79d"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/main.tf","sha":"c743f0e3523119155e2f2a6434e6f634d659aaee"},{"name":"outputs.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/outputs.tf","sha":"a053ab9f76af3a83301a0a67eeedac9683ee5bc4"},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/variables.tf","sha":"be3db9023160b3754187f2f21ce77772b43ced53"}]},{"name":"eks-k8s-cluster-autoscaler","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler/README.md","sha":"6f2a76b27d33ffbd760ae7c8a40ab9e56853479d"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler/main.tf","sha":"f877c9a88c0c82656675f40556dcb8c2774e265f"},{"name":"templates","children":[{"name":"node_affinity.yaml","path":"modules/eks-k8s-cluster-autoscaler/templates/node_affinity.yaml","sha":"c6eaf8e94fa7c893857cc009df954443239a8fe0"},{"name":"values.yaml","path":"modules/eks-k8s-cluster-autoscaler/templates/values.yaml","sha":"51e4cf44a9d8f054c1eced5d7b422255c5c9a481"}]},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler/variables.tf","sha":"5b21aece34f5fd6f68ce9a88535de6b0b790b07d"}]},{"name":"eks-k8s-external-dns-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns-iam-policy/README.md","sha":"aa9431f2e6f81e507d73482adb339d543b9d1051"},{"name":"main.tf","path":"modules/eks-k8s-external-dns-iam-policy/main.tf","sha":"b346bd0324c30907dd62ac89f93fe9cc7799fd4d"},{"name":"outputs.tf","path":"modules/eks-k8s-external-dns-iam-policy/outputs.tf","sha":"21604a63b741b94ea9ebffd20b18772131020fcf"},{"name":"variables.tf","path":"modules/eks-k8s-external-dns-iam-policy/variables.tf","sha":"250152e6bfeb02a16bed4151ffc7156636db1bd9"}]},{"name":"eks-k8s-external-dns","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns/README.md","sha":"851e8d68beb5998b33d20f1e8cb56ee2f93c6bc2"},{"name":"main.tf","path":"modules/eks-k8s-external-dns/main.tf","sha":"39070bbbd47829cf3c82af84dd3c3092cee76c6c"},{"name":"templates","children":[{"name":"node_affinity.yaml","path":"modules/eks-k8s-external-dns/templates/node_affinity.yaml","sha":"c6eaf8e94fa7c893857cc009df954443239a8fe0"},{"name":"values.yaml","path":"modules/eks-k8s-external-dns/templates/values.yaml","sha":"233c10fd4723c4e515fed2870c778c4d8bf2e29f"}]},{"name":"variables.tf","path":"modules/eks-k8s-external-dns/variables.tf","sha":"8f6ef907c965091277e215b5d003d3a365f952ed"}]},{"name":"eks-k8s-role-mapping","children":[{"name":"README.md","path":"modules/eks-k8s-role-mapping/README.md","sha":"b90014a5cb1917eef8cb1cd0c234d1b7240185d1"},{"name":"aws_auth_configmap_generator","children":[{"name":"aws_auth_configmap_generator","children":[{"name":"__init__.py","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/aws_auth_configmap_generator/__init__.py","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"generator.py","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/aws_auth_configmap_generator/generator.py","sha":"4057d70cebc26cb56e95d861618eda4629e41b19"},{"name":"global_vars.py","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/aws_auth_configmap_generator/global_vars.py","sha":"31c2b91932d79d37e284bdf708e506faf0a59649"},{"name":"main.py","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/aws_auth_configmap_generator/main.py","sha":"e69d8517efe23c680e9e67dc48dbd0478723b88f"},{"name":"utils.py","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/aws_auth_configmap_generator/utils.py","sha":"0874f15d63301e4f32cb0517817a515fb18f113e"}]},{"name":"bin","children":[{"name":"aws_auth_configmap_generator_py27_env.pex","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/bin/aws_auth_configmap_generator_py27_env.pex","sha":"d00c0aff5ef5ea8b7ad9a0ce9318e7e5e7a6da9f"},{"name":"aws_auth_configmap_generator_py3_env.pex","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/bin/aws_auth_configmap_generator_py3_env.pex","sha":"c4500959687a373596395a4c275bab61029ea2a9"}]},{"name":"build_scripts","children":[{"name":"build.sh","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/build_scripts/build.sh","sha":"34f496ada6fdc2d33028c6b8df7d3ba172a3dbdd"}]},{"name":"dev_requirements.txt","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/dev_requirements.txt","sha":"40f29298c05348c2f1227a53da3f88c89632feb3"},{"name":"requirements.txt","path":"modules/eks-k8s-role-mapping/aws_auth_configmap_generator/requirements.txt","sha":"97397a79f826def4e1023a6bc9b4cb346bdcafbe"}]},{"name":"main.tf","path":"modules/eks-k8s-role-mapping/main.tf","sha":"27557e43793f1ad7d021b8da3413c006075a0660"},{"name":"outputs.tf","path":"modules/eks-k8s-role-mapping/outputs.tf","sha":"95d4d4ec652bb541b91a2844e00f68064b423e60"},{"name":"variables.tf","path":"modules/eks-k8s-role-mapping/variables.tf","sha":"19ce18b4f61497d7366db872a40ce973f9db8549"}]},{"name":"eks-scripts","children":[{"name":"README.md","path":"modules/eks-scripts/README.md","sha":"96baaf535647b9f4c364d6a19057bcccb42df2be"},{"name":"bin","children":[{"name":"map-ec2-tags-to-node-labels","path":"modules/eks-scripts/bin/map-ec2-tags-to-node-labels","sha":"8087c82d4d47f25439f118c2a51e59d22689ada7"},{"name":"map_ec2_tags_to_node_labels.py","path":"modules/eks-scripts/bin/map_ec2_tags_to_node_labels.py","sha":"f75ad19587e95b2bd8924125ea2a1a697154909f"}]},{"name":"dev_requirements.txt","path":"modules/eks-scripts/dev_requirements.txt","sha":"f56f9d1629a85734fe16ed70f00f36b830cd97c9"},{"name":"install.sh","path":"modules/eks-scripts/install.sh","sha":"7f192fca97b098482a8a398019d4d53f45dba478"}]},{"name":"eks-vpc-tags","children":[{"name":"README.md","path":"modules/eks-vpc-tags/README.md","sha":"b53e923baaa79718b55a272158ff9b710871a6ce"},{"name":"outputs.tf","path":"modules/eks-vpc-tags/outputs.tf","sha":"0ef2787cfd02ea8668c687302b1929618079a0b2"},{"name":"variables.tf","path":"modules/eks-vpc-tags/variables.tf","sha":"a6e332e9da4e473e1e42b1ca6c7b0ba139a77cfb"},{"name":"versions.tf","path":"modules/eks-vpc-tags/versions.tf","sha":"e5d003c3e7a7296ca0f610fc77f94f2139fc59d2"}]}]},{"name":"rfc","children":[{"name":"locking-down-kiam.adoc","path":"rfc/locking-down-kiam.adoc","sha":"3e92efcc57dda26c406ed66c5f95fe76049b3d2c"},{"name":"shipping-logs-to-cloudwatch.md","path":"rfc/shipping-logs-to-cloudwatch.md","sha":"6199b55bfe1faea80833bbf0c411adc90b88b84b"}]},{"name":"setup.cfg","path":"setup.cfg","sha":"981bc2bfd0b35029438d56c6d862a7f1519b8fe6"},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"7dd58506d83164b594e3d650cae5c540987858e9"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"a0159c5ca6bab4a7e77117edb9ab4b752517d4eb"},{"name":"README.md","path":"test/README.md","sha":"9bf8180d731bdc892279fcdbcbb03d245f31f83a"},{"name":"eks_cluster_integration_test.go","path":"test/eks_cluster_integration_test.go","sha":"e898491b14abb78d8c7c0bf6191547d3c7fa3fa1"},{"name":"eks_cluster_managed_workers_test.go","path":"test/eks_cluster_managed_workers_test.go","sha":"5c52034ff6ddf39d59169f1bc248d91867f0cdb7"},{"name":"eks_cluster_test_helpers.go","path":"test/eks_cluster_test_helpers.go","sha":"0ac527d18778dd162198297adb57e93927e5eb57"},{"name":"eks_cluster_upgrade_test.go","path":"test/eks_cluster_upgrade_test.go","sha":"73bb2f8bfe1a3cb2547e026840dc9bc6a88a7cc8"},{"name":"eks_cluster_with_iam_role_test.go","path":"test/eks_cluster_with_iam_role_test.go","sha":"ca0b2f65ebffee9c417c59c49884b4034c6ca895"},{"name":"eks_cluster_with_supporting_services_test.go","path":"test/eks_cluster_with_supporting_services_test.go","sha":"e90389ff9fd393a53e813000f3b22552913d0304"},{"name":"eks_fargate_cluster_disable_public_endpoint_test.go","path":"test/eks_fargate_cluster_disable_public_endpoint_test.go","sha":"25ba0984ef5979ca146d16b63654559939d822db"},{"name":"eks_fargate_cluster_irsa_test.go","path":"test/eks_fargate_cluster_irsa_test.go","sha":"ee867e5ad391a426146af448986959542b829490"},{"name":"eks_fargate_cluster_test.go","path":"test/eks_fargate_cluster_test.go","sha":"49809cf53d4defb19e4672520d42c55d4d32d3f4"},{"name":"eks_fargate_cluster_with_supporting_services_test.go","path":"test/eks_fargate_cluster_with_supporting_services_test.go","sha":"196cb7393ea7159f75e189c3e2d235f0665043ad"},{"name":"errors.go","path":"test/errors.go","sha":"be062fe0205ff82db8183d0fde639aa1883013ad"},{"name":"kubefixtures","children":[{"name":"autoscaler-test-pods-deployment.yml","path":"test/kubefixtures/autoscaler-test-pods-deployment.yml","sha":"b2d94c4bfa729b639290ee21629c19ca6ea694ee"},{"name":"eks-irsa-test.yml","path":"test/kubefixtures/eks-irsa-test.yml","sha":"db5439cf6d38873dbae71daa4197d6947990a94a"},{"name":"eks-k8s-role-mapping-test-role.yml","path":"test/kubefixtures/eks-k8s-role-mapping-test-role.yml","sha":"ede7587308d2a4ecf55042b05800099c43f3af7d"},{"name":"kube-system-sa-admin-binding.yml","path":"test/kubefixtures/kube-system-sa-admin-binding.yml","sha":"282d406512102cbe54e952575f26e7e0fbb2aa9a"},{"name":"nginx-deployment.yml","path":"test/kubefixtures/nginx-deployment.yml","sha":"a58866e59c113635af24982cfb0b530f0c416af0"},{"name":"robust-nginx-deployment.yml","path":"test/kubefixtures/robust-nginx-deployment.yml","sha":"a71c2bb24c75b2ebcf54563df799281938a49ca5"}]},{"name":"script_tests","children":[{"name":"executor.sh","path":"test/script_tests/executor.sh","sha":"f2a571ab875195d450a942d684ce41f86f824e70"},{"name":"requirements.txt","path":"test/script_tests/requirements.txt","sha":"e78b3b8c7b4bdecf8d1f235c1f55dcf227ee19c6"},{"name":"test_aws_auth_configmap_generator.py","path":"test/script_tests/test_aws_auth_configmap_generator.py","sha":"8da981d07d31745a1db59e9693995e60cea14abc"},{"name":"test_map_ec2_tags_to_node_labels.py","path":"test/script_tests/test_map_ec2_tags_to_node_labels.py","sha":"1bb3a5eae3727c0e6caf29c2cf4b7d596bb9a161"},{"name":"tox.ini","path":"test/script_tests/tox.ini","sha":"088400028aa4cf08b188b449875cf243222f2250"}]},{"name":"terratest_options.go","path":"test/terratest_options.go","sha":"d7ed6a80b1de9893846a4c751e73188cc2850248"},{"name":"test_debug_helpers.go","path":"test/test_debug_helpers.go","sha":"c71a7a9d5b68f0f59d2518496d9f5893206b5e22"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"c0aa8112f2958c98fce5e1bf6193e04824b19aa7"}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"eks-cluster-with-iam-role-for-service-accounts-irsa\">EKS Cluster with IAM Role for Service Accounts (IRSA)</h1><div class=\"preview__body--border\"></div><p>This folder shows an example of how to use the EKS modules to deploy an EKS cluster with support for IAM Roles for\nService Accounts (IRSA). See <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html\" class=\"preview__body--description--blue\" target=\"_blank\">the official docs for more information on\nIRSA</a>.</p>\n<p>Note that by default this example does not setup <code>kubectl</code> to be able to access the cluster. You can use <code>kubergrunt</code> or\nthe AWS CLI to configure <code>kubectl</code> to authenticate to the deployed cluster. See <a href=\"/repos/v0.13.0/terraform-aws-eks/core-concepts.md#how-do-i-authenticate-kubectl-to-the-eks-cluster\" class=\"preview__body--description--blue\">How do I authenticate kubectl to the\nEKS cluster?</a> for more information.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-run-this-example\">How do you run this example?</h2>\n<p>To run this example, apply the Terraform templates:</p>\n<ol>\n<li>Install <a href=\"/repos/kubergrunt\" class=\"preview__body--description--blue\">kubergrunt</a>, minimum version: <code>0.5.3</code>.</li>\n<li>Install <a href=\"https://www.terraform.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a>, minimum version: <code>0.12.6</code>.</li>\n<li>Open <code>variables.tf</code>, set the environment variables specified at the top of the file, and fill in any other variables\nthat don't have a default.</li>\n<li>Run <code>terraform init</code>.</li>\n<li>Run <code>terraform apply</code>.</li>\n</ol>\n<h2 class=\"preview__body--subtitle\" id=\"assigning-the-iam-role-to-a-pod\">Assigning the IAM Role to a Pod</h2>\n<p>By default this example creates an IAM role with permissions to list EKS clusters that is configured to be assumed by\nService Accounts in the <code>default</code> Namespace. You can exchange the Service Account token for any Service Account in the\n<code>default</code> Namespace for IAM credentials that correspond to the created IAM role. Refer to <a href=\"/repos/v0.13.0/terraform-aws-eks/examples/eks-cluster-control-plane/README.md#how-do-i-associate-iam-roles-to-the-pods\" class=\"preview__body--description--blue\">How do I associate IAM roles\nto the Pods?</a> section of the\n<code>eks-cluster-control-plane</code> module README for more information on how to do that.</p>\n<p>You can allow additional or different Namespaces by modifying the <code>allowed_namespaces_for_iam_role</code> input parameter. You\ncan also restrict to specific Service Accounts by using the <code>allowed_service_accounts_for_iam_role</code> input parameter.</p>\n","repoName":"terraform-aws-eks","repoRef":"v0.13.0","serviceDescriptor":{"serviceName":"EC2 Kubernetes Service (EKS) Cluster","serviceRepoName":"terraform-aws-eks","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Deploy a Kubernetes cluster on top of Amazon EC2 Kubernetes Service (EKS).","imageUrl":"eks.png","licenseType":"subscriber","technologies":["Terraform","Python","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Docker orchestration","fileName":"README.md","filePath":"/examples/eks-fargate-cluster-with-irsa","title":"Repo Browser: EC2 Kubernetes Service (EKS) Cluster","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}
.circleci
dependencies.tf
