search

hashicorp / terraform-aws-consul

A Terraform Module for how to run Consul on AWS using Terraform and Packer
Apache License 2.0
401 stars 484 forks source link

IAM roles for nomad-cluster. #89

Open jarrettj opened 5 years ago

jarrettj commented 5 years ago

Hi,

Good day.

When using consul-cluster as below:

module "consul_nomad_server_cluster" {
source = "github.com/hashicorp/terraform-aws-consul//modules/consul-cluster?ref=v0.4.0"
...
}

an IAM role is automatically created to allow the instances to communicate with each other.

Is there any reason why this is not the case when using the nomad-cluster as below?:

module "nomad_client_cluster" {
  source = "github.com/hashicorp/terraform-aws-nomad//modules/nomad-cluster?ref=v0.4.5"
...
}

Thanks.

Regards. JJ

brikis98 commented 5 years ago

nomad-cluster does create an IAM role: https://github.com/hashicorp/terraform-aws-nomad/blob/master/modules/nomad-cluster/main.tf#L153-L163

It doesn't add IAM permissions to that role by default, but you can do so like this: https://github.com/hashicorp/terraform-aws-nomad/blob/master/main.tf#L173-L177