Use the basics of providers limits the ability to setup multi-account environments.
In my case, we split the environment into management, production and development as completely independent accounts, drastically simplifying the overload required to provide access to different sectors of the company, such as contractors.
To address this issue, you can expand the provider configuration to something like this:
provider "aws" {
alias = "kubernetes"
region = "${var.region}"
assume_role {
session_name = "Terraform"
role_arn = "arn:aws:iam::${var.account}:role/Admin"
}
}
And then for every AWS resource, data, etc, you need to define the provider, like this:
resource "aws_iam_policy" "master_policy" {
provider = "aws.kubernetes"
name = "${var.cluster_name}-master"
path = "/"
description = "Policy for role ${var.cluster_name}-master"
policy = "${data.template_file.master_policy_json.rendered}"
}
Use the basics of providers limits the ability to setup multi-account environments. In my case, we split the environment into management, production and development as completely independent accounts, drastically simplifying the overload required to provide access to different sectors of the company, such as contractors.
To address this issue, you can expand the provider configuration to something like this:
And then for every AWS resource, data, etc, you need to define the provider, like this: