Closed Jeinhaus closed 10 months ago
Ah, perfect. Sorry, I didn't see the PR.
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform?
aws_eks_pod_identity_association
.Describe the solution you'd like.
The existing
iam-role-for-service-accounts-eks
submodule is great and simplifies permission handling for a lot of common services running in EKS clusters. We would like to continue using these same policies, but using EKS Pod Identities instead of IRSA roles (see "Additional context" why).It would be nice to have an option in the existing module to use Pod Identities instead of IRSA roles.
Describe alternatives you've considered.
Create another submodule that uses the same policies from
iam-role-for-service-accounts-eks
but uses EKS Pod Identities instead. This might even be the preferred solution due to the name of the existing submodule.Additional context
Currently, adding the annotation of the IRSA role to service accounts is always a bit awkward, because we manage all AWS related things in Terraform while using yaml-based GitOps for anything running inside EKS. This always creates a gap between these two stacks.