Closed Diaa-Hassan closed 4 months ago
bryantbiggs
commented
4 months ago This information can be useful for other parts of the codebase that need to reference this policy
Such as? This sounds like you are leaking details across boundaries which will lead to conflicts or surprises
Diaa-Hassan
commented
4 months ago @bryantbiggs how would this lead to conflicts and surprises ??!!!
resource "aws_iam_role_policy_attachment" "example" {
for_each = module.cluster.eks_managed_node_groups
policy_arn = module.eks_external_dns_iam.external_dns_policy_arn
role = each.value.iam_role_name
}how can the policy be attached to any role if the policy name and arn not known ???
the policy generated has by default the prefix AmazonEKS_External_DNS_Policy- and followed by a random number that can't be retrieved unless there is an output of this generated policy arn
bryantbiggs
commented
4 months ago well:
In short, you use the IAM role that is generated from this module, not its policy
github-actions[bot]
commented
3 months ago I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
This pull request adds a new output for the
external_dns_policy_arn. This output provides the ARN of the IAM policy for external-dns. This information can be useful for other parts of the codebase that need to reference this policy.Motivation and Context
This can help in indexing and using this arn by other modules
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request