Closed Diaa-Hassan closed 4 months ago
This information can be useful for other parts of the codebase that need to reference this policy
Such as? This sounds like you are leaking details across boundaries which will lead to conflicts or surprises
@bryantbiggs how would this lead to conflicts and surprises ??!!!
resource "aws_iam_role_policy_attachment" "example" {
for_each = module.cluster.eks_managed_node_groups
policy_arn = module.eks_external_dns_iam.external_dns_policy_arn
role = each.value.iam_role_name
}
how can the policy be attached to any role if the policy name and arn not known ???
the policy generated has by default the prefix AmazonEKS_External_DNS_Policy-
and followed by a random number that can't be retrieved unless there is an output of this generated policy arn
well:
In short, you use the IAM role that is generated from this module, not its policy
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
This pull request adds a new output for the
external_dns_policy_arn
. This output provides the ARN of the IAM policy for external-dns. This information can be useful for other parts of the codebase that need to reference this policy.Motivation and Context
This can help in indexing and using this arn by other modules
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request