IAM for AWS external-dns
This terraform module provides an easy way to generate external-dns (public and private) required IAM permissions.
⚠️ Warning: this module uses "IAM Roles for ServiceAccount" to inject AWS credentials inside cluster autoscaler pods.
Requirements
Name | Version |
---|---|
terraform | >= 0.15.4 |
aws | >= 3.37.0 |
Providers
Name | Version |
---|---|
aws | >= 3.37.0 |
Modules
Name | Source | Version |
---|---|---|
external_dns_private_iam_assumable_role | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | v3.16.0 |
external_dns_public_iam_assumable_role | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | v3.16.0 |
Resources
Name | Type |
---|---|
aws_iam_policy.external_dns_private | resource |
aws_iam_policy.external_dns_public | resource |
aws_eks_cluster.this | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
cluster_name | EKS cluster name | string | n/a | yes |
private_zone_id | Route53 private zone ID | string | "" | no |
enable_private | Flag to enable the creation for the private IAM role | bool | false | no |
public_zone_id | Route53 public zone ID | string | n/a | yes |
tags | Additional tags for the created resources | map(string) | {} | no |
Outputs
Name | Description |
---|---|
external_dns_private_iam_role_arn | external-dns-private IAM role |
external_dns_private_patches | external-dns-private Kubernetes resources patches |
external_dns_public_iam_role_arn | external-dns-public IAM role |
external_dns_public_patches | external-dns-public Kubernetes resources patches |
Usage
module "external_dns_iam_role" {
source = "../vendor/modules/ingress/aws-external-dns"
cluster_name = "myekscluster"
public_zone_id = "Z1BM4RA99PG48O"
private_zone_id = "Z1BM4RA99PG499"
enable_private = true
tags = {"mykey": "myvalue"}
}