IAM for AWS external-dns
This terraform module provides an easy way to generate external-dns (public and private) required IAM permissions.
⚠️ Warning: this module uses "IAM Roles for ServiceAccount" to inject AWS credentials inside cluster autoscaler pods.
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.15.4 |
| aws | >= 3.37.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 3.37.0 |
Modules
| Name | Source | Version |
|---|---|---|
| external_dns_private_iam_assumable_role | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | v3.16.0 |
| external_dns_public_iam_assumable_role | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | v3.16.0 |
Resources
| Name | Type |
|---|---|
| aws_iam_policy.external_dns_private | resource |
| aws_iam_policy.external_dns_public | resource |
| aws_eks_cluster.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_name | EKS cluster name | string | n/a | yes |
| private_zone_id | Route53 private zone ID | string | "" | no |
| enable_private | Flag to enable the creation for the private IAM role | bool | false | no |
| public_zone_id | Route53 public zone ID | string | n/a | yes |
| tags | Additional tags for the created resources | map(string) | {} | no |
Outputs
| Name | Description |
|---|---|
| external_dns_private_iam_role_arn | external-dns-private IAM role |
| external_dns_private_patches | external-dns-private Kubernetes resources patches |
| external_dns_public_iam_role_arn | external-dns-public IAM role |
| external_dns_public_patches | external-dns-public Kubernetes resources patches |
Usage
module "external_dns_iam_role" {
source = "../vendor/modules/ingress/aws-external-dns"
cluster_name = "myekscluster"
public_zone_id = "Z1BM4RA99PG48O"
private_zone_id = "Z1BM4RA99PG499"
enable_private = true
tags = {"mykey": "myvalue"}
}