Comments (2)
I think this is a smart move to implement 👍 Would definitely save a bunch of people who aren't sophisticated terraform / EKS operators from losing track of the role / user that created their cluster.
from terraform-aws-eks-cluster.
In all honesty, it's not really a requirement the majority would expect to find in a shared module, it seems more like a personal needing to me, most of us aren't relying at all to that initial role.
First and foremost, you should deploy using a pipeline which should be set with a pre-definied role, so you shouldn't wonder what it was, also because you usually want to set a specific role with the right permission to deploy not a multitude of roles. If you have a a number of devs deploying clusters, then you can use something like terragrunt to set a tag for you:
createdby = split("/", get_aws_caller_identity_arn())[1]
Or you can use plain terraform with data "aws_caller_identity" "current" {}
to get the arn
and set it as a tag.
Anyway, in my opinion the best choice is to add a predefined role using the map_additional_iam_roles
feature of this module, first you're not exposing anything as a tag. and second getting the exact role might be challenging if there an "assume_role" in the mix.
from terraform-aws-eks-cluster.
Related Issues (20)
- Fails to save tfstate after cluster creation due to eks misconfiguration
- Inconsistent apply involving `encryption_config` `key_arn`
- Use new terraform resource kubernetes_config_map_v1_data for managing aws_auth data HOT 1
- add IAM policy to IAM role HOT 1
- Add log group encryption
- Unable to add additional iam roles to cluster HOT 8
- Issue with kubernetes provider configuration when doing destroy
- Favour eks_cluster_managed_security_group_id output in documentation, instead of security_group_id
- Broken links in readme page
- "aws-auth" is forbidden: User "system:anonymous" cannot get resource HOT 8
- Rare edge case: Protect kubernetes_config_map from being destroyed HOT 7
- Addons race condition with a nodegroup
- Don't force naming to end with -cluster (attributes)
- cloudwatch log group: retention is going to never expire state even after giving particular number
- enable the ability to change the kubernetes API version from vars HOT 2
- Conflicting arguments with Kubernetes provider 2.21.0 HOT 3
- "aws-auth" is forbidden in the namespace "kube-system" HOT 4
- hashicorp/kubernetes provider v2.25.0 breaks "cloudposse/eks-cluster/aws" module HOT 2
- Support new `authentication_mode` config for eks_cluster HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-eks-cluster.