create eks istio cluster

juliusoh · Nov 2, 2024 · b63e469 · b63e469
1 parent 06d8cf8
commit b63e469
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 38 deletions.
diff --git a/tf_aws_eks/iam.tf b/tf_aws_eks/iam.tf
@@ -1,20 +1,25 @@
 resource "aws_iam_role" "eks_role" {
   name = "tf-${var.stack_name}-eks-cluster-role"
 
-  assume_role_policy = <<POLICY
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "Service": "eks.amazonaws.com"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "eks.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
       },
-      "Action": "sts:AssumeRole"
-    }
-  ]
-}
-POLICY
+      {
+        Effect = "Allow"
+        Principal = {
+          AWS = "arn:aws:iam::673692536255:user/terraform"  # Add your IAM user
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
 }
 
 resource "aws_iam_role" "eks-node-group" {

diff --git a/tf_aws_eks/main.tf b/tf_aws_eks/main.tf
@@ -68,28 +68,3 @@ resource "aws_eks_node_group" "eks-node-group" {
 
 # }
 
-resource "kubernetes_config_map_v1" "aws_auth" {
-  metadata {
-    name      = "aws-auth"
-    namespace = "kube-system"
-  }
-
-  data = {
-    mapRoles = yamlencode([
-      {
-        rolearn  = aws_iam_role.eks-node-group.arn
-        username = "system:node:{{EC2PrivateDNSName}}"
-        groups   = ["system:bootstrappers", "system:nodes"]
-      }
-    ])
-    mapUsers = yamlencode([
-      {
-        userarn  = "arn:aws:iam::673692536255:user/terraform"
-        username = "terraform"
-        groups   = ["system:masters"]
-      }
-    ])
-  }
-
-  depends_on = [aws_eks_cluster.eks-cluster]
-}