@@ -47,34 +47,34 @@ module "irsa_role" {
4747 tags = . tags
4848}
4949
50- module "cluster_autoscaler_irsa_role " {
50+ module "cert_manager_irsa_role " {
5151 source = " ../../modules/iam-role-for-service-accounts-eks"
5252
53- role_name = " cluster-autoscaler "
54- attach_cluster_autoscaler_policy = true
55- cluster_autoscaler_cluster_ids = module . eks . cluster_id ]
53+ role_name = " cert-manager "
54+ attach_external_dns_policy = true
55+ cert_manager_hosted_zone_arns = " arn:aws:route53:::hostedzone/IClearlyMadeThisUp "
5656
5757 oidc_providers =
5858 ex = {
5959 provider_arn = module.eks.oidc_provider_arn
60- namespace_service_accounts = [" kube-system:cluster-autoscaler "
60+ namespace_service_accounts = [" kube-system:cert-manager "
6161 }
6262 }
6363
6464 tags = . tags
6565}
6666
67- module "external_dns_irsa_role " {
67+ module "cluster_autoscaler_irsa_role " {
6868 source = " ../../modules/iam-role-for-service-accounts-eks"
6969
70- role_name = " external-dns "
71- attach_external_dns_policy = true
72- external_dns_hosted_zone_arns = " arn:aws:route53:::hostedzone/IClearlyMadeThisUp "
70+ role_name = " cluster-autoscaler "
71+ attach_cluster_autoscaler_policy = true
72+ cluster_autoscaler_cluster_ids = module . eks . cluster_id ]
7373
7474 oidc_providers =
7575 ex = {
7676 provider_arn = module.eks.oidc_provider_arn
77- namespace_service_accounts = [" default:my-app " , " canary:my-app "
77+ namespace_service_accounts = [" kube-system:cluster-autoscaler "
7878 }
7979 }
8080
@@ -113,54 +113,53 @@ module "efs_csi_irsa_role" {
113113 tags = . tags
114114}
115115
116- module "vpc_cni_ipv4_irsa_role " {
116+ module "external_dns_irsa_role " {
117117 source = " ../../modules/iam-role-for-service-accounts-eks"
118118
119- role_name = " vpc-cni-ipv4 "
120- attach_vpc_cni_policy = true
121- vpc_cni_enable_ipv4 = true
119+ role_name = " external-dns "
120+ attach_external_dns_policy = true
121+ external_dns_hosted_zone_arns = [ " arn:aws:route53:::hostedzone/IClearlyMadeThisUp " ]
122122
123123 oidc_providers =
124124 ex = {
125125 provider_arn = module.eks.oidc_provider_arn
126- namespace_service_accounts = [" kube-system:aws-vpc-cni "
126+ namespace_service_accounts = [" kube-system:external-dns "
127127 }
128128 }
129129
130130 tags = . tags
131131}
132132
133- module "vpc_cni_ipv6_irsa_role " {
133+ module "external_secrets_irsa_role " {
134134 source = " ../../modules/iam-role-for-service-accounts-eks"
135135
136- role_name = " vpc-cni-ipv6"
137- attach_vpc_cni_policy = true
138- vpc_cni_enable_ipv6 = true
136+ role_name = " external-secrets"
137+ attach_external_secrets_policy = true
138+ external_secrets_ssm_parameter_arns = " arn:aws:ssm:*:*:parameter/foo"
139+ external_secrets_secrets_manager_arns = " arn:aws:secretsmanager:*:*:secret:bar"
139140
140141 oidc_providers =
141142 ex = {
142143 provider_arn = module.eks.oidc_provider_arn
143- namespace_service_accounts = [" kube-system:aws-vpc-cni "
144+ namespace_service_accounts = [" default:kubernetes-external-secrets "
144145 }
145146 }
146147
147148 tags = . tags
148149}
149150
150- module "node_termination_handler_irsa_role " {
151+ module "fsx_lustre_csi_irsa_role " {
151152 source = " ../../modules/iam-role-for-service-accounts-eks"
152153
153- role_name = " node-termination-handler "
154- attach_node_termination_handler_policy = true
154+ role_name = " fsx-lustre-csi "
155+ attach_fsx_lustre_csi_policy = true
155156
156157 oidc_providers =
157158 ex = {
158159 provider_arn = module.eks.oidc_provider_arn
159- namespace_service_accounts = [" kube-system:aws-node "
160+ namespace_service_accounts = [" kube-system:fsx-csi-controller-sa "
160161 }
161162 }
162-
163- tags = . tags
164163}
165164
166165module "karpenter_controller_irsa_role" {
@@ -214,6 +213,72 @@ module "load_balancer_controller_targetgroup_binding_only_irsa_role" {
214213 tags = . tags
215214}
216215
216+ module "amazon_managed_service_prometheus_irsa_role" {
217+ source = " ../../modules/iam-role-for-service-accounts-eks"
218+
219+ role_name = " amazon-managed-service-prometheus"
220+ attach_amazon_managed_service_prometheus_policy = true
221+
222+ oidc_providers =
223+ ex = {
224+ provider_arn = module.eks.oidc_provider_arn
225+ namespace_service_accounts = [" prometheus:amp-ingest"
226+ }
227+ }
228+
229+ tags = . tags
230+ }
231+
232+ module "node_termination_handler_irsa_role" {
233+ source = " ../../modules/iam-role-for-service-accounts-eks"
234+
235+ role_name = " node-termination-handler"
236+ attach_node_termination_handler_policy = true
237+
238+ oidc_providers =
239+ ex = {
240+ provider_arn = module.eks.oidc_provider_arn
241+ namespace_service_accounts = [" kube-system:aws-node"
242+ }
243+ }
244+
245+ tags = . tags
246+ }
247+
248+ module "vpc_cni_ipv4_irsa_role" {
249+ source = " ../../modules/iam-role-for-service-accounts-eks"
250+
251+ role_name = " vpc-cni-ipv4"
252+ attach_vpc_cni_policy = true
253+ vpc_cni_enable_ipv4 = true
254+
255+ oidc_providers =
256+ ex = {
257+ provider_arn = module.eks.oidc_provider_arn
258+ namespace_service_accounts = [" kube-system:aws-vpc-cni"
259+ }
260+ }
261+
262+ tags = . tags
263+ }
264+
265+ module "vpc_cni_ipv6_irsa_role" {
266+ source = " ../../modules/iam-role-for-service-accounts-eks"
267+
268+ role_name = " vpc-cni-ipv6"
269+ attach_vpc_cni_policy = true
270+ vpc_cni_enable_ipv6 = true
271+
272+ oidc_providers =
273+ ex = {
274+ provider_arn = module.eks.oidc_provider_arn
275+ namespace_service_accounts = [" kube-system:aws-vpc-cni"
276+ }
277+ }
278+
279+ tags = . tags
280+ }
281+
217282# ###############################################################################
218283# Supporting Resources
219284# ###############################################################################
0 commit comments