Vinaum8 · June 28, 2023 17:53
diff --git a/aws_lb_controller.tf b/aws_lb_controller.tf
 # # Datasource: AWS Load Balancer Controller IAM Policy get from aws-load-balancer-controller/ GIT Repo (latest)
 data "http" "lbc_iam_policy" {
  url = "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json"

  # Optional request headers
  request_headers = {
    Accept = "application/json"
  }
 }

 # # Resource: Create AWS Load Balancer Controller IAM Policy 
 resource "aws_iam_policy" "lbc_iam_policy" {
  name        = "${local.name}-AWSLoadBalancerControllerIAMPolicy"
  path        = "/"
  description = "AWS Load Balancer Controller IAM Policy"
  policy      = data.http.lbc_iam_policy.body
 }

 # # Resource: Create IAM Role 
 resource "aws_iam_role" "lbc_iam_role" {
  name = "${local.name}-lbc-iam-role"

  # Terraform's "jsonencode" function converts a Terraform expression result to valid JSON syntax.
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRoleWithWebIdentity"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Federated = "${module.eks.oidc_provider_arn}"
        }
        Condition = {
          StringEquals = {
            "${module.eks.oidc_provider}:aud" : "sts.amazonaws.com",
            "${module.eks.oidc_provider}:sub" : "system:serviceaccount:kube-system:aws-load-balancer-controller"
          }
        }
      },
    ]
  })

  tags = {
    tag-key = "AWSLoadBalancerControllerIAMPolicy"
  }

  depends_on = [module.eks]
 }

 # # Associate Load Balanacer Controller IAM Policy to  IAM Role
 resource "aws_iam_role_policy_attachment" "lbc_iam_role_policy_attach" {
  # policy_arn = aws_iam_policy.lbc_iam_policy.arn
  policy_arn = aws_iam_policy.lbc_iam_policy.arn
  role       = aws_iam_role.lbc_iam_role.name
 }
	# # Datasource: AWS Load Balancer Controller IAM Policy get from aws-load-balancer-controller/ GIT Repo (latest)
	data "http" "lbc_iam_policy" {
	url = "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json"

	# Optional request headers
	request_headers = {
	Accept = "application/json"
	}
	}

	# # Resource: Create AWS Load Balancer Controller IAM Policy
	resource "aws_iam_policy" "lbc_iam_policy" {
	name = "${local.name}-AWSLoadBalancerControllerIAMPolicy"
	path = "/"
	description = "AWS Load Balancer Controller IAM Policy"
	policy = data.http.lbc_iam_policy.body
	}

	# # Resource: Create IAM Role
	resource "aws_iam_role" "lbc_iam_role" {
	name = "${local.name}-lbc-iam-role"

	# Terraform's "jsonencode" function converts a Terraform expression result to valid JSON syntax.
	assume_role_policy = jsonencode({
	Version = "2012-10-17"
	Statement = [
	{
	Action = "sts:AssumeRoleWithWebIdentity"
	Effect = "Allow"
	Sid = ""
	Principal = {
	Federated = "${module.eks.oidc_provider_arn}"
	}
	Condition = {
	StringEquals = {
	"${module.eks.oidc_provider}:aud" : "sts.amazonaws.com",
	"${module.eks.oidc_provider}:sub" : "system:serviceaccount:kube-system:aws-load-balancer-controller"
	}
	}
	},
	]
	})

	tags = {
	tag-key = "AWSLoadBalancerControllerIAMPolicy"
	}

	depends_on = [module.eks]
	}

	# # Associate Load Balanacer Controller IAM Policy to IAM Role
	resource "aws_iam_role_policy_attachment" "lbc_iam_role_policy_attach" {
	# policy_arn = aws_iam_policy.lbc_iam_policy.arn
	policy_arn = aws_iam_policy.lbc_iam_policy.arn
	role = aws_iam_role.lbc_iam_role.name
	}
No results found