From 5612b8dc2246967cd95a2465e3f5201f1ce1aff0 Mon Sep 17 00:00:00 2001
From: Paramadon <siprmp@amazon.com>
Date: Fri, 28 Jun 2024 00:43:16 -0400
Subject: [PATCH] diff

---
 ...application-signals-java-beta-e2e-test.yml | 13 -----------
 integration-tests/terraform/pulse/main.tf     | 22 ++++++++++++++-----
 2 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/application-signals-java-beta-e2e-test.yml b/.github/workflows/application-signals-java-beta-e2e-test.yml
index b9cd5a590..5de9bb035 100644
--- a/.github/workflows/application-signals-java-beta-e2e-test.yml
+++ b/.github/workflows/application-signals-java-beta-e2e-test.yml
@@ -107,19 +107,6 @@ jobs:
 
 
 
-      - name: Create role for AWS access from the sample app
-        id: create_service_account
-        run: |
-          export AWS_ENDPOINT_URL=https://api.beta.us-west-2.wesley.amazonaws.com
-          eksctl create iamserviceaccount \
-          --name service-account-${{ env.TESTING_ID }} \
-          --namespace ${{ env.SAMPLE_APP_NAMESPACE }} \
-          --cluster ${{ inputs.test-java-cluster-name }} \
-          --role-name eks-s3-access-${{ env.TESTING_ID }} \
-          --attach-policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess \
-          --region ${{ env.AWS_DEFAULT_REGION }} \
-          --approve
-
       - name: Deploy sample app via Terraform
         run: |
           echo "Current directory: $(pwd)"
diff --git a/integration-tests/terraform/pulse/main.tf b/integration-tests/terraform/pulse/main.tf
index 854a19b91..efd1d998b 100644
--- a/integration-tests/terraform/pulse/main.tf
+++ b/integration-tests/terraform/pulse/main.tf
@@ -43,8 +43,23 @@ provider "google" {
 
 provider "aws" {
   region = var.aws_region
+  endpoints {
+    eks = "https://api.beta.us-west-2.wesley.amazonaws.com"
+    # Add other AWS service endpoints as needed
+  }
 }
 
+resource "kubernetes_service_account" "example_service_account" {
+  metadata {
+    name      = "service-account-${var.test_id}"
+    namespace = var.test_namespace
+
+    # Annotations to associate IAM roles (specific to EKS)
+    annotations = {
+      "eks.amazonaws.com/role-arn" = aws_iam_role.eks_s3_access_role.arn
+    }
+  }
+}
 # get eks cluster
 data "aws_eks_cluster" "testing_cluster" {
   name = var.eks_cluster_name
@@ -99,16 +114,11 @@ resource "aws_iam_role" "eks_s3_access_role" {
   })
 }
 
-resource "aws_iam_role_policy_attachment" "eks_s3_access_policy" {
+resource "aws_iam_role_policy_attachment" "s3_read_only_policy" {
   role       = aws_iam_role.eks_s3_access_role.name
   policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
 }
 
-resource "google_service_account" "service_account" {
-  account_id   = "service-account-${var.test_id}"
-  display_name = "Service Account"
-}
-
 ### Setting up the sample app on the cluster
 
 resource "kubernetes_deployment" "sample_app_deployment" {