Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Export the ARN for the IAM Role attached to the EKS Cluster #730

Merged
merged 1 commit into from
Jul 7, 2022
Merged

Export the ARN for the IAM Role attached to the EKS Cluster #730

merged 1 commit into from
Jul 7, 2022

Conversation

stack72
Copy link
Contributor

@stack72 stack72 commented Jul 6, 2022
edited
Loading

Fixes: #727

In #670, we removed the deprecated IAM Role Policy AmazonEKSServicePolicy.
Unfortunately, this has broken clusters older than 16th April 2020

Rather than adding this policy back by default, we now expose the
ARN of the IAM Role for the cluster so that a user can do as follows:

const cluster1 = new eks.Cluster(`${projectName}-1`);

const iamRole = cluster1.core.clusterIamRole;

const rpa = new aws.iam.RolePolicyAttachment("rpa", {
  role: iamRole.name,
  policy: "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
})

Proposed changes

Related issues (optional)

@github-actions
Copy link

github-actions bot commented Jul 6, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@stack72
Export the ARN for the IAM Role attached to the EKS Cluster
0d77274 
Fixes: #727

In #670, we removed the deprecated IAM Role Policy `AmazonEKSServicePolicy`.
Unfortunately, this has broken clusters older than 16th April 2020

Rather than adding this policy back by default, we now expose the
ARN of the IAM Role for the cluster so that a user can do as follows:

```
const cluster1 = new eks.Cluster(`${projectName}-1`);

const iamRole = cluster1.clusterIamRole;

const rpa = new aws.iam.RolePolicyAttachment("rpa", {
  role: iamRole.name,
  policy: "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
})
```
@github-actions
Copy link

github-actions bot commented Jul 6, 2022

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@stack72 stack72 requested a review from jaxxstorm July 6, 2022 22:55
@stack72 stack72 mentioned this pull request Jul 6, 2022
Closed
rshade
rshade approved these changes Jul 7, 2022
View reviewed changes
Copy link

@rshade rshade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stack72 stack72 requested a review from lblackstone July 7, 2022 12:21
@stack72 stack72 added the impact/no-changelog-required This issue doesn't require a CHANGELOG update label Jul 7, 2022
@stack72 stack72 merged commit 62700bf into master Jul 7, 2022
@stack72 stack72 deleted the stack72/gh-727 branch July 7, 2022 15:37
flostadler pushed a commit that referenced this pull request Sep 4, 2024
@stack72
Export the ARN for the IAM Role attached to the EKS Cluster (#730)
0aed853
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lblackstone lblackstone lblackstone approved these changes

@rshade rshade rshade approved these changes

@jaxxstorm jaxxstorm Awaiting requested review from jaxxstorm

Assignees
No one assigned
Labels
impact/no-changelog-required This issue doesn't require a CHANGELOG update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

managedPolicyArns should not update on clusters older than April 16th 2020
3 participants
@stack72 @rshade @lblackstone