Initial module definition

Author: koslib

main.tf

@@ -0,0 +1,54 @@
+locals {
+  roles = [{
+    rolearn  = var.nodes_role
+    username = "system:node:{{EC2PrivateDNSName}}"
+    groups = [
+      "system:bootstrappers",
+      "system:nodes"
+    ]
+  }]
+
+  master_roles = [
+    for role_arn in var.master_roles :
+    {
+      rolearn  = role_arn
+      username = role_arn
+      groups = [
+        "system:masters"
+      ]
+    }
+
+  ]
+
+  users = [
+    for user_obj in var.master_users :
+    {
+      userarn  = user_obj.arn
+      username = user_obj.username
+      groups = [
+        "system:masters"
+      ]
+    }
+  ]
+}
+
+resource "kubernetes_config_map" "aws_auth" {
+  metadata {
+    // The name of the ConfigMap needs to be `aws-auth`, as specified by AWS. 
+    // For more info, please see here: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
+    name      = "aws-auth"
+    namespace = "kube-system"
+    labels = merge(
+      {
+        "app.kubernetes.io/managed-by" = "Terraform"
+        "terraform.io/module"          = "github.com/koslib/terraform-aws-eks-auth"
+      }
+    )
+  }
+
+  data = {
+    mapRoles = yamlencode(concat(local.roles, local.master_roles))
+    mapUsers = yamlencode(local.users)
+  }
+
+}

outputs.tf

@@ -0,0 +1,18 @@
+data "aws_eks_cluster" "default" {
+  name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "default" {
+  name = var.cluster_name
+}
+
+provider "aws" {
+  region  = var.aws_region
+  profile = var.aws_profile
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.default.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.default.token
+}

providers.tf

@@ -0,0 +1,34 @@
+variable "cluster_name" {
+  type        = string
+  description = "The cluster to apply the auth config on."
+}
+
+variable "aws_region" {
+  type        = string
+  description = "Your cluster's AWS region."
+}
+
+variable "aws_profile" {
+  type        = string
+  default     = "default"
+  description = "In case you use multiple AWS profiles, specify which one to use here. Defaults to `default`."
+}
+
+variable "nodes_role" {
+  type        = string
+  description = "The role that was created while provisioning the cluster and should be used by EC2 instances to interact with the cluster."
+}
+
+variable "master_users" {
+  type = list(object({
+    username = string
+    arn      = string
+  }))
+  description = "List of user objects that will have master permissions on the cluster. Object consists of username and ARN (strings)."
+}
+
+variable "master_roles" {
+  type        = list(string)
+  default     = []
+  description = "List of IAM role ARNs that will have master permissions on the cluster."
+}