Remove (broken) root access to EKS clusters (#668)

Author: Nuru

modules/eks/cluster/main.tf

@@ -15,12 +15,13 @@ locals {
     (local.identity_account_name) = var.aws_teams_rbac[*].aws_team
     }, {
     (local.this_account_name) = var.aws_team_roles_rbac[*].aws_team_role
-    root                      = ["*"]
   })
 
   aws_teams_auth = [for role in var.aws_teams_rbac : {
-    rolearn  = module.iam_arns.principals_map[local.identity_account_name][role.aws_team]
-    username = format("%s-%s", local.identity_account_name, role.aws_team)
+    rolearn = module.iam_arns.principals_map[local.identity_account_name][role.aws_team]
+    # Include session name in the username for auditing purposes.
+    # See https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-iam-roles-when-multiple-users-need-identical-access-to-the-cluster
+    username = format("%s-%s::{{SessionName}}", local.identity_account_name, role.aws_team)
     groups   = role.groups
   }]