Removed additional IAM config; Disabled providers for kubernetes and helm, and removed associated data sources and cluster addons

Author: burmek

main.tf

@@ -1,8 +1,10 @@
 data "aws_availability_zones" "available" {}
 
+/*
 data "aws_eks_cluster_auth" "this" {
   name = module.eks_deployment[0].cluster_name
 }
+*/
 
 locals {
   resource_name = "comet-${var.environment}"

modules/eks_deployment/main.tf

@@ -5,9 +5,11 @@ locals {
   }
 }
 
+/*
 data "aws_eks_cluster_auth" "this" {
   name = module.eks.cluster_name
 }
+*/
 
 data "aws_iam_policy" "ebs_csi_policy" {
   arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
@@ -39,20 +41,7 @@ module "eks" {
   vpc_id     = var.vpc_id
   subnet_ids = var.vpc_private_subnets
 
-  manage_aws_auth_configmap = true
-  
-  /* Remove additional IAM configuration for now; Enable later if warranted
-  aws_auth_roles = [
-    {
-      rolearn  = aws_iam_role.eks_admin.arn
-      username = "${aws_iam_role.eks_admin.name}"
-      groups = [
-        "system:masters"
-      ]
-
-    }
-  ]
-  */
+  #manage_aws_auth_configmap = true
 
   eks_managed_node_group_defaults = {
     ami_type = "AL2_x86_64"
@@ -84,6 +73,7 @@ module "irsa-ebs-csi" {
   oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
 }
 
+/*
 module "eks_blueprints_kubernetes_addons" {
   source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons"
 
@@ -98,32 +88,4 @@ module "eks_blueprints_kubernetes_addons" {
 
   tags = local.tags
 }
-
-/* Remove additional IAM configuration for now; Enable later if warranted
-resource "aws_iam_role" "eks_admin" {
-  name = "admin-${var.cluster_name}"
-  
-  assume_role_policy = jsonencode({
-  Version = "2012-10-17"
-    Statement = [
-      {
-        Action = "sts:AssumeRole"
-        Effect = "Allow"
-        Sid    = ""
-        Principal = {
-          "AWS": [
-            "arn:aws:iam::897196112581:user/martinb"
-          ]
-        }
-      },
-    ]
-  })
-  
-  tags = local.tags
-}
-
-resource "aws_iam_role_policy_attachment" "eks_adminrole_policy_attach" {
-  role       = "${aws_iam_role.eks_admin.name}"
-  policy_arn = "${data.aws_iam_policy.administrator_access.arn}"
-}
 */

providers.tf

@@ -2,6 +2,7 @@ provider "aws" {
   region = var.region
 }
 
+/*
 provider "kubernetes" {
   host                   = module.eks_deployment[0].cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks_deployment[0].cluster_certificate_authority_data)
@@ -14,4 +15,5 @@ provider "helm" {
     cluster_ca_certificate = base64decode(module.eks_deployment[0].cluster_certificate_authority_data)
     token                  = data.aws_eks_cluster_auth.this.token
   }
-}
+}
+*/