fix: Fixed example where VPC CNI permissions should apply to the aws-node account (#225)

jbronn · web-flow · commit 1fb1cfce3486 · 2022-04-15T13:24:42.000+02:00
diff --git a/examples/iam-role-for-service-accounts-eks/main.tf b/examples/iam-role-for-service-accounts-eks/main.tf
@@ -255,7 +255,7 @@ module "vpc_cni_ipv4_irsa_role" {
   oidc_providers = {
     ex = {
       provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-vpc-cni"]
+      namespace_service_accounts = ["kube-system:aws-node"]
     }
   }
 
@@ -272,7 +272,7 @@ module "vpc_cni_ipv6_irsa_role" {
   oidc_providers = {
     ex = {
       provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-vpc-cni"]
+      namespace_service_accounts = ["kube-system:aws-node"]
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ module "vpc_cni_ipv4_irsa_role" {`
`255`	`255`	`oidc_providers = {`
`256`	`256`	`ex = {`
`257`	`257`	`provider_arn = module.eks.oidc_provider_arn`
`258`		`- namespace_service_accounts = ["kube-system:aws-vpc-cni"]`
	`258`	`+ namespace_service_accounts = ["kube-system:aws-node"]`
`259`	`259`	`}`
`260`	`260`	`}`
`261`	`261`
`@@ -272,7 +272,7 @@ module "vpc_cni_ipv6_irsa_role" {`
`272`	`272`	`oidc_providers = {`
`273`	`273`	`ex = {`
`274`	`274`	`provider_arn = module.eks.oidc_provider_arn`
`275`		`- namespace_service_accounts = ["kube-system:aws-vpc-cni"]`
	`275`	`+ namespace_service_accounts = ["kube-system:aws-node"]`
`276`	`276`	`}`
`277`	`277`	`}`
`278`	`278`