From e85f190976af857bddfaf2f882c2b319748cc900 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 20 Jan 2023 10:10:18 -0500 Subject: [PATCH] update --- examples/cluster-assume-role/README.md | 14 ++++++++++++++ examples/cluster-assume-role/group.tf | 2 -- .../{policies.tf => policies.eks.tf} | 0 examples/cluster-assume-role/settings.auto.tfvars | 4 +--- .../{variables.tf => variables.eks.tf} | 0 5 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 examples/cluster-assume-role/README.md delete mode 100644 examples/cluster-assume-role/group.tf rename examples/cluster-assume-role/{policies.tf => policies.eks.tf} (100%) rename examples/cluster-assume-role/{variables.tf => variables.eks.tf} (100%) diff --git a/examples/cluster-assume-role/README.md b/examples/cluster-assume-role/README.md new file mode 100644 index 0000000..b573677 --- /dev/null +++ b/examples/cluster-assume-role/README.md @@ -0,0 +1,14 @@ +# Enable access to assume the cluster admin role + +1. copy these files into the directory where the group/role is setup + * policies.eks.tf + * variables.eks.tf + * settings.auto.tfvars +1. add the cluster name(s) to the admin_cluster_list (without the eks- prefix) +1. for IAM users, add the policy ARN to the list of polcies +aws_iam_policy.list_assume_policy.arn +1. for SAML roles, add the policy ARN to the list of polcies +aws_iam_policy.list_assume_policy.arn +1. you may need to add a POLICY line to tf-run.data before the ALL if it doesn't exist +1. tf-run plan (starting at POLICY step) +1. commit/PR diff --git a/examples/cluster-assume-role/group.tf b/examples/cluster-assume-role/group.tf deleted file mode 100644 index c62ab90..0000000 --- a/examples/cluster-assume-role/group.tf +++ /dev/null @@ -1,2 +0,0 @@ -# add to user group -# aws_iam_policy.list_assume_policy.arn diff --git a/examples/cluster-assume-role/policies.tf b/examples/cluster-assume-role/policies.eks.tf similarity index 100% rename from examples/cluster-assume-role/policies.tf rename to examples/cluster-assume-role/policies.eks.tf diff --git a/examples/cluster-assume-role/settings.auto.tfvars b/examples/cluster-assume-role/settings.auto.tfvars index 9e533ce..87c1d4f 100644 --- a/examples/cluster-assume-role/settings.auto.tfvars +++ b/examples/cluster-assume-role/settings.auto.tfvars @@ -1,3 +1 @@ -admin_cluster_list = [ - "edl-sa1", -] +admin_cluster_list = [] diff --git a/examples/cluster-assume-role/variables.tf b/examples/cluster-assume-role/variables.eks.tf similarity index 100% rename from examples/cluster-assume-role/variables.tf rename to examples/cluster-assume-role/variables.eks.tf