Skip to content

Latest commit

 

History

History

aws-external-dns

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.terraform-docs.yml
.terraform-docs.yml
 
 
README.md
README.md
 
 
iam.tf
iam.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

IAM for AWS external-dns

This terraform module provides an easy way to generate external-dns (public and private) required IAM permissions.

⚠️ Warning: this module uses "IAM Roles for ServiceAccount" to inject AWS credentials inside cluster autoscaler pods.

Requirements

Name Version
terraform >= 0.15.4
aws >= 3.37.0

Providers

Name Version
aws >= 3.37.0

Modules

Name Source Version
external_dns_private_iam_assumable_role terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc v3.16.0
external_dns_public_iam_assumable_role terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc v3.16.0

Resources

Name Type
aws_iam_policy.external_dns_private resource
aws_iam_policy.external_dns_public resource
aws_eks_cluster.this data source

Inputs

Name Description Type Default Required
cluster_name EKS cluster name string n/a yes
private_zone_id Route53 private zone ID string "" no
enable_private Flag to enable the creation for the private IAM role bool false no
public_zone_id Route53 public zone ID string n/a yes
tags Additional tags for the created resources map(string) {} no

Outputs

Name Description
external_dns_private_iam_role_arn external-dns-private IAM role
external_dns_private_patches external-dns-private Kubernetes resources patches
external_dns_public_iam_role_arn external-dns-public IAM role
external_dns_public_patches external-dns-public Kubernetes resources patches

Usage

module "external_dns_iam_role" {
  source             = "../vendor/modules/ingress/aws-external-dns"
  cluster_name       = "myekscluster"
  public_zone_id     = "Z1BM4RA99PG48O"
  private_zone_id    = "Z1BM4RA99PG499"
  enable_private     = true
  tags               = {"mykey": "myvalue"}
}