Allow nodes to assume role (#3)

* Allow nodes assume role * Format fix * Address PR comments
cloudposse-archives · May 29, 2018 · bc4cc19 · bc4cc19
1 parent 6552674
commit bc4cc19
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,6 @@
 .terraform/
 .idea
 *.iml
+
+.build-harness
+build-harness
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ module "kops_external_dns" {
   name         = "external-dns"
   cluster_name = "us-east-1.cloudposse.com"
   masters_name = "masters"
+  nodes_name   = "nodes"  
 
   tags = {
     Cluster = "us-east-1.cloudposse.com"
@@ -44,6 +45,7 @@ module "kops_external_dns" {
 | `tags`             | `{}`            | Additional tags  (_e.g._ `map("Cluster","us-east-1.cloudposse.com")`             | No       |
 | `delimiter`        | `-`             | Delimiter to be used between `namespace`, `stage`, `name` and `attributes`       | No       |
 | `masters_name`     | `masters`       | Kops masters subdomain name in the cluster DNS zone                              | No       |
+| `nodes_name`       | `nodes`         | Kops nodes subdomain name in the cluster DNS zone                                | No       |
 
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -12,6 +12,7 @@ module "kops_metadata" {
   source       = "git::https://github.com/cloudposse/terraform-aws-kops-metadata.git?ref=tags/0.1.1"
   dns_zone     = "${var.cluster_name}"
   masters_name = "${var.masters_name}"
+  nodes_name   = "${var.nodes_name}"
 }
 
 resource "aws_iam_role" "default" {
@@ -37,8 +38,12 @@ data "aws_iam_policy_document" "assume_role" {
     }
 
     principals {
-      type        = "AWS"
-      identifiers = ["${module.kops_metadata.masters_role_arn}"]
+      type = "AWS"
+
+      identifiers = [
+        "${module.kops_metadata.masters_role_arn}",
+        "${module.kops_metadata.nodes_role_arn}",
+      ]
     }
 
     effect = "Allow"

diff --git a/variables.tf b/variables.tf
@@ -42,3 +42,9 @@ variable "masters_name" {
   default     = "masters"
   description = "Kops masters subdomain name in the cluster DNS zone"
 }
+
+variable "nodes_name" {
+  type        = "string"
+  default     = "nodes"
+  description = "Kops nodes subdomain name in the cluster DNS zone"
+}