fix: Managed arns (#109)

* managed arns --> attachments * Update iam-roles.tf
wandb · Jul 13, 2023 · 701b886 · 701b886
1 parent 10b0fd0
commit 701b886
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/modules/app_eks/iam-role-attachments.tf b/modules/app_eks/iam-role-attachments.tf
@@ -22,3 +22,19 @@ resource "aws_iam_role_policy_attachment" "node_s3" {
   role       = aws_iam_role.node.name
   policy_arn = aws_iam_policy.node_s3.arn
 }
+
+resource "aws_iam_role_policy_attachment" "eks_cni" {
+  role       = aws_iam_role.node.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_worker_node" {
+  role       = aws_iam_role.node.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_container_registry" {
+  role       = aws_iam_role.node.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
diff --git a/modules/app_eks/iam-roles.tf b/modules/app_eks/iam-roles.tf
@@ -1,8 +1,10 @@
 resource "aws_iam_role" "node" {
   name               = "${var.namespace}-node"
   assume_role_policy = data.aws_iam_policy_document.node_assume.json
-
+  managed_policy_arns = []
+
   // todo: refactor --> v1.16.3
   inline_policy {}
 }
 
+