[FEATURE] externalize worker iam role and profile

[kumarpmd]

Is your feature request related to a problem? Please describe

terraform-aws-eks module is currently used to provision cluster, with pre-created iam_roles. aws-ia/terraform-aws-eks-blueprints seems to always create node instance role and instance profile, with name derived from cluster and supplied name. https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/aws-eks-self-managed-node-groups/iam.tf#L1 https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/aws-eks-self-managed-node-groups/iam.tf#L11

can we have the module use pre-created node iam - role, profile, and use create_iam_role similar to terraform-aws-eks? https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/node_groups.tf#L437

Describe the solution you'd like

expose terraform-aws-eks variables - iam_role_arn, create_iam_instance_profile pass role and profile values from blueprint module to handle role assignment and aws-auth configmap. set resource.aws_iam_* resources to trigger based on create_iam flag.

Describe alternatives you've considered

Our Security requires IAM roles to be pre-created. An alternate option is for us to continue using terraform-aws-eks modules.

Additional context

Let me know if you want me to update the code and

[askulkarni2]

@vara-bonthu can you please confirm we have this implemented here?

[bryantbiggs]

@kumarpmd this should be available today, if not, then it will be soon as v5 will utilize the functionality of the terraform-aws-eks module

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

Issue closed due to inactivity.