pulumi-eks icon indicating copy to clipboard operation
pulumi-eks copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Custom assume role policy for ClusterCreationRoleProvider

Open pabardina opened this issue 3 years ago • 3 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Hi! I would like to add a custom assume role policy when I create a specific role for the creation of the cluster. Right now, the root account is used https://github.com/pulumi/pulumi-eks/blob/e358bf5ec6337492302774da91e16231fa857091/nodejs/eks/cluster.ts#L282-L296. I deploy my resources using a custom role from another AWS account. So, I can't use the root account.

Or maybe, add the possibility to pass an iam Role created before by myself in the creationRoleProvider arg.

Affected area/feature

pabardina avatar Mar 01 '22 15:03 pabardina

Thanks for the suggestion @pabardina! I'm not sure when we'd be able to get to this feature request, but we'd gladly accept a PR.

jkodroff avatar Mar 01 '22 20:03 jkodroff

The work here will be to allow a user to pass their own role that we can use - if a role is specified, then we can default to using the current method

stack72 avatar Jul 29 '22 14:07 stack72

I'm also running into this issue. I'd like to be able to assume this cluster creator role from another AWS account. Cluster creation works but if you try to pulumi destroy the stack with a role from another account, it fails.

colinlodter avatar Aug 24 '22 14:08 colinlodter