terraform-aws-eks
terraform-aws-eks copied to clipboard
Add certificates and sha1_fingerprint as exported attributes to aws_eks_cluster module
Today, in order to create aws_iam_openid_connect_provider
to my EKS cluster I need to provide thumbprint_list
.
In order to retrieve the thumbprint_list
I'll have to use the data source tls_certificate
for that.
Example:
resource "aws_eks_cluster" "example" {
# ... other configuration ...
}
data "tls_certificate" "example" {
url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}
resource "aws_iam_openid_connect_provider" "example" {
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.tls_certificate.example.certificates[0].sha1_fingerprint]
url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}
From: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabling-iam-roles-for-service-accounts
There is any way to avoid from using the data source tls_certificate
by adding the tls_certificate
data (like certificates and sha1_fingerprint) as part of the aws_eks_cluster
module attributes?
what are you doing differently than what we provide here https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L201-L218
Hi @bryantbiggs , I just want to avoid from using the data, and get the sha1_fingerprint
attribute directly from aws_eks_cluster
data "tls_certificate" "example" {
url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}
If this is not the scope of aws_eks_cluster
I can close this issue
we can absolutely support this since the data source is already used in the codebase - adding in #2249
This issue has been resolved in version 18.30.0 :tada:
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.