tflint-ruleset-aws icon indicating copy to clipboard operation
tflint-ruleset-aws copied to clipboard

Published 20 hours ago verified publisher icon terraform-linters

Feature Request: EKS ServiceAccount Mapping Support

Open mjgorman opened this issue 4 years ago • 1 comments

Hello, I'm attempting to run TFLint docker image within my EKS cluster (as a Jenkins job) and it doesn't seem to support assuming a role using AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE combination as provided by EKS/Kubernetes and the AWS IAM Service Role -> IAM Role Mapping. This support does work in. 0.13.x of Terraform, my validation steps are working fine now that I up graded from 0.12.29, but TFLint is now failing with permission issues as i suspect it is not assuming that role in the standard way the aws SDK supports.

https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html

mjgorman avatar Sep 17 '20 15:09 mjgorman

Happy to review a PR, here is the relevant client:

https://github.com/terraform-linters/tflint/blob/4ec960c42d12c931b567fa7afaac8122e6a6d08b/client/aws.go

See also:

https://github.com/hashicorp/terraform/issues/22992

bendrucker avatar Sep 17 '20 17:09 bendrucker