Skip to main content
View SourceRelease Notes

ALB Ingress Controller IAM Policy Module

This Terraform Module defines an IAM policy that defines the minimal set of permissions necessary for the AWS ALB Ingress Controller. This policy can then be attached to EC2 instances or IAM roles so that the controller deployed has enough permissions to manage an ALB.

See the eks-alb-ingress-controller module for a module that deploys the Ingress Controller on to your EKS cluster.

Attaching IAM policy to workers

To allow the ALB Ingress Controller to manage ALBs, it needs IAM permissions to use the AWS API to manage ALBs. Currently, the way to grant Pods IAM privileges is to use the worker IAM profiles provisioned by the eks-cluster-workers module.

The Terraform templates in this module create an IAM policy that has the required permissions. You then need to use an aws_iam_policy_attachment to attach that policy to the IAM roles of your EC2 Instances.

module "eks_workers" {
  # (arguments omitted)
}

module "alb_ingress_controller_iam_policy" {
  # (arguments omitted)
}

resource "aws_iam_role_policy_attachment" "attach_alb_ingress_controller_iam_policy" {
    role = "${module.eks_workers.eks_worker_iam_role_name}"
    policy_arn = "${module.alb_ingress_controller_iam_policy.alb_ingress_controller_policy_arn}"
}

Reference

Required

name_prefixstringrequired

A name that uniquely identified in which context this module is being invoked. This also helps to avoid creating two resources with the same name from different terraform applies.

Optional

create_resourcesbooloptional

If you set this variable to false, this module will not create any resources. This is used as a workaround because Terraform does not allow you to use the 'count' parameter on modules. By using this parameter, you can optionally create or not create the resources within this module.

true