Merge pull request #8 from datafold/gerard-cx-2579-improve-admin-access-across-aws

feat: Add auth roles for authentication

Author: gtoonstra

main.tf

@@ -108,6 +108,7 @@ module "eks" {
   manage_aws_auth_configmap           = var.manage_aws_auth_configmap
   aws_auth_users                      = var.aws_auth_users
   aws_auth_accounts                   = var.aws_auth_accounts
+  aws_auth_roles                      = var.aws_auth_roles
   tags                                = var.tags
   backend_app_port                    = var.backend_app_port
   rds_port                            = var.rds_port

modules/eks/main.tf

@@ -100,13 +100,13 @@ module "eks" {
   create_aws_auth_configmap = var.create_aws_auth_configmap
   manage_aws_auth_configmap = var.manage_aws_auth_configmap
 
-  aws_auth_roles = [
+  aws_auth_roles = concat([
     {
       rolearn  = aws_iam_role.eks_cluster_role.arn
       username = "eks_cluster_role"
       groups   = ["system:masters"]
     },
-  ]
+  ], var.aws_auth_roles)
 
   aws_auth_users    = var.aws_auth_users
   aws_auth_accounts = var.aws_auth_accounts

modules/eks/variables.tf

@@ -93,6 +93,11 @@ variable "aws_auth_accounts" {
   default = []
 }
 
+variable "aws_auth_roles" {
+  type    = list(any)
+  default = []
+}
+
 variable "tags" {
   type    = any
   default = {}

variables.tf

@@ -525,6 +525,12 @@ variable "aws_auth_accounts" {
   description = "List of account maps to add to the aws-auth configmap"
 }
 
+variable "aws_auth_roles" {
+  type    = list(any)
+  default = []
+  description = "List of role maps to add to the aws-auth configmap"
+}
+
 variable "tags" {
   type    = any
   default = {}