diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5bfcfb5..998beca 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ repos:
rev: v1.88.2
hooks:
- id: terraform_fmt
- - id: terraform_validate
+ - id: terraform_wrapper_module_for_each
- id: terraform_docs
args:
- '--args=--lockfile=false'
@@ -22,8 +22,11 @@ repos:
- '--args=--only=terraform_required_providers'
- '--args=--only=terraform_standard_module_structure'
- '--args=--only=terraform_workspace_remote'
+ - '--args=--only=terraform_unused_required_providers'
+ - id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
+ - id: trailing-whitespace
diff --git a/README.md b/README.md
index 219f3a1..77a0393 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,6 @@
# AWS EKS Pod Identity Terraform module
-Terraform module which creates AWS EKS Pod Identity roles.
-
-## :warning: Still under development and not recommended for production use :warning:
-
+Terraform module which creates [Amazon EKS Pod Identity roles](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html).
## Usage
@@ -559,6 +556,9 @@ No modules.
| Name | Description |
|------|-------------|
+| [iam\_policy\_arn](#output\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [iam\_policy\_id](#output\_iam\_policy\_id) | The policy's ID |
+| [iam\_policy\_name](#output\_iam\_policy\_name) | Name of IAM policy |
| [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of IAM role |
| [iam\_role\_name](#output\_iam\_role\_name) | Name of IAM role |
| [iam\_role\_path](#output\_iam\_role\_path) | Path of IAM role |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 8254dea..bee13ad 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -1,4 +1,4 @@
-# Complete AWS Eks Pod Identity Example
+# Complete AWS EKS Pod Identity Example
Configuration in this directory creates various EKS Pod Identity roles with their respective IAM policy(s) attached.
@@ -71,10 +71,153 @@ No inputs.
| Name | Description |
|------|-------------|
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_arn](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_id](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_name](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_arn](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_name](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_path](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_unique\_id](#output\_amazon\_managed\_service\_prometheus\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_arn](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_id](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_name](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_role\_arn](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_role\_name](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_role\_path](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_appmesh\_controller\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_appmesh\_controller\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_arn](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_id](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_name](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_arn](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_name](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_path](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_appmesh\_envoy\_proxy\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_arn](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_id](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_name](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_arn](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_name](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_path](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_cloudwatch\_observability\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_policy\_arn](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_policy\_id](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_policy\_name](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_role\_arn](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_role\_name](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_role\_path](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_ebs\_csi\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_ebs\_csi\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_efs\_csi\_pod\_identity\_iam\_policy\_arn](#output\_aws\_efs\_csi\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_efs\_csi\_pod\_identity\_iam\_policy\_id](#output\_aws\_efs\_csi\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_efs\_csi\_pod\_identity\_iam\_policy\_name](#output\_aws\_efs\_csi\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_efs\_csi\_pod\_identity\_iam\_role\_arn](#output\_aws\_efs\_csi\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_efs\_csi\_pod\_identity\_iam\_role\_name](#output\_aws\_efs\_csi\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_efs\_csi\_pod\_identity\_iam\_role\_path](#output\_aws\_efs\_csi\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_efs\_csi\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_efs\_csi\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_arn](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_id](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_name](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_arn](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_name](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_path](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_fsx\_lustre\_csi\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_policy\_arn](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_policy\_id](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_policy\_name](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_role\_arn](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_role\_name](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_role\_path](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_gateway\_controller\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_gateway\_controller\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_lb\_controller\_pod\_identity\_iam\_policy\_arn](#output\_aws\_lb\_controller\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_lb\_controller\_pod\_identity\_iam\_policy\_id](#output\_aws\_lb\_controller\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_lb\_controller\_pod\_identity\_iam\_policy\_name](#output\_aws\_lb\_controller\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_lb\_controller\_pod\_identity\_iam\_role\_arn](#output\_aws\_lb\_controller\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_lb\_controller\_pod\_identity\_iam\_role\_name](#output\_aws\_lb\_controller\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_lb\_controller\_pod\_identity\_iam\_role\_path](#output\_aws\_lb\_controller\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_lb\_controller\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_lb\_controller\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_arn](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_id](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_name](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_arn](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_name](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_path](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_lb\_controller\_targetgroup\_binding\_only\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_arn](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_id](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_name](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_arn](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_name](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_path](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_node\_termination\_handler\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_arn](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_id](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_name](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_role\_arn](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_role\_name](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_role\_path](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_privateca\_issuer\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_privateca\_issuer\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_arn](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_id](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_name](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_arn](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_name](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_path](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_vpc\_cni\_ipv4\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_arn](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_id](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_name](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_arn](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_name](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_path](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_unique\_id](#output\_aws\_vpc\_cni\_ipv6\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [cert\_manager\_pod\_identity\_iam\_policy\_arn](#output\_cert\_manager\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [cert\_manager\_pod\_identity\_iam\_policy\_id](#output\_cert\_manager\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [cert\_manager\_pod\_identity\_iam\_policy\_name](#output\_cert\_manager\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [cert\_manager\_pod\_identity\_iam\_role\_arn](#output\_cert\_manager\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [cert\_manager\_pod\_identity\_iam\_role\_name](#output\_cert\_manager\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [cert\_manager\_pod\_identity\_iam\_role\_path](#output\_cert\_manager\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [cert\_manager\_pod\_identity\_iam\_role\_unique\_id](#output\_cert\_manager\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [cluster\_autoscaler\_pod\_identity\_iam\_policy\_arn](#output\_cluster\_autoscaler\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [cluster\_autoscaler\_pod\_identity\_iam\_policy\_id](#output\_cluster\_autoscaler\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [cluster\_autoscaler\_pod\_identity\_iam\_policy\_name](#output\_cluster\_autoscaler\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [cluster\_autoscaler\_pod\_identity\_iam\_role\_arn](#output\_cluster\_autoscaler\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [cluster\_autoscaler\_pod\_identity\_iam\_role\_name](#output\_cluster\_autoscaler\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [cluster\_autoscaler\_pod\_identity\_iam\_role\_path](#output\_cluster\_autoscaler\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [cluster\_autoscaler\_pod\_identity\_iam\_role\_unique\_id](#output\_cluster\_autoscaler\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [custom\_pod\_identity\_iam\_policy\_arn](#output\_custom\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [custom\_pod\_identity\_iam\_policy\_id](#output\_custom\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [custom\_pod\_identity\_iam\_policy\_name](#output\_custom\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
| [custom\_pod\_identity\_iam\_role\_arn](#output\_custom\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
| [custom\_pod\_identity\_iam\_role\_name](#output\_custom\_pod\_identity\_iam\_role\_name) | Name of IAM role |
| [custom\_pod\_identity\_iam\_role\_path](#output\_custom\_pod\_identity\_iam\_role\_path) | Path of IAM role |
| [custom\_pod\_identity\_iam\_role\_unique\_id](#output\_custom\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [external\_dns\_pod\_identity\_iam\_policy\_arn](#output\_external\_dns\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [external\_dns\_pod\_identity\_iam\_policy\_id](#output\_external\_dns\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [external\_dns\_pod\_identity\_iam\_policy\_name](#output\_external\_dns\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [external\_dns\_pod\_identity\_iam\_role\_arn](#output\_external\_dns\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [external\_dns\_pod\_identity\_iam\_role\_name](#output\_external\_dns\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [external\_dns\_pod\_identity\_iam\_role\_path](#output\_external\_dns\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [external\_dns\_pod\_identity\_iam\_role\_unique\_id](#output\_external\_dns\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [external\_secrets\_pod\_identity\_iam\_policy\_arn](#output\_external\_secrets\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [external\_secrets\_pod\_identity\_iam\_policy\_id](#output\_external\_secrets\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [external\_secrets\_pod\_identity\_iam\_policy\_name](#output\_external\_secrets\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [external\_secrets\_pod\_identity\_iam\_role\_arn](#output\_external\_secrets\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [external\_secrets\_pod\_identity\_iam\_role\_name](#output\_external\_secrets\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [external\_secrets\_pod\_identity\_iam\_role\_path](#output\_external\_secrets\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [external\_secrets\_pod\_identity\_iam\_role\_unique\_id](#output\_external\_secrets\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_arn](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_id](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_name](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_arn](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_name](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_path](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_unique\_id](#output\_mountpoint\_s3\_csi\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
+| [velero\_pod\_identity\_iam\_policy\_arn](#output\_velero\_pod\_identity\_iam\_policy\_arn) | The ARN assigned by AWS to this policy |
+| [velero\_pod\_identity\_iam\_policy\_id](#output\_velero\_pod\_identity\_iam\_policy\_id) | ID of IAM policy |
+| [velero\_pod\_identity\_iam\_policy\_name](#output\_velero\_pod\_identity\_iam\_policy\_name) | Name of IAM policy |
+| [velero\_pod\_identity\_iam\_role\_arn](#output\_velero\_pod\_identity\_iam\_role\_arn) | ARN of IAM role |
+| [velero\_pod\_identity\_iam\_role\_name](#output\_velero\_pod\_identity\_iam\_role\_name) | Name of IAM role |
+| [velero\_pod\_identity\_iam\_role\_path](#output\_velero\_pod\_identity\_iam\_role\_path) | Path of IAM role |
+| [velero\_pod\_identity\_iam\_role\_unique\_id](#output\_velero\_pod\_identity\_iam\_role\_unique\_id) | Unique ID of IAM role |
Apache-2.0 Licensed. See [LICENSE](https://github.com/clowdhaus/terraform-aws-eks-pod-identity/blob/main/LICENSE).
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index e1623c3..0bd877c 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -3,7 +3,7 @@ provider "aws" {
}
locals {
- region = "us-east-1"
+ region = "eu-west-1"
name = "eks-pod-identity-ex-${basename(path.cwd)}"
tags = {
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index 7d522be..438ed09 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -21,3 +21,798 @@ output "custom_pod_identity_iam_role_unique_id" {
description = "Unique ID of IAM role"
value = module.custom_pod_identity.iam_role_unique_id
}
+
+output "custom_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.custom_pod_identity.iam_policy_arn
+}
+
+output "custom_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.custom_pod_identity.iam_policy_name
+}
+
+output "custom_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.custom_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS Gateway Controller
+################################################################################
+
+output "aws_gateway_controller_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_gateway_controller_pod_identity.iam_role_arn
+}
+
+output "aws_gateway_controller_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_gateway_controller_pod_identity.iam_role_name
+}
+
+output "aws_gateway_controller_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_gateway_controller_pod_identity.iam_role_path
+}
+
+output "aws_gateway_controller_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_gateway_controller_pod_identity.iam_role_unique_id
+}
+
+output "aws_gateway_controller_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_gateway_controller_pod_identity.iam_policy_arn
+}
+
+output "aws_gateway_controller_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_gateway_controller_pod_identity.iam_policy_name
+}
+
+output "aws_gateway_controller_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_gateway_controller_pod_identity.iam_policy_id
+}
+
+################################################################################
+# Cert-Manager
+################################################################################
+
+output "cert_manager_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.cert_manager_pod_identity.iam_role_arn
+}
+
+output "cert_manager_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.cert_manager_pod_identity.iam_role_name
+}
+
+output "cert_manager_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.cert_manager_pod_identity.iam_role_path
+}
+
+output "cert_manager_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.cert_manager_pod_identity.iam_role_unique_id
+}
+
+output "cert_manager_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.cert_manager_pod_identity.iam_policy_arn
+}
+
+output "cert_manager_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.cert_manager_pod_identity.iam_policy_name
+}
+
+output "cert_manager_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.cert_manager_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS CloudWatch Observability
+################################################################################
+
+output "aws_cloudwatch_observability_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_role_arn
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_role_name
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_role_path
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_role_unique_id
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_policy_arn
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_policy_name
+}
+
+output "aws_cloudwatch_observability_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_cloudwatch_observability_pod_identity.iam_policy_id
+}
+
+################################################################################
+# Cluster Autoscaler
+################################################################################
+
+output "cluster_autoscaler_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.cluster_autoscaler_pod_identity.iam_role_arn
+}
+
+output "cluster_autoscaler_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.cluster_autoscaler_pod_identity.iam_role_name
+}
+
+output "cluster_autoscaler_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.cluster_autoscaler_pod_identity.iam_role_path
+}
+
+output "cluster_autoscaler_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.cluster_autoscaler_pod_identity.iam_role_unique_id
+}
+
+output "cluster_autoscaler_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.cluster_autoscaler_pod_identity.iam_policy_arn
+}
+
+output "cluster_autoscaler_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.cluster_autoscaler_pod_identity.iam_policy_name
+}
+
+output "cluster_autoscaler_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.cluster_autoscaler_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS EBS CSI Driver
+################################################################################
+
+output "aws_ebs_csi_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_ebs_csi_pod_identity.iam_role_arn
+}
+
+output "aws_ebs_csi_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_ebs_csi_pod_identity.iam_role_name
+}
+
+output "aws_ebs_csi_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_ebs_csi_pod_identity.iam_role_path
+}
+
+output "aws_ebs_csi_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_ebs_csi_pod_identity.iam_role_unique_id
+}
+
+output "aws_ebs_csi_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_ebs_csi_pod_identity.iam_policy_arn
+}
+
+output "aws_ebs_csi_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_ebs_csi_pod_identity.iam_policy_name
+}
+
+output "aws_ebs_csi_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_ebs_csi_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS EFS CSI Driver
+################################################################################
+
+output "aws_efs_csi_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_efs_csi_pod_identity.iam_role_arn
+}
+
+output "aws_efs_csi_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_efs_csi_pod_identity.iam_role_name
+}
+
+output "aws_efs_csi_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_efs_csi_pod_identity.iam_role_path
+}
+
+output "aws_efs_csi_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_efs_csi_pod_identity.iam_role_unique_id
+}
+
+output "aws_efs_csi_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_efs_csi_pod_identity.iam_policy_arn
+}
+
+output "aws_efs_csi_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_efs_csi_pod_identity.iam_policy_name
+}
+
+output "aws_efs_csi_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_efs_csi_pod_identity.iam_policy_id
+}
+
+################################################################################
+# External-DNS
+################################################################################
+
+output "external_dns_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.external_dns_pod_identity.iam_role_arn
+}
+
+output "external_dns_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.external_dns_pod_identity.iam_role_name
+}
+
+output "external_dns_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.external_dns_pod_identity.iam_role_path
+}
+
+output "external_dns_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.external_dns_pod_identity.iam_role_unique_id
+}
+
+output "external_dns_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.external_dns_pod_identity.iam_policy_arn
+}
+
+output "external_dns_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.external_dns_pod_identity.iam_policy_name
+}
+
+output "external_dns_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.external_dns_pod_identity.iam_policy_id
+}
+
+################################################################################
+# External Secrets
+################################################################################
+
+output "external_secrets_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.external_secrets_pod_identity.iam_role_arn
+}
+
+output "external_secrets_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.external_secrets_pod_identity.iam_role_name
+}
+
+output "external_secrets_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.external_secrets_pod_identity.iam_role_path
+}
+
+output "external_secrets_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.external_secrets_pod_identity.iam_role_unique_id
+}
+
+output "external_secrets_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.external_secrets_pod_identity.iam_policy_arn
+}
+
+output "external_secrets_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.external_secrets_pod_identity.iam_policy_name
+}
+
+output "external_secrets_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.external_secrets_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS FSx for Lustre CSI Driver
+################################################################################
+
+output "aws_fsx_lustre_csi_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_role_arn
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_role_name
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_role_path
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_role_unique_id
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_policy_arn
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_policy_name
+}
+
+output "aws_fsx_lustre_csi_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_fsx_lustre_csi_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS Load Balancer Controller
+################################################################################
+
+output "aws_lb_controller_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_lb_controller_pod_identity.iam_role_arn
+}
+
+output "aws_lb_controller_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_lb_controller_pod_identity.iam_role_name
+}
+
+output "aws_lb_controller_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_lb_controller_pod_identity.iam_role_path
+}
+
+output "aws_lb_controller_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_lb_controller_pod_identity.iam_role_unique_id
+}
+
+output "aws_lb_controller_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_lb_controller_pod_identity.iam_policy_arn
+}
+
+output "aws_lb_controller_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_lb_controller_pod_identity.iam_policy_name
+}
+
+output "aws_lb_controller_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_lb_controller_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS Load Balancer Controller TargetGroup Binding Only
+################################################################################
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_role_arn
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_role_name
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_role_path
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_role_unique_id
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_policy_arn
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_policy_name
+}
+
+output "aws_lb_controller_targetgroup_binding_only_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_lb_controller_targetgroup_binding_only_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS AppMesh Controller
+################################################################################
+
+output "aws_appmesh_controller_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_appmesh_controller_pod_identity.iam_role_arn
+}
+
+output "aws_appmesh_controller_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_appmesh_controller_pod_identity.iam_role_name
+}
+
+output "aws_appmesh_controller_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_appmesh_controller_pod_identity.iam_role_path
+}
+
+output "aws_appmesh_controller_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_appmesh_controller_pod_identity.iam_role_unique_id
+}
+
+output "aws_appmesh_controller_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_appmesh_controller_pod_identity.iam_policy_arn
+}
+
+output "aws_appmesh_controller_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_appmesh_controller_pod_identity.iam_policy_name
+}
+
+output "aws_appmesh_controller_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_appmesh_controller_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS AppMesh Envoy Proxy
+################################################################################
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_role_arn
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_role_name
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_role_path
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_role_unique_id
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_policy_arn
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_policy_name
+}
+
+output "aws_appmesh_envoy_proxy_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_appmesh_envoy_proxy_pod_identity.iam_policy_id
+}
+
+################################################################################
+# Amazon Managed Service for Prometheus
+################################################################################
+
+output "amazon_managed_service_prometheus_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_role_arn
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_role_name
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_role_path
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_role_unique_id
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_policy_arn
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_policy_name
+}
+
+output "amazon_managed_service_prometheus_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.amazon_managed_service_prometheus_pod_identity.iam_policy_id
+}
+
+################################################################################
+# Mountpoint S3 CSI Driver
+################################################################################
+
+output "mountpoint_s3_csi_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.mountpoint_s3_csi_pod_identity.iam_role_arn
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.mountpoint_s3_csi_pod_identity.iam_role_name
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.mountpoint_s3_csi_pod_identity.iam_role_path
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.mountpoint_s3_csi_pod_identity.iam_role_unique_id
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.mountpoint_s3_csi_pod_identity.iam_policy_arn
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.mountpoint_s3_csi_pod_identity.iam_policy_name
+}
+
+output "mountpoint_s3_csi_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.mountpoint_s3_csi_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS Node Termination Handler
+################################################################################
+
+output "aws_node_termination_handler_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_node_termination_handler_pod_identity.iam_role_arn
+}
+
+output "aws_node_termination_handler_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_node_termination_handler_pod_identity.iam_role_name
+}
+
+output "aws_node_termination_handler_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_node_termination_handler_pod_identity.iam_role_path
+}
+
+output "aws_node_termination_handler_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_node_termination_handler_pod_identity.iam_role_unique_id
+}
+
+output "aws_node_termination_handler_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_node_termination_handler_pod_identity.iam_policy_arn
+}
+
+output "aws_node_termination_handler_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_node_termination_handler_pod_identity.iam_policy_name
+}
+
+output "aws_node_termination_handler_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_node_termination_handler_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS Private CA Issuer
+################################################################################
+
+output "aws_privateca_issuer_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_privateca_issuer_pod_identity.iam_role_arn
+}
+
+output "aws_privateca_issuer_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_privateca_issuer_pod_identity.iam_role_name
+}
+
+output "aws_privateca_issuer_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_privateca_issuer_pod_identity.iam_role_path
+}
+
+output "aws_privateca_issuer_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_privateca_issuer_pod_identity.iam_role_unique_id
+}
+
+output "aws_privateca_issuer_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_privateca_issuer_pod_identity.iam_policy_arn
+}
+
+output "aws_privateca_issuer_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_privateca_issuer_pod_identity.iam_policy_name
+}
+
+output "aws_privateca_issuer_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_privateca_issuer_pod_identity.iam_policy_id
+}
+
+################################################################################
+# Velero
+################################################################################
+
+output "velero_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.velero_pod_identity.iam_role_arn
+}
+
+output "velero_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.velero_pod_identity.iam_role_name
+}
+
+output "velero_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.velero_pod_identity.iam_role_path
+}
+
+output "velero_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.velero_pod_identity.iam_role_unique_id
+}
+
+output "velero_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.velero_pod_identity.iam_policy_arn
+}
+
+output "velero_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.velero_pod_identity.iam_policy_name
+}
+
+output "velero_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.velero_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS VPC CNI IPv4
+################################################################################
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_role_arn
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_role_name
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_role_path
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_role_unique_id
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_policy_arn
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_policy_name
+}
+
+output "aws_vpc_cni_ipv4_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_vpc_cni_ipv4_pod_identity.iam_policy_id
+}
+
+################################################################################
+# AWS VPC CNI IPv6
+################################################################################
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_role_arn" {
+ description = "ARN of IAM role"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_role_arn
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_role_name" {
+ description = "Name of IAM role"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_role_name
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_role_path" {
+ description = "Path of IAM role"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_role_path
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_role_unique_id" {
+ description = "Unique ID of IAM role"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_role_unique_id
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_policy_arn
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_policy_name" {
+ description = "Name of IAM policy"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_policy_name
+}
+
+output "aws_vpc_cni_ipv6_pod_identity_iam_policy_id" {
+ description = "ID of IAM policy"
+ value = module.aws_vpc_cni_ipv6_pod_identity.iam_policy_id
+}
diff --git a/mountpoint_s3_csi.tf b/mountpoint_s3_csi.tf
index fb7aad8..bf55a45 100644
--- a/mountpoint_s3_csi.tf
+++ b/mountpoint_s3_csi.tf
@@ -29,7 +29,7 @@ data "aws_iam_policy_document" "mountpoint_s3_csi" {
}
locals {
- mountpoint_s3_csi_policy_name = coalesce(var.mountpoint_s3_csi_policy_name, "${var.policy_name_prefix}MountpointS3CSI")
+ mountpoint_s3_csi_policy_name = coalesce(var.mountpoint_s3_csi_policy_name, "${var.policy_name_prefix}MountpointS3_CSI")
}
resource "aws_iam_policy" "mountpoint_s3_csi" {
diff --git a/outputs.tf b/outputs.tf
index 95241a0..50ea6b0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -21,3 +21,87 @@ output "iam_role_unique_id" {
description = "Unique ID of IAM role"
value = try(aws_iam_role.this[0].unique_id, null)
}
+
+################################################################################
+# IAM Policy
+# Note: The module is designed to create a single IAM role with a single policy;
+# therefore, we only output one policy ARN, name, and ID (the first one that resolves)
+################################################################################
+
+output "iam_policy_arn" {
+ description = "The ARN assigned by AWS to this policy"
+ value = try(
+ aws_iam_policy.amazon_managed_service_prometheus[0].arn,
+ aws_iam_policy.appmesh_controller[0].arn,
+ aws_iam_policy.appmesh_envoy_proxy[0].arn,
+ aws_iam_policy.aws_gateway_controller[0].arn,
+ aws_iam_policy.aws_privateca_issuer[0].arn,
+ aws_iam_policy.cert_manager[0].arn,
+ aws_iam_policy.cluster_autoscaler[0].arn,
+ aws_iam_policy.ebs_csi[0].arn,
+ aws_iam_policy.efs_csi[0].arn,
+ aws_iam_policy.external_dns[0].arn,
+ aws_iam_policy.external_secrets[0].arn,
+ aws_iam_policy.fsx_lustre_csi[0].arn,
+ aws_iam_policy.lb_controller[0].arn,
+ aws_iam_policy.lb_controller_targetgroup_only[0].arn,
+ aws_iam_policy.mountpoint_s3_csi[0].arn,
+ aws_iam_policy.node_termination_handler[0].arn,
+ aws_iam_policy.velero[0].arn,
+ aws_iam_policy.vpc_cni[0].arn,
+ aws_iam_policy.custom[0].arn,
+ null,
+ )
+}
+
+output "iam_policy_name" {
+ description = "Name of IAM policy"
+ value = try(
+ aws_iam_policy.amazon_managed_service_prometheus[0].name,
+ aws_iam_policy.appmesh_controller[0].name,
+ aws_iam_policy.appmesh_envoy_proxy[0].name,
+ aws_iam_policy.aws_gateway_controller[0].name,
+ aws_iam_policy.aws_privateca_issuer[0].name,
+ aws_iam_policy.cert_manager[0].name,
+ aws_iam_policy.cluster_autoscaler[0].name,
+ aws_iam_policy.ebs_csi[0].name,
+ aws_iam_policy.efs_csi[0].name,
+ aws_iam_policy.external_dns[0].name,
+ aws_iam_policy.external_secrets[0].name,
+ aws_iam_policy.fsx_lustre_csi[0].name,
+ aws_iam_policy.lb_controller[0].name,
+ aws_iam_policy.lb_controller_targetgroup_only[0].name,
+ aws_iam_policy.mountpoint_s3_csi[0].name,
+ aws_iam_policy.node_termination_handler[0].name,
+ aws_iam_policy.velero[0].name,
+ aws_iam_policy.vpc_cni[0].name,
+ aws_iam_policy.custom[0].name,
+ null,
+ )
+}
+
+output "iam_policy_id" {
+ description = " The policy's ID"
+ value = try(
+ aws_iam_policy.amazon_managed_service_prometheus[0].policy_id,
+ aws_iam_policy.appmesh_controller[0].policy_id,
+ aws_iam_policy.appmesh_envoy_proxy[0].policy_id,
+ aws_iam_policy.aws_gateway_controller[0].policy_id,
+ aws_iam_policy.aws_privateca_issuer[0].policy_id,
+ aws_iam_policy.cert_manager[0].policy_id,
+ aws_iam_policy.cluster_autoscaler[0].policy_id,
+ aws_iam_policy.ebs_csi[0].policy_id,
+ aws_iam_policy.efs_csi[0].policy_id,
+ aws_iam_policy.external_dns[0].policy_id,
+ aws_iam_policy.external_secrets[0].policy_id,
+ aws_iam_policy.fsx_lustre_csi[0].policy_id,
+ aws_iam_policy.lb_controller[0].policy_id,
+ aws_iam_policy.lb_controller_targetgroup_only[0].policy_id,
+ aws_iam_policy.mountpoint_s3_csi[0].policy_id,
+ aws_iam_policy.node_termination_handler[0].policy_id,
+ aws_iam_policy.velero[0].policy_id,
+ aws_iam_policy.vpc_cni[0].policy_id,
+ aws_iam_policy.custom[0].policy_id,
+ null,
+ )
+}
diff --git a/wrappers/README.md b/wrappers/README.md
new file mode 100644
index 0000000..13ae2d5
--- /dev/null
+++ b/wrappers/README.md
@@ -0,0 +1,100 @@
+# Wrapper for the root module
+
+The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
+
+You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
+
+This wrapper does not implement any extra functionality.
+
+## Usage with Terragrunt
+
+`terragrunt.hcl`:
+
+```hcl
+terraform {
+ source = "tfr:///terraform-aws-modules/eks-pod-identity/aws//wrappers"
+ # Alternative source:
+ # source = "git::git@github.com:terraform-aws-modules/terraform-aws-eks-pod-identity.git//wrappers?ref=master"
+}
+
+inputs = {
+ defaults = { # Default values
+ create = true
+ tags = {
+ Terraform = "true"
+ Environment = "dev"
+ }
+ }
+
+ items = {
+ my-item = {
+ # omitted... can be any argument supported by the module
+ }
+ my-second-item = {
+ # omitted... can be any argument supported by the module
+ }
+ # omitted...
+ }
+}
+```
+
+## Usage with Terraform
+
+```hcl
+module "wrapper" {
+ source = "terraform-aws-modules/eks-pod-identity/aws//wrappers"
+
+ defaults = { # Default values
+ create = true
+ tags = {
+ Terraform = "true"
+ Environment = "dev"
+ }
+ }
+
+ items = {
+ my-item = {
+ # omitted... can be any argument supported by the module
+ }
+ my-second-item = {
+ # omitted... can be any argument supported by the module
+ }
+ # omitted...
+ }
+}
+```
+
+## Example: Manage multiple S3 buckets in one Terragrunt layer
+
+`eu-west-1/s3-buckets/terragrunt.hcl`:
+
+```hcl
+terraform {
+ source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers"
+ # Alternative source:
+ # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master"
+}
+
+inputs = {
+ defaults = {
+ force_destroy = true
+
+ attach_elb_log_delivery_policy = true
+ attach_lb_log_delivery_policy = true
+ attach_deny_insecure_transport_policy = true
+ attach_require_latest_tls_policy = true
+ }
+
+ items = {
+ bucket1 = {
+ bucket = "my-random-bucket-1"
+ }
+ bucket2 = {
+ bucket = "my-random-bucket-2"
+ tags = {
+ Secure = "probably"
+ }
+ }
+ }
+}
+```
diff --git a/wrappers/main.tf b/wrappers/main.tf
new file mode 100644
index 0000000..7d2d193
--- /dev/null
+++ b/wrappers/main.tf
@@ -0,0 +1,78 @@
+module "wrapper" {
+ source = "../"
+
+ for_each = var.items
+
+ additional_policy_arns = try(each.value.additional_policy_arns, var.defaults.additional_policy_arns, {})
+ amazon_managed_service_prometheus_policy_name = try(each.value.amazon_managed_service_prometheus_policy_name, var.defaults.amazon_managed_service_prometheus_policy_name, null)
+ amazon_managed_service_prometheus_workspace_arns = try(each.value.amazon_managed_service_prometheus_workspace_arns, var.defaults.amazon_managed_service_prometheus_workspace_arns, [])
+ appmesh_controller_policy_name = try(each.value.appmesh_controller_policy_name, var.defaults.appmesh_controller_policy_name, null)
+ appmesh_envoy_proxy_policy_name = try(each.value.appmesh_envoy_proxy_policy_name, var.defaults.appmesh_envoy_proxy_policy_name, null)
+ attach_amazon_managed_service_prometheus_policy = try(each.value.attach_amazon_managed_service_prometheus_policy, var.defaults.attach_amazon_managed_service_prometheus_policy, false)
+ attach_aws_appmesh_controller_policy = try(each.value.attach_aws_appmesh_controller_policy, var.defaults.attach_aws_appmesh_controller_policy, false)
+ attach_aws_appmesh_envoy_proxy_policy = try(each.value.attach_aws_appmesh_envoy_proxy_policy, var.defaults.attach_aws_appmesh_envoy_proxy_policy, false)
+ attach_aws_cloudwatch_observability_policy = try(each.value.attach_aws_cloudwatch_observability_policy, var.defaults.attach_aws_cloudwatch_observability_policy, false)
+ attach_aws_ebs_csi_policy = try(each.value.attach_aws_ebs_csi_policy, var.defaults.attach_aws_ebs_csi_policy, false)
+ attach_aws_efs_csi_policy = try(each.value.attach_aws_efs_csi_policy, var.defaults.attach_aws_efs_csi_policy, false)
+ attach_aws_fsx_lustre_csi_policy = try(each.value.attach_aws_fsx_lustre_csi_policy, var.defaults.attach_aws_fsx_lustre_csi_policy, false)
+ attach_aws_gateway_controller_policy = try(each.value.attach_aws_gateway_controller_policy, var.defaults.attach_aws_gateway_controller_policy, false)
+ attach_aws_lb_controller_policy = try(each.value.attach_aws_lb_controller_policy, var.defaults.attach_aws_lb_controller_policy, false)
+ attach_aws_lb_controller_targetgroup_binding_only_policy = try(each.value.attach_aws_lb_controller_targetgroup_binding_only_policy, var.defaults.attach_aws_lb_controller_targetgroup_binding_only_policy, false)
+ attach_aws_node_termination_handler_policy = try(each.value.attach_aws_node_termination_handler_policy, var.defaults.attach_aws_node_termination_handler_policy, false)
+ attach_aws_privateca_issuer_policy = try(each.value.attach_aws_privateca_issuer_policy, var.defaults.attach_aws_privateca_issuer_policy, false)
+ attach_aws_vpc_cni_policy = try(each.value.attach_aws_vpc_cni_policy, var.defaults.attach_aws_vpc_cni_policy, false)
+ attach_cert_manager_policy = try(each.value.attach_cert_manager_policy, var.defaults.attach_cert_manager_policy, false)
+ attach_cluster_autoscaler_policy = try(each.value.attach_cluster_autoscaler_policy, var.defaults.attach_cluster_autoscaler_policy, false)
+ attach_custom_policy = try(each.value.attach_custom_policy, var.defaults.attach_custom_policy, false)
+ attach_external_dns_policy = try(each.value.attach_external_dns_policy, var.defaults.attach_external_dns_policy, false)
+ attach_external_secrets_policy = try(each.value.attach_external_secrets_policy, var.defaults.attach_external_secrets_policy, false)
+ attach_mountpoint_s3_csi_policy = try(each.value.attach_mountpoint_s3_csi_policy, var.defaults.attach_mountpoint_s3_csi_policy, false)
+ attach_velero_policy = try(each.value.attach_velero_policy, var.defaults.attach_velero_policy, false)
+ aws_ebs_csi_kms_arns = try(each.value.aws_ebs_csi_kms_arns, var.defaults.aws_ebs_csi_kms_arns, [])
+ aws_ebs_csi_policy_name = try(each.value.aws_ebs_csi_policy_name, var.defaults.aws_ebs_csi_policy_name, null)
+ aws_efs_csi_policy_name = try(each.value.aws_efs_csi_policy_name, var.defaults.aws_efs_csi_policy_name, null)
+ aws_fsx_lustre_csi_policy_name = try(each.value.aws_fsx_lustre_csi_policy_name, var.defaults.aws_fsx_lustre_csi_policy_name, null)
+ aws_fsx_lustre_csi_service_role_arns = try(each.value.aws_fsx_lustre_csi_service_role_arns, var.defaults.aws_fsx_lustre_csi_service_role_arns, [])
+ aws_gateway_controller_policy_name = try(each.value.aws_gateway_controller_policy_name, var.defaults.aws_gateway_controller_policy_name, null)
+ aws_lb_controller_policy_name = try(each.value.aws_lb_controller_policy_name, var.defaults.aws_lb_controller_policy_name, null)
+ aws_lb_controller_targetgroup_arns = try(each.value.aws_lb_controller_targetgroup_arns, var.defaults.aws_lb_controller_targetgroup_arns, [])
+ aws_lb_controller_targetgroup_only_policy_name = try(each.value.aws_lb_controller_targetgroup_only_policy_name, var.defaults.aws_lb_controller_targetgroup_only_policy_name, null)
+ aws_node_termination_handler_policy_name = try(each.value.aws_node_termination_handler_policy_name, var.defaults.aws_node_termination_handler_policy_name, null)
+ aws_node_termination_handler_sqs_queue_arns = try(each.value.aws_node_termination_handler_sqs_queue_arns, var.defaults.aws_node_termination_handler_sqs_queue_arns, [])
+ aws_privateca_issuer_acmca_arns = try(each.value.aws_privateca_issuer_acmca_arns, var.defaults.aws_privateca_issuer_acmca_arns, [])
+ aws_privateca_issuer_policy_name = try(each.value.aws_privateca_issuer_policy_name, var.defaults.aws_privateca_issuer_policy_name, null)
+ aws_vpc_cni_enable_ipv4 = try(each.value.aws_vpc_cni_enable_ipv4, var.defaults.aws_vpc_cni_enable_ipv4, false)
+ aws_vpc_cni_enable_ipv6 = try(each.value.aws_vpc_cni_enable_ipv6, var.defaults.aws_vpc_cni_enable_ipv6, false)
+ aws_vpc_cni_policy_name = try(each.value.aws_vpc_cni_policy_name, var.defaults.aws_vpc_cni_policy_name, null)
+ cert_manager_hosted_zone_arns = try(each.value.cert_manager_hosted_zone_arns, var.defaults.cert_manager_hosted_zone_arns, [])
+ cert_manager_policy_name = try(each.value.cert_manager_policy_name, var.defaults.cert_manager_policy_name, null)
+ cluster_autoscaler_cluster_names = try(each.value.cluster_autoscaler_cluster_names, var.defaults.cluster_autoscaler_cluster_names, [])
+ cluster_autoscaler_policy_name = try(each.value.cluster_autoscaler_policy_name, var.defaults.cluster_autoscaler_policy_name, null)
+ create = try(each.value.create, var.defaults.create, true)
+ custom_policy_description = try(each.value.custom_policy_description, var.defaults.custom_policy_description, "Custom IAM Policy")
+ description = try(each.value.description, var.defaults.description, null)
+ external_dns_hosted_zone_arns = try(each.value.external_dns_hosted_zone_arns, var.defaults.external_dns_hosted_zone_arns, [])
+ external_dns_policy_name = try(each.value.external_dns_policy_name, var.defaults.external_dns_policy_name, null)
+ external_secrets_create_permission = try(each.value.external_secrets_create_permission, var.defaults.external_secrets_create_permission, false)
+ external_secrets_kms_key_arns = try(each.value.external_secrets_kms_key_arns, var.defaults.external_secrets_kms_key_arns, [])
+ external_secrets_policy_name = try(each.value.external_secrets_policy_name, var.defaults.external_secrets_policy_name, null)
+ external_secrets_secrets_manager_arns = try(each.value.external_secrets_secrets_manager_arns, var.defaults.external_secrets_secrets_manager_arns, [])
+ external_secrets_ssm_parameter_arns = try(each.value.external_secrets_ssm_parameter_arns, var.defaults.external_secrets_ssm_parameter_arns, [])
+ max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, null)
+ mountpoint_s3_csi_bucket_arns = try(each.value.mountpoint_s3_csi_bucket_arns, var.defaults.mountpoint_s3_csi_bucket_arns, [])
+ mountpoint_s3_csi_bucket_path_arns = try(each.value.mountpoint_s3_csi_bucket_path_arns, var.defaults.mountpoint_s3_csi_bucket_path_arns, [])
+ mountpoint_s3_csi_policy_name = try(each.value.mountpoint_s3_csi_policy_name, var.defaults.mountpoint_s3_csi_policy_name, null)
+ name = try(each.value.name, var.defaults.name, "")
+ override_policy_documents = try(each.value.override_policy_documents, var.defaults.override_policy_documents, [])
+ path = try(each.value.path, var.defaults.path, "/")
+ permissions_boundary_arn = try(each.value.permissions_boundary_arn, var.defaults.permissions_boundary_arn, null)
+ policy_name_prefix = try(each.value.policy_name_prefix, var.defaults.policy_name_prefix, "AmazonEKS_")
+ policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, [])
+ source_policy_documents = try(each.value.source_policy_documents, var.defaults.source_policy_documents, [])
+ tags = try(each.value.tags, var.defaults.tags, {})
+ trust_policy_statements = try(each.value.trust_policy_statements, var.defaults.trust_policy_statements, [])
+ use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true)
+ velero_policy_name = try(each.value.velero_policy_name, var.defaults.velero_policy_name, null)
+ velero_s3_bucket_arns = try(each.value.velero_s3_bucket_arns, var.defaults.velero_s3_bucket_arns, [])
+ velero_s3_bucket_path_arns = try(each.value.velero_s3_bucket_path_arns, var.defaults.velero_s3_bucket_path_arns, [])
+}
diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf
new file mode 100644
index 0000000..ec6da5f
--- /dev/null
+++ b/wrappers/outputs.tf
@@ -0,0 +1,5 @@
+output "wrapper" {
+ description = "Map of outputs of a wrapper."
+ value = module.wrapper
+ # sensitive = false # No sensitive module output found
+}
diff --git a/wrappers/variables.tf b/wrappers/variables.tf
new file mode 100644
index 0000000..a6ea096
--- /dev/null
+++ b/wrappers/variables.tf
@@ -0,0 +1,11 @@
+variable "defaults" {
+ description = "Map of default values which will be used for each item."
+ type = any
+ default = {}
+}
+
+variable "items" {
+ description = "Maps of items to create a wrapper from. Values are passed through to the module."
+ type = any
+ default = {}
+}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
new file mode 100644
index 0000000..51cad10
--- /dev/null
+++ b/wrappers/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 0.13.1"
+}