const nodeGroupRoleName = "eks-ng-role";
const nodeGroupRole = new aws.iam.Role(
nodeGroupRoleName,
{
namePrefix: `${nodeGroupRoleName}-`,
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Effect: "Allow",
Principal: {
Service: "ec2.amazonaws.com",
},
},
],
},
tags: {
Name: nodeGroupRoleName,
"loliot.net/stack": variable.stackName,
},
},
{ protect: true }
);
const nodeGroupInstanceProfileName = "eks-ng-instacne-profile";
const nodeGroupInstanceProfile = new aws.iam.InstanceProfile(
nodeGroupInstanceProfileName,
{
namePrefix: `${nodeGroupInstanceProfileName}-`,
role: nodeGroupRole.name,
tags: {
Name: nodeGroupInstanceProfileName,
"loliot.net/stack": variable.stackName,
},
},
{ protect: true }
);
const nodeGroupPolicyARNs = {
"0": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
"1": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
"2": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
"3": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
};
const nodeGroupRpas = Object.entries(nodeGroupPolicyARNs).map(
([i, arn]) =>
new aws.iam.RolePolicyAttachment(
`eks-ng-rpa-${i}`,
{
policyArn: arn,
role: nodeGroupRole.name,
},
{ protect: true }
)
);