aws-efs-csi-driver
AWS EFS Container Storage Interface Driver
사전 요구 사항
import * as aws from "@pulumi/aws";
import * as variable from "@src/variable";
const awsEFSCSIDriverRoleName = "aws-efs-csi-driver-role";
export const awsEFSCSIDriverRole = new aws.iam.Role(
awsEFSCSIDriverRoleName,
{
namePrefix: `${awsEFSCSIDriverRoleName}-`,
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Federated: variable.eks.core.eks.apply((eks) => eks.oidcProvider.arn),
},
Condition: {
StringEquals: variable.eks.core.eks.apply((eks) => ({
[`${eks.oidcProvider.url}:aud`]: "sts.amazonaws.com",
[`${eks.oidcProvider.url}:sub`]:
// system:serviceaccount:<namespace>:<serviceAccount>
"system:serviceaccount:kube-system:aws-efs-csi-driver",
})),
},
Action: "sts:AssumeRoleWithWebIdentity",
},
],
},
tags: {
Name: awsEFSCSIDriverRoleName,
"loliot.net/stack": variable.stackName,
},
},
{ protect: true },
);
new aws.iam.RolePolicyAttachment(
"aws-efs-csi-driver-rpa-0",
{
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy",
role: awsEFSCSIDriverRole.name,
},
{ protect: true },
);