fix aws changes

commjoen · commjoen · commit 7c3a4cbd48d9 · 2023-01-03T00:20:27.000+01:00
diff --git a/aws/irsa.tf b/aws/irsa.tf
@@ -37,7 +37,7 @@ resource "aws_iam_role_policy_attachment" "irsa_role_attachment" {
 
 resource "aws_iam_policy" "secret_manager" {
   name_prefix = "secret-manager"
-  description = "EKS secret manager policy for cluster ${module.eks.cluster_id}"
+  description = "EKS secret manager policy for cluster ${module.eks.cluster_name}"
   policy      = data.aws_iam_policy_document.secret_manager.json
 }
 
diff --git a/aws/main.tf b/aws/main.tf
@@ -1,11 +1,11 @@
 terraform {
   # Set your region and bucket name (output from shared state) in the placeholder below
   # Then uncomment and apply!
-  # backend "s3" {
-  #   region = "eu-west-1" # Change if desired
-  #   bucket = "" # Put your bucket name here
-  #   key    = "wrongsecrets/terraform.tfstate" # Change if desired
-  # }
+  backend "s3" {
+    region = "eu-west-1" # Change if desired
+    bucket = "terraform-20230102231352749300000001" # Put your bucket name here
+    key    = "wrongsecrets/terraform.tfstate" # Change if desired
+  }
 }
 
 locals {
@@ -72,6 +72,7 @@ module "eks" {
 
 
   cluster_endpoint_private_access = true
+  cluster_endpoint_public_access  = true
 
   cluster_endpoint_public_access_cidrs = compact(concat(["${data.http.ip.response_body}/32"], var.extra_allowed_ip_ranges))
 
@@ -89,19 +90,18 @@ module "eks" {
     disk_iops       = 3000
     instance_types  = ["t3a.medium"]
 
-    iam_role_additional_policies = [
-      "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
-      "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
-      "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
-      "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
-      "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
-    ]
+    iam_role_additional_policies = {
+      AmazonEKSWorkerNodePolicy: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+      AmazonEKS_CNI_Policy: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+      AmazonEC2ContainerRegistryReadOnly: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+      AmazonSSMManagedInstanceCore: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+      AmazonEKSVPCResourceController: "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+    }
   }
 
   eks_managed_node_groups = {
     bottlerocket_default = {
-      create_launch_template = false
-      launch_template_name   = ""
+      use_custom_launch_template = false
       min_size               = 3
       max_size               = 50
       desired_size           = 3
diff --git a/aws/outputs.tf b/aws/outputs.tf
@@ -17,3 +17,9 @@ output "secrets_manager_secret_name" {
   description = "The name of the secrets manager secret"
   value       = aws_secretsmanager_secret.secret.name
 }
+
+
+output "cluster_id" {
+  description = "The id of the cluster"
+  value       = module.eks.cluster_id
+}

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ resource "aws_iam_role_policy_attachment" "irsa_role_attachment" {`
`37`	`37`
`38`	`38`	`resource "aws_iam_policy" "secret_manager" {`
`39`	`39`	`name_prefix = "secret-manager"`
`40`		`- description = "EKS secret manager policy for cluster ${module.eks.cluster_id}"`
	`40`	`+ description = "EKS secret manager policy for cluster ${module.eks.cluster_name}"`
`41`	`41`	`policy = data.aws_iam_policy_document.secret_manager.json`
`42`	`42`	`}`
`43`	`43`