Inputs

The following input variables are supported:

allow_public_s3_presigned_urls

Description: Whether to allow the service account to generate presigned URLs that will be publicly accessible

Type: bool

Default: false

annotate_service_account

Description: Whether or not to annotate the service account

Type: bool

Default: true

iam_policy_json

Description: An IAM policy document in rendered JSON string form.

Type: string

Default: n/a

ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

service_account

Description: The name of the service account that should be able to assume the AWS permissions.

Type: string

Default: n/a

service_account_namespace

Description: The namespace of the service account.

Type: string

Default: n/a

Outputs

The following outputs are exported:

policy_arn

Description: The ARN of the policy assigned to the role.

role_arn

Description: The ARN of the role created for the service account.

role_name

Description: The name of the role created for the service account.

service_account_annotations

Description: The annotations to apply to the service account

Providers

The following providers are needed by this module:

• aws (6.40.0)

• kubectl (2.1.6)

• kubernetes (2.35.0)

• pf (0.0.7)