Inputs

The following input variables are supported:

annotate_service_account

Description: Whether or not to annotate the service account with the AWS role ARN

Type: bool

Default: true

extra_aws_permissions

Description: Extra JSON-encoded AWS permissions to assign to the workflow

Type: string

Default: "{}"

ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

service_account

Description: The name of the service account that should be able to assume the AWS permissions.

Type: string

Default: n/a

service_account_namespace

Description: The namespace of the service account.

Type: string

Default: n/a

Outputs

The following outputs are exported:

policy_arn

Description: The ARN of the policy assigned to the role.

role_arn

Description: The ARN of the AWS role created for the service account.

role_name

Description: The name of the AWS role created for the service account.

service_account_annotations

Description: The annotations to apply to the service account

Providers

The following providers are needed by this module:

• aws (6.40.0)

• kubectl (2.1.6)

• kubernetes (2.35.0)

• pf (0.0.7)

• random (3.8.1)