Bump iam_role and iam_policy modules (#19)

* Bump iam_role and iam_policy modules * Auto Format * Update README to reflect changes to IAM policy * Auto Format Co-authored-by: cloudpossebot <[email protected]>
cloudposse · Dec 22, 2021 · abe5f59 · abe5f59
1 parent b38d98f
commit abe5f59
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -122,30 +122,33 @@ module "helm_release" {
   # values = [
   # ]
 
+  # Enable the IAM role
+  iam_role_enabled = true
+
+  # Add the IAM role using set()
+  service_account_role_arn_annotation_enabled = true
+
   # Dictates which ServiceAccounts are allowed to assume the IAM Role.
   # In this case, only the "echo" ServiceAccount in the "echo" namespace
   # will be able to assume the IAM Role created by this module.
   service_account_name      = "echo"
   service_account_namespace = "echo"
 
-  iam_role_enabled = true
-
-  iam_policy_statements = [
-    {
-      sid        = "ListMyBucket"
+  # IAM policy statements to add to the IAM role
+  iam_policy_statements = {
+    ListMyBucket = {
       effect     = "Allow"
       actions    = ["s3:ListBucket"]
       resources  = ["arn:aws:s3:::test"]
       conditions = []
     },
-    {
-      sid        = "WriteMyBucket"
+    WriteMyBucket = {
       effect     = "Allow"
       actions    = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
       resources  = ["arn:aws:s3:::test/*"]
       conditions = []
     },
-  ]
+  }
 }
 ```
 
@@ -167,7 +170,10 @@ module "helm_release" {
   service_account_namespace = "echo"
 
   iam_role_enabled = true
-  ...
+
+  service_account_role_arn_annotation_enabled = true
+
+  # ...
 }
 ```
 
@@ -214,8 +220,8 @@ Available targets:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.2.3 |
-| <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 0.10.3 |
+| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.3.0 |
+| <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 0.11.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources

diff --git a/README.yaml b/README.yaml
@@ -91,30 +91,33 @@ usage: |-
     # values = [
     # ]
 
+    # Enable the IAM role
+    iam_role_enabled = true
+
+    # Add the IAM role using set()
+    service_account_role_arn_annotation_enabled = true
+
     # Dictates which ServiceAccounts are allowed to assume the IAM Role.
     # In this case, only the "echo" ServiceAccount in the "echo" namespace
     # will be able to assume the IAM Role created by this module.
     service_account_name      = "echo"
     service_account_namespace = "echo"
 
-    iam_role_enabled = true
-
-    iam_policy_statements = [
-      {
-        sid        = "ListMyBucket"
+    # IAM policy statements to add to the IAM role
+    iam_policy_statements = {
+      ListMyBucket = {
         effect     = "Allow"
         actions    = ["s3:ListBucket"]
         resources  = ["arn:aws:s3:::test"]
         conditions = []
       },
-      {
-        sid        = "WriteMyBucket"
+      WriteMyBucket = {
         effect     = "Allow"
         actions    = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
         resources  = ["arn:aws:s3:::test/*"]
         conditions = []
       },
-    ]
+    }
   }
   ```
 
@@ -136,7 +139,10 @@ usage: |-
     service_account_namespace = "echo"
 
     iam_role_enabled = true
-    ...
+
+    service_account_role_arn_annotation_enabled = true
+
+    # ...
   }
   ```
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -16,8 +16,8 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.2.3 |
-| <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 0.10.3 |
+| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.3.0 |
+| <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 0.11.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources

diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@ locals {
 
 module "eks_iam_policy" {
   source  = "cloudposse/iam-policy/aws"
-  version = "0.2.3"
+  version = "0.3.0"
 
   enabled = local.iam_role_enabled
 
@@ -18,12 +18,12 @@ module "eks_iam_policy" {
 
 module "eks_iam_role" {
   source  = "cloudposse/eks-iam-role/aws"
-  version = "0.10.3"
+  version = "0.11.0"
 
   enabled = local.iam_role_enabled
 
   aws_account_number          = var.aws_account_number
-  aws_iam_policy_document     = local.iam_role_enabled ? module.eks_iam_policy.json : "{}"
+  aws_iam_policy_document     = local.iam_role_enabled ? [module.eks_iam_policy.json] : ["{}"]
   aws_partition               = var.aws_partition
   eks_cluster_oidc_issuer_url = var.eks_cluster_oidc_issuer_url
   service_account_name        = var.service_account_name