Allow to set user defined workers role name (terraform-aws-modules#496)

* Allow to set user defined workers role name * Add changelog entry * Keep single variable for worker role name
michyweb · Sep 12, 2019 · a47f464 · a47f464
1 parent 4264a5f
commit a47f464
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
  - Updated `local.spot_allocation_strategy` docstring to indicate availability of new `capacity-optimized` option. (by @sc250024)
  - Added support for initial lifecycle hooks for autosacling groups (@barryib)
  - Added option to recreate ASG when LT or LC changes (by @barryib)
+ - Ability to specify workers role name (by @ivanich)
 
 ### Changed
 

diff --git a/README.md b/README.md
@@ -135,6 +135,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no |
 | manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | bool | `"true"` | no |
 | manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | bool | `"true"` | no |
+| workers\_role\_name | User defined workers role name. | sting | `""` | no |
 | map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(string) | `[]` | no |
 | map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(map(string)) | `[]` | no |
 | map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(map(string)) | `[]` | no |

diff --git a/variables.tf b/variables.tf
@@ -251,3 +251,9 @@ variable "manage_worker_iam_resources" {
   type        = bool
   default     = true
 }
+
+variable "workers_role_name" {
+  description = "User defined workers role name."
+  type        = string
+  default     = ""
+}
diff --git a/workers.tf b/workers.tf
@@ -314,7 +314,8 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
 
 resource "aws_iam_role" "workers" {
   count                 = var.manage_worker_iam_resources ? 1 : 0
-  name_prefix           = aws_eks_cluster.this.name
+  name_prefix           = var.workers_role_name != "" ? null : aws_eks_cluster.this.name
+  name                  = var.workers_role_name != "" ? var.workers_role_name : null
   assume_role_policy    = data.aws_iam_policy_document.workers_assume_role_policy.json
   permissions_boundary  = var.permissions_boundary
   path                  = var.iam_path