[Bug]: irsa roles are not being created with correct name for aws_for_fluentbit #788
Closed
1 task done
Labels
bug
Something isn't working
Welcome to Amazon EKS Blueprints!
Amazon EKS Blueprints Release version
4.5.0
What is your environment, configuration and the example used?
The name of the IAM role created when using OpenSearch with aws_for_fluentbit is important as it has to be added to the security settings of OpenSearch. As such the name should be configurable, unfortunately something in v4.5.0 has prevented this from being possible (unless I am missing something).
It appears as if the change made to support named irsa roles in the irsa module is not propagated through to the addons.
As such I cannot find anyway to name the role (the optional irsa_iam_role_name configuration isn't propagated upwards) and at least in the case of the aws_for_fluentbit addon, the role seems to be created with the name "terraform--****" instead of the name resulting from
format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")
.I am unsure where it is getting the "terraform--****" value from but it seems to be set in
var.addon_context.irsa_iam_role_name
some how.What did you do and What did you see instead?
In v4.4.0 the name of the aws_for_fluentbit irsa role was something like amce-preprod-test-eks-aws-for-fluent-bit-sa-irsa based on the code
format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")
but in v4.5.0 the role name isterraform-2022071810100220800000001a
Additional Information
The text was updated successfully, but these errors were encountered: