Hello,
We currently handle all our AWS infrastructure exclusively through Terraform and do not utilize AWS GUI/CLI. I’m inquiring whether it’s feasible to establish a service account within an EKS cluster that is managed and set up by Qovery. My approach is based on this guide: Using AWS IAM Roles with Qovery, and I aim to implement all the steps solely via Terraform.
Thank you.
Hello @Syed_Iftekhar_Ahmed,
I’ll take a look and get back to you as soon as I have a proper terraform setup
Ok. Here is how I tried it.
data "aws_eks_cluster" "my_cluster" {
name = "CLUSTER_NAME_MADE_BY_QOVERY"
}
data "aws_eks_cluster_auth" "my_cluster" {
name = "CLUSTER_NAME_MADE_BY_QOVERY"
}
provider "kubernetes" {
host = data.aws_eks_cluster.my_cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.my_cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.my_cluster.token
}
resource "kubernetes_service_account" "service_account" {
metadata {
name = "NEW_SERVICE_ACCOUNT_NAME"
namespace = "NAMESPACE_MADE_BY_QOVERY"
}
}
Ah ok, did you succeed to do the first steps on aws side using terraform ? (oidc provider / iam roles / etc)
Concerning the above terraform file, do you have any error when executing it ?
In the service_acount resource, I think you need to add the annotations field with your AWS_ROLE_ARN (Use AWS IAM roles with Qovery | Qovery)
