LadiesTailor Posted January 21, 2023 Report Posted January 21, 2023 3 hours ago, dasari4kntr said: for each onne means different terraform project and different plan and apply in terrform cloud…? Yes baa.. we had similar setup.. our repo is split by resources.. like all EKS goes to one and RDS to another one 1 Quote
DJBravo Posted January 21, 2023 Report Posted January 21, 2023 Bros terraform, k8s, AWS meda interview help kavale. Pls help. Contract ended. I tried to take calls but lost. Need help brothers Quote
dasari4kntr Posted January 23, 2023 Author Report Posted January 23, 2023 chatgpt response for this... naaku telisina konchem terrform ni confuse chesi padesaadu... # EKS Cluster resource "aws_eks_cluster" "example" { name = "example" role_arn = aws_iam_role.example.arn } resource "aws_iam_role" "example" { name = "example" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } # S3 Bucket resource "aws_s3_bucket" "example" { bucket = "example" } # MongoDB resource "mongodbatlas_project" "example" { name = "example" } resource "mongodbatlas_network_container" "example" { project_id = mongodbatlas_project.example.id atlas_cidr_block = "0.0.0.0/0" } # Route 53 resource "aws_route53_record" "example" { zone_id = aws_route53_zone.example.zone_id name = "example.com" type = "A" ttl = "300" records = ["1.2.3.4"] } resource "aws_route53_zone" "example" { name = "example.com" } Quote
LadiesTailor Posted January 23, 2023 Report Posted January 23, 2023 57 minutes ago, dasari4kntr said: chatgpt response for this... naaku telisina konchem terrform ni confuse chesi padesaadu... # EKS Cluster resource "aws_eks_cluster" "example" { name = "example" role_arn = aws_iam_role.example.arn } resource "aws_iam_role" "example" { name = "example" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } # S3 Bucket resource "aws_s3_bucket" "example" { bucket = "example" } # MongoDB resource "mongodbatlas_project" "example" { name = "example" } resource "mongodbatlas_network_container" "example" { project_id = mongodbatlas_project.example.id atlas_cidr_block = "0.0.0.0/0" } # Route 53 resource "aws_route53_record" "example" { zone_id = aws_route53_zone.example.zone_id name = "example.com" type = "A" ttl = "300" records = ["1.2.3.4"] } resource "aws_route53_zone" "example" { name = "example.com" } Vaadu vunna resources anne varasaga rasadu baaa… infact this also works Nee requirement konchem confusion ga vundi… why you need mongodb S3 rt53 in EKS.. cluster creation is totally different kada.. you don’t need all these things to mix and match Quote
dasari4kntr Posted January 23, 2023 Author Report Posted January 23, 2023 3 minutes ago, LadiesTailor said: Vaadu vunna resources anne varasaga rasadu baaa… infact this also works Nee requirement konchem confusion ga vundi… why you need mongodb S3 rt53 in EKS.. cluster creation is totally different kada.. you don’t need all these things to mix and match cluster creation is done …i am looking for access permissions from cluster to s3 and mongodb… is my approach is wrong..? Quote
LadiesTailor Posted January 23, 2023 Report Posted January 23, 2023 1 minute ago, dasari4kntr said: cluster creation is done …i am looking for access permissions from cluster to s3 and mongodb… That’s IAM kada… look for IAM policies to attach to the EKS cluster 1 Quote
dasari4kntr Posted January 23, 2023 Author Report Posted January 23, 2023 Just now, LadiesTailor said: That’s IAM kada… look for IAM policies to attach the EKS cluster yup..exactly.. Quote
dasari4kntr Posted January 23, 2023 Author Report Posted January 23, 2023 15 minutes ago, LadiesTailor said: That’s IAM kada… look for IAM policies to attach to the EKS cluster ok... if my understand is correct... i have created the cluster as below... similalry i will create s3 and mongodb also using the modules...then i need to configure the iam policies..and attach... module "eks" { source = "terraform-aws-modules/eks/aws" version = "17.24.0" cluster_name = local.cluster_name cluster_version = "1.20" subnets = module.vpc.private_subnets vpc_id = module.vpc.vpc_id workers_group_defaults = { root_volume_type = "gp2" } worker_groups = [ { name = "worker-group-1" instance_type = "t2.small" additional_userdata = "echo foo bar" additional_security_group_ids = [aws_security_group.worker_group_mgmt_one.id] asg_desired_capacity = 2 }, { name = "worker-group-2" instance_type = "t2.medium" additional_userdata = "echo foo bar" additional_security_group_ids = [aws_security_group.worker_group_mgmt_two.id] asg_desired_capacity = 1 }, ] } data "aws_eks_cluster" "cluster" { name = module.eks.cluster_id } data "aws_eks_cluster_auth" "cluster" { name = module.eks.cluster_id } now i a understand what i am missing... module "s3_bucket" { source = "./modules/s3-bucket" bucket_name = "my-bucket" } resource "aws_s3_bucket" "bucket" { bucket = var.bucket_name } resource "aws_iam_policy" "s3_access_policy" { name = "s3_access_policy" description = "Allow EKS cluster to access S3" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::*/*" ] } ] } EOF } resource "aws_iam_role" "eks_cluster_role" { name = "eks_cluster_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } resource "aws_iam_role_policy_attachment" "attach_s3_access_policy" { role = aws_iam_role.eks_cluster_role.name policy_arn = aws_iam_policy.s3_access_policy.arn } resource "aws_eks_cluster" "example" { name = "example" role_arn = aws_iam_role.eks_cluster_role.arn // ... other arguments } Quote
LadiesTailor Posted January 23, 2023 Report Posted January 23, 2023 32 minutes ago, dasari4kntr said: ok... if my understand is correct... i have created the cluster as below... similalry i will create s3 and mongodb also using the modules...then i need to configure the iam policies..and attach... module "eks" { source = "terraform-aws-modules/eks/aws" version = "17.24.0" cluster_name = local.cluster_name cluster_version = "1.20" subnets = module.vpc.private_subnets vpc_id = module.vpc.vpc_id workers_group_defaults = { root_volume_type = "gp2" } worker_groups = [ { name = "worker-group-1" instance_type = "t2.small" additional_userdata = "echo foo bar" additional_security_group_ids = [aws_security_group.worker_group_mgmt_one.id] asg_desired_capacity = 2 }, { name = "worker-group-2" instance_type = "t2.medium" additional_userdata = "echo foo bar" additional_security_group_ids = [aws_security_group.worker_group_mgmt_two.id] asg_desired_capacity = 1 }, ] } data "aws_eks_cluster" "cluster" { name = module.eks.cluster_id } data "aws_eks_cluster_auth" "cluster" { name = module.eks.cluster_id } now i a understand what i am missing... module "s3_bucket" { source = "./modules/s3-bucket" bucket_name = "my-bucket" } resource "aws_s3_bucket" "bucket" { bucket = var.bucket_name } resource "aws_iam_policy" "s3_access_policy" { name = "s3_access_policy" description = "Allow EKS cluster to access S3" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::*/*" ] } ] } EOF } resource "aws_iam_role" "eks_cluster_role" { name = "eks_cluster_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } resource "aws_iam_role_policy_attachment" "attach_s3_access_policy" { role = aws_iam_role.eks_cluster_role.name policy_arn = aws_iam_policy.s3_access_policy.arn } resource "aws_eks_cluster" "example" { name = "example" role_arn = aws_iam_role.eks_cluster_role.arn // ... other arguments } Yup.. you got it… 1 Quote
perugu_vada Posted January 23, 2023 Report Posted January 23, 2023 On 1/20/2023 at 11:39 PM, Spartan said: i can try on Monday busy over the weekend if thats ok LTT Quote
Spartan Posted January 23, 2023 Report Posted January 23, 2023 17 minutes ago, perugu_vada said: LTT @perugu_vada @dasari4kntr is almost there. he got the stack right, make sure you have segregated the IAM role policies accordingly, just in case (best practices). blanket IAM vadukovchu for personal project though. but let me know if u need more help @dasari4kntr Quote
dasari4kntr Posted January 23, 2023 Author Report Posted January 23, 2023 3 minutes ago, Spartan said: @perugu_vada @dasari4kntr is almost there. he got the stack right, make sure you have segregated the IAM role policies accordingly, just in case (best practices). blanket IAM vadukovchu for personal project though. but let me know if u need more help @dasari4kntr blanket IAM ante..? you mean not too much customized...? Quote
Spartan Posted January 23, 2023 Report Posted January 23, 2023 4 minutes ago, dasari4kntr said: blanket IAM ante..? you mean not too much customized...? yes, only pro is u can use same IAm role for all resources and no need to create multiple ones 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.