adding a condition for deploying delete_ebs_lambda_role access entry

CMS-Enterprise · May 8, 2024 · cee9627 · cee9627
1 parent 91e2398
commit cee9627
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## 16.0.0
 * upgrade to EKS module 20.8.5
 * introducing eks access entries
+* updating delete_ebs_role dependency
 
 ## 15.0.0
 * Upgrade to EKS 1.28

diff --git a/README.md b/README.md
@@ -36,9 +36,9 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
-| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | ~> 1.14.0 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
+| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | 1.14.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.2.2 |
 
 ## Modules
 

diff --git a/eks-access-entries.tf b/eks-access-entries.tf
@@ -38,7 +38,7 @@ resource "aws_eks_access_policy_association" "cluster_admin" {
 
 ## Creating access entry for delete_ebs_volumes_lambda with namespaced adminpolicy
 resource "aws_eks_access_entry" "delete_ebs_volume" {
-
+  count             = var.delete_ebs_volume_role_arn != "" ? 1 : 0
   cluster_name      = local.name
   kubernetes_groups = []
   principal_arn     = var.delete_ebs_volume_role_arn
@@ -51,7 +51,7 @@ resource "aws_eks_access_entry" "delete_ebs_volume" {
   ]
 }
 resource "aws_eks_access_policy_association" "delete_ebs_volume" {
-
+  count = var.delete_ebs_volume_role_arn != "" ? 1 : 0
   access_scope {
     namespaces = ["batcave"]
     type       = "namespace"