sudheerchamarthi · December 26, 2019 09:02
diff --git a/create_role.sh b/create_role.sh
 read -p "Enter Cluster name : " CLUSTER_NAME
 read -p "Enter the Namespace you want to use: " SERVICE_ACCOUNT_NAMESPACE
 AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
 OIDC_PROVIDER=$(aws eks describe-cluster --name ${CLUSTER_NAME} --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///")
 read -r -d '' TRUST_RELATIONSHIP <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "${OIDC_PROVIDER}:sub": "system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:*"
        }
      }
    }
  ]
 }
 EOF
 echo "${TRUST_RELATIONSHIP}" > trust.json
 aws iam create-role --role-name IAM_ROLE_NAME --assume-role-policy-document file://trust.json --description "EKS Service role for namespace ${SERVICE_ACCOUNT_NAMESPACE}"
	read -p "Enter Cluster name : " CLUSTER_NAME
	read -p "Enter the Namespace you want to use: " SERVICE_ACCOUNT_NAMESPACE
	AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
	OIDC_PROVIDER=$(aws eks describe-cluster --name ${CLUSTER_NAME} --query "cluster.identity.oidc.issuer" --output text \| sed -e "s/^https:\/\///")
	read -r -d '' TRUST_RELATIONSHIP <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"
	},
	"Action": "sts:AssumeRoleWithWebIdentity",
	"Condition": {
	"StringEquals": {
	"${OIDC_PROVIDER}:sub": "system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:*"
	}
	}
	}
	]
	}
	EOF
	echo "${TRUST_RELATIONSHIP}" > trust.json
	aws iam create-role --role-name IAM_ROLE_NAME --assume-role-policy-document file://trust.json --description "EKS Service role for namespace ${SERVICE_ACCOUNT_NAMESPACE}"