Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/xcode/7.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon dynamodb 如何将DynamoDB IAM角色添加到Terraform中的EKS工作节点?_Amazon Dynamodb_Terraform_Amazon Eks - Fatal编程技术网
Fatal编程技术网
  • amazon-dynamodb/
  • Amazon dynamodb 如何将DynamoDB IAM角色添加到Terraform中的EKS工作节点?

Amazon dynamodb 如何将DynamoDB IAM角色添加到Terraform中的EKS工作节点?

amazon-dynamodb terraform

Amazon dynamodb 如何将DynamoDB IAM角色添加到Terraform中的EKS工作节点?,amazon-dynamodb,terraform,amazon-eks,Amazon Dynamodb,Terraform,Amazon Eks,我正在尝试从EKS中的工作节点写入DynamoDB。我目前正在附加一个IAM角色策略,该策略授予对DynamoDB的完全访问权。这是解决这个问题的正确方法吗?来自我的应用程序的请求当前挂起,我假设这与我的节点没有正确的权限有关 这是我在Terraform中的当前设置 resource "aws_iam_role" "worker-node" { name = "worker-node" assume_role_policy = <<POLICY { "Version":

我正在尝试从EKS中的工作节点写入DynamoDB。我目前正在附加一个IAM角色策略,该策略授予对DynamoDB的完全访问权。这是解决这个问题的正确方法吗?来自我的应用程序的请求当前挂起,我假设这与我的节点没有正确的权限有关

这是我在Terraform中的当前设置

resource "aws_iam_role" "worker-node" {
  name = "worker-node"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

resource "aws_iam_role_policy_attachment" "worker-node-AmazonEKSWorkerNodePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
  role       = aws_iam_role.worker-node.name
}

resource "aws_iam_role_policy_attachment" "worker-node-AmazonEKS_CNI_Policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
  role       = aws_iam_role.worker-node.name
}

resource "aws_iam_role_policy_attachment" "worker-node-AmazonEC2ContainerRegistryReadOnly" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  role       = aws_iam_role.worker-node.name
}

resource "aws_iam_role_policy_attachment" "worker-node-AmazonDynamoDBFullAccess" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"
  role       = aws_iam_role.worker-node.name
}

resource "aws_eks_node_group" "node-private" {
  cluster_name    = aws_eks_cluster.cluster.name
  node_group_name = "node-group-private"
  node_role_arn   = aws_iam_role.worker-node.arn
  subnet_ids      = [aws_subnet.private-1.id, aws_subnet.private-2.id]
  instance_types = ["t2.micro"]

  scaling_config {
    desired_size = 3
    max_size     = 3
    min_size     = 1
  }

  depends_on = [
    aws_iam_role_policy_attachment.worker-node-AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.worker-node-AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.worker-node-AmazonEC2ContainerRegistryReadOnly,
    aws_iam_role_policy_attachment.worker-node-AmazonDynamoDBFullAccess,
  ]
}

资源“aws\u iam\u角色”“工作节点”{
name=“工作节点”

假设\u role\u policy=这使您的整个节点组都可以访问DynamoDB。您不想让POD拥有这样做的权限吗?这使您的整个节点组都可以访问DynamoDB。您不想让POD拥有这样做的权限吗?