From 212e900f7295f4fcae9f07d4d306b1c5efb191fc Mon Sep 17 00:00:00 2001 From: Nuru Date: Mon, 11 Jul 2022 13:58:27 -0700 Subject: [PATCH] Revert "Add option to use permissions boundary on the default roles (#85)" This reverts commit ea1c1bc6782f2e25d0fbe14aceba13aec08edfbd. --- README.md | 3 +-- docs/terraform.md | 1 - main.tf | 9 ++++----- variables.tf | 6 ------ 4 files changed, 5 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index af4641f..c21e8bf 100644 --- a/README.md +++ b/README.md @@ -310,7 +310,6 @@ Available targets: | [mixed\_instances\_policy](#input\_mixed\_instances\_policy) | policy to used mixed group of on demand/spot of differing types. Launch template is automatically generated. https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html#mixed_instances_policy-1 |
object({
instances_distribution = object({
on_demand_allocation_strategy = string
on_demand_base_capacity = number
on_demand_percentage_above_base_capacity = number
spot_allocation_strategy = string
spot_instance_pools = number
spot_max_price = string
})
override = list(object({
instance_type = string
weighted_capacity = number
}))
})
| `null` | no | | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | -| [permissions\_boundary](#input\_permissions\_boundary) | Provide an existing permissions boundary to attach to the default role | `string` | `null` | no | | [placement](#input\_placement) | The placement specifications of the instances |
object({
affinity = string
availability_zone = string
group_name = string
host_id = string
tenancy = string
})
| `null` | no | | [placement\_group](#input\_placement\_group) | The name of the placement group into which you'll launch your instances, if any | `string` | `""` | no | | [protect\_from\_scale\_in](#input\_protect\_from\_scale\_in) | Allows setting instance protection. The autoscaling group will not select instances with this setting for terminination during scale in events | `bool` | `false` | no | @@ -462,7 +461,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) diff --git a/docs/terraform.md b/docs/terraform.md index aff1fdf..b08c9ea 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -102,7 +102,6 @@ | [mixed\_instances\_policy](#input\_mixed\_instances\_policy) | policy to used mixed group of on demand/spot of differing types. Launch template is automatically generated. https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html#mixed_instances_policy-1 |
object({
instances_distribution = object({
on_demand_allocation_strategy = string
on_demand_base_capacity = number
on_demand_percentage_above_base_capacity = number
spot_allocation_strategy = string
spot_instance_pools = number
spot_max_price = string
})
override = list(object({
instance_type = string
weighted_capacity = number
}))
})
| `null` | no | | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | -| [permissions\_boundary](#input\_permissions\_boundary) | Provide an existing permissions boundary to attach to the default role | `string` | `null` | no | | [placement](#input\_placement) | The placement specifications of the instances |
object({
affinity = string
availability_zone = string
group_name = string
host_id = string
tenancy = string
})
| `null` | no | | [placement\_group](#input\_placement\_group) | The name of the placement group into which you'll launch your instances, if any | `string` | `""` | no | | [protect\_from\_scale\_in](#input\_protect\_from\_scale\_in) | Allows setting instance protection. The autoscaling group will not select instances with this setting for terminination during scale in events | `bool` | `false` | no | diff --git a/main.tf b/main.tf index ce6c09d..e350034 100644 --- a/main.tf +++ b/main.tf @@ -34,11 +34,10 @@ data "aws_iam_policy_document" "assume_role" { } resource "aws_iam_role" "default" { - count = local.enabled && var.use_existing_aws_iam_instance_profile == false ? 1 : 0 - name = module.label.id - assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json) - tags = module.label.tags - permissions_boundary = var.permissions_boundary + count = local.enabled && var.use_existing_aws_iam_instance_profile == false ? 1 : 0 + name = module.label.id + assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json) + tags = module.label.tags } resource "aws_iam_role_policy_attachment" "amazon_eks_worker_node_policy" { diff --git a/variables.tf b/variables.tf index 089629e..19accb1 100644 --- a/variables.tf +++ b/variables.tf @@ -413,12 +413,6 @@ variable "use_existing_aws_iam_instance_profile" { default = false } -variable "permissions_boundary" { - type = string - description = "Provide an existing permissions boundary to attach to the default role" - default = null -} - variable "workers_role_policy_arns" { type = list(string) default = []