From c299deecda7998237f052be65bfc1d10af8d6c12 Mon Sep 17 00:00:00 2001
From: Murilo Kakazu <yuri.kakazu@gmail.com>
Date: Sat, 28 Sep 2024 12:29:25 -0300
Subject: [PATCH] feat: create iam roles for cluster and node group

---
 cluster.tf | 64 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 59 insertions(+), 5 deletions(-)

diff --git a/cluster.tf b/cluster.tf
index 88bc97e..ed3b45c 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -61,14 +61,68 @@ resource "aws_route_table_association" "public_rt_assoc_3" {
   route_table_id = aws_route_table.eks_public_rt.id
 }
 
-locals {
-  eks_cluster_role_arn = "arn:aws:iam::691714441051:role/AWSServiceRoleForAmazonEKS"
-  eks_node_group_role_arn = "arn:aws:iam::691714441051:role/AWSServiceRoleForAmazonEKSNodegroup"
+resource "aws_iam_role" "eks_cluster_role" {
+  name = "eks-cluster-role"
+  
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "eks.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_cluster_policy" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_vpc_resource_controller_policy" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+}
+
+resource "aws_iam_role" "eks_node_group_role" {
+  name = "eks-node-group-role"
+  
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_worker_node_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_cni_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_ec2_container_registry_readonly_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
 }
 
 resource "aws_eks_cluster" "eks_cluster" {
   name     = "basic-eks-cluster"
-  role_arn = local.eks_cluster_role_arn
+  role_arn = aws_iam_role.eks_cluster_role.arn
   version  = "1.25"
 
   vpc_config {
@@ -79,7 +133,7 @@ resource "aws_eks_cluster" "eks_cluster" {
 resource "aws_eks_node_group" "eks_node_group" {
   cluster_name    = aws_eks_cluster.eks_cluster.name
   node_group_name = "eks-node-group"
-  node_role_arn   = local.eks_node_group_role_arn
+  node_role_arn   = aws_iam_role.eks_node_group_role.arn
   subnet_ids      = [data.aws_ssm_parameter.subnet_1.value, data.aws_ssm_parameter.subnet_2.value, data.aws_ssm_parameter.subnet_3.value]
 
   scaling_config {