Update main.tf

main.tf

@@ -1,3 +1,11 @@
+data "aws_iam_policy" "ebs_csi_policy" {
+  arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
+}
+
+data "aws_eks_cluster" "eks" {
+  name = local.config.cluster_name
+}
+
 module "cluster" {
   source  = "gitlab.com/vkpr/terraform-aws-eks/aws"
   version = "~> 1.3.0"
@@ -60,19 +68,24 @@ resource "aws_iam_openid_connect_provider" "openid_connect" {
   depends_on = [module.cluster]  
 }
 
-provider "kubernetes" {
-  host                   = data.aws_eks_cluster.cluster.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
-  token                  = data.aws_eks_cluster_auth.cluster.token
-}
+module "irsa-ebs-csi" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version = "4.7.0"
 
-module "ebs_csi_driver_controller" {
-  source = "DrFaust92/ebs-csi-driver/kubernetes"
-  version = "3.5.0"
+  create_role                   = true
+  role_name                     = "AmazonEKSTFEBSCSIRole-$local.config.cluster_name"
+  provider_url                  = replace(data.aws_eks_cluster.eks.identity.0.oidc.0.issuer, "https://", "")
+  role_policy_arns              = [data.aws_iam_policy.ebs_csi_policy.arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
+}
 
-  ebs_csi_controller_image                   = ""
-  ebs_csi_controller_role_name               = "ebs-csi-driver-controller"
-  ebs_csi_controller_role_policy_name_prefix = "ebs-csi-driver-policy"
-  oidc_url                                   = aws_iam_openid_connect_provider.openid_connect.url
-  depends_on = [module.cluster]  
+resource "aws_eks_addon" "ebs-csi" {
+  cluster_name             = local.config.cluster_name
+  addon_name               = "aws-ebs-csi-driver"
+  addon_version            = "v1.5.2-eksbuild.1"
+  service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
+  tags = {
+    "eks_addon" = "ebs-csi"
+    "terraform" = "true"
+  }
 }