Skip to content

Commit a806e91

Browse files
kpankonenkpankonen
authored
docs: fix ARN typo (#66)
1 parent 6a7c992 commit a806e91

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

main.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,21 +6,21 @@ locals {
66
aws_account_number = local.enabled ? coalesce(var.aws_account_number, data.aws_caller_identity.current[0].account_id) : ""
77

88
# If both var.service_account_namespace and var.service_account_name are provided,
9-
# then the role ARM will have one of the following formats:
9+
# then the role ARN will have one of the following formats:
1010
# 1. if var.service_account_namespace != var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@<service_account_namespace>
1111
# 2. if var.service_account_namespace == var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>
1212

1313
# 3. If var.service_account_namespace == "" and var.service_account_name is provided,
14-
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@all,
14+
# then the role ARN will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@all,
1515
# and the policy will use a wildcard for the namespace in the test condition to allow ServiceAccounts in any Kubernetes namespace to assume the role (useful for unlimited preview environments)
1616

1717
# 4. If var.service_account_name == "" and var.service_account_namespace is provided,
18-
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@<service_account_namespace>,
18+
# then the role ARN will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@<service_account_namespace>,
1919
# and the policy will use a wildcard for the service account name in the test condition to allow any ServiceAccount in the given namespace to assume the role.
2020
# For more details, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html#iam-role-configuration
2121

2222
# 5. If both var.service_account_name == "" and var.service_account_namespace == "",
23-
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@all,
23+
# then the role ARN will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@all,
2424
# and the policy will use wildcards for both the namespace and the service account name in the test condition to allow all ServiceAccounts
2525
# in all Kubernetes namespaces to assume the IAM role (not recommended).
2626

0 commit comments

Comments
 (0)