Surfaced during review of #259 (pkg/provider/aws/templates/main.tf).
The upstream terraform-aws-eks-cluster module exposes an enable_aws_load_balancer_controller_pod_identity variable that gates creation of the IAM role and Pod Identity association used by the LBC. We do not currently pass that variable from NIC, so users who set aws_load_balancer_controller.enabled: false still get an unused IAM role and Pod Identity association provisioned.
Proposed fix
Pass the value of aws_load_balancer_controller.enabled through to enable_aws_load_balancer_controller_pod_identity in pkg/provider/aws/templates/main.tf, and surface it as a Terraform variable from the Go config.
Definition of done
Review thread: #259 (comment)
Surfaced during review of #259 (
pkg/provider/aws/templates/main.tf).The upstream
terraform-aws-eks-clustermodule exposes anenable_aws_load_balancer_controller_pod_identityvariable that gates creation of the IAM role and Pod Identity association used by the LBC. We do not currently pass that variable from NIC, so users who setaws_load_balancer_controller.enabled: falsestill get an unused IAM role and Pod Identity association provisioned.Proposed fix
Pass the value of
aws_load_balancer_controller.enabledthrough toenable_aws_load_balancer_controller_pod_identityinpkg/provider/aws/templates/main.tf, and surface it as a Terraform variable from the Go config.Definition of done
enable_aws_load_balancer_controller_pod_identityis wired through from configReview thread: #259 (comment)