eks-for-prod/service-account-with-policy.js

EKS Cluster + EFS Filesystem + Aurora Serverless Cluster

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ServiceAccountWithPolicy = void 0;
const core_1 = require("@aws-cdk/core");
const aws_iam_1 = require("@aws-cdk/aws-iam");
class ServiceAccountWithPolicy extends core_1.Construct {
    constructor(scope, id, props) {
        super(scope, id);
        const saPolicy = new aws_iam_1.Policy(this, `${props.serviceAccountName}-policy`, {
            document: aws_iam_1.PolicyDocument.fromJson(props.jsonPolicy)
        });
        this.serviceAccount = props.cluster.addServiceAccount(props.serviceAccountName, {
            namespace: !props.serviceAccountNamespace ? 'kube-system' : props.serviceAccountNamespace,
            name: props.serviceAccountName
        });
        this.serviceAccount.role.attachInlinePolicy(saPolicy);
    }
}
exports.ServiceAccountWithPolicy = ServiceAccountWithPolicy;