---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: Role
metadata:
  name: eks-cluster-role
  labels:
    type: eks-cluster-role
spec:
  forProvider:
    assumeRolePolicyDocument: |
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "eks.amazonaws.com"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        }
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: RolePolicyAttachment
metadata:
  name: eks-cluster-role-amazoneksclusterpolicy
spec:
  forProvider:
    policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
    roleNameRef:
      name: eks-cluster-role
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: Role
metadata:
  name: eks-nodegroup-role
  labels:
    type: eks-nodegroup-role
spec:
  forProvider:
    assumeRolePolicyDocument: |
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "ec2.amazonaws.com"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        }
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: RolePolicyAttachment
metadata:
  name: eks-nodegroup-role-amazoneksworkernodepolicy
spec:
  forProvider:
    policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
    roleNameRef:
      name: eks-nodegroup-role
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: RolePolicyAttachment
metadata:
  name: eks-nodegroup-role-amazonec2containerregistryreadonly
spec:
  forProvider:
    policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
    roleNameRef:
      name: eks-nodegroup-role
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: RolePolicyAttachment
metadata:
  name: eks-nodegroup-role-amazonssmmanagedinstancecore
spec:
  forProvider:
    policyArn: arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
    roleNameRef:
      name: eks-nodegroup-role
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.crossplane.io/v1beta1
kind: RolePolicyAttachment
metadata:
  name: eks-nodegroup-role-amazoneks-cni-policy
spec:
  forProvider:
    policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
    roleNameRef:
      name: eks-nodegroup-role
  providerConfigRef:
    name: default
---