# File generated by aws2tf see https://github.com/aws-samples/aws2tf

resource "aws_iam_role" "FargatePodExecutionRole" {
  assume_role_policy = jsonencode(
    {
      Statement = [
        {
          Action = "sts:AssumeRole"
          Effect = "Allow"
          Principal = {
            Service = [
              "eks.amazonaws.com",
              "eks-fargate-pods.amazonaws.com",
            ]
          }
        },
      ]
      Version = "2012-10-17"
    }
  )
  force_detach_policies = false
  max_session_duration  = 3600
  name                  = format("%s-eks-FargatePodExecutionRole",data.aws_eks_cluster.eks_cluster.name)
  path                  = "/"
  tags = {
    "Name" = format("%s-cluster/FargatePodExecutionRole",data.aws_eks_cluster.eks_cluster.name)
  }
}


resource "aws_iam_role_policy_attachment" "AmazonEKSFargatePodExecutionRolePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
  role       = aws_iam_role.FargatePodExecutionRole.id
}

## attach logging policy
resource "aws_iam_role_policy_attachment" "eks-fargate-logging-policy" {
  policy_arn = aws_iam_policy.eks-fargate-logging-policy.arn
  role       = aws_iam_role.FargatePodExecutionRole.id
}