1. How to get instance role from a nodegroup created with ClusterNodeGroupOptions?


    In the Pulumi AWS EKS package, the eks.Cluster class provides a method getCoreInstanceProfileName that returns the instance profile name. However, this instance profile is not the same as the IAM role associated with each node in the nodegroup.

    Unfortunately, due to the current design of the AWS EKS Pulumi provider, it's not directly possible to retrieve the IAM role for an individual node or node group. The AWS EKS Pulumi provider does not currently expose a method to get the IAM role of a NodeGroup created with eks.ClusterNodeGroupOptions.

    However, typically, when creating an EKS node group, you provide the NodeInstanceRole as part of the NodeGroupOptions object. This IAM role is usually created and managed separately (either manually in the AWS IAM console or using Pulumi AWS IAM resources), and then passed as an argument when creating the node group.

    Here's an excerpt of code to illustrate:

    import * as eks from "@pulumi/eks"; import * as aws from "@pulumi/aws"; const nodeIAMRole = new aws.iam.Role("nodeIAMRole", { assumeRolePolicy: `...`, // Your assume role policy here }); // Create other necessary IAM Role related resources like RolePolicy // ... const cluster = new eks.Cluster("my-cluster", { desiredCapacity: 2, minSize: 1, maxSize: 2, storageClasses: "gp2", deployDashboard: false, nodeAssociatePublicIpAddress: false, instanceType: "t2.medium", nodeRole: nodeIAMRole, // Here's where you provide your pre-created IAM Role });

    In this case, you already know the IAM role associated with the node group as it's been created and managed by you (or Pulumi).