feat: Add eks:DescribeCluster for Karpenter cluster endpoint auto discovery (#343)

Author: mikkoc

modules/iam-role-for-service-accounts-eks/README.md

@@ -170,6 +170,7 @@ No modules.
 | [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.vpc_cni](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

modules/iam-role-for-service-accounts-eks/main.tf

@@ -1,10 +1,12 @@
 data "aws_partition" "current" {}
 data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
 
 locals {
   account_id          = data.aws_caller_identity.current.account_id
   partition           = data.aws_partition.current.partition
   dns_suffix          = data.aws_partition.current.dns_suffix
+  region              = data.aws_region.current.name
   role_name_condition = var.role_name != null ? var.role_name : "${var.role_name_prefix}*"
 }
 

modules/iam-role-for-service-accounts-eks/policies.tf

@@ -599,6 +599,11 @@ data "aws_iam_policy_document" "karpenter_controller" {
     resources = var.karpenter_controller_node_iam_role_arns
   }
 
+  statement {
+    actions   = ["eks:DescribeCluster"]
+    resources = ["arn:${local.partition}:eks:${local.region}:${local.account_id}:cluster/${var.karpenter_controller_cluster_id}"]
+  }
+
   dynamic "statement" {
     for_each = var.karpenter_sqs_queue_arn != null ? [1] : []