Cloud Posse

Terraform Module to Manage IAM for Kops External DNS

Terraform module to provision an IAM role for external-dns running in a Kops cluster, and attach an IAM policy to the role with permissions to modify Route53 recordsets.

Terraform Module




Build Status

Build Status


This module assumes you are running external-dns in a Kops cluster.

It will provision an IAM role with the required permissions and grant the k8s masters the permission to assume it.

This is useful to make Kubernetes services discoverable via AWS DNS services.

The module uses terraform-aws-kops-metadata to lookup resources within a Kops cluster for easier integration with Terraform.


module "kops_external_dns" {
  source       = "git::"
  namespace    = "cp"
  stage        = "prod"
  name         = ""
  masters_name = "masters"

  tags = {
    Cluster = ""


Name Default Description Required
namespace `` Namespace (e.g. cp or cloudposse) Yes
stage `` Stage (e.g. prod, dev, staging) Yes
name `` Name of the Kops DNS zone (e.g. Yes
attributes [] Additional attributes (e.g. policy or role) No
tags {} Additional tags (e.g. map("Cluster","") No
delimiter - Delimiter to be used between namespace, stage, name, and attributes No
masters_name masters k8s masters subdomain name in the Kops DNS zone No


Name Description
role_name IAM role name
role_unique_id IAM role unique ID
role_arn IAM role ARN
policy_name IAM policy name
policy_id IAM policy ID
policy_arn IAM policy ARN