Anybody else tackled roleMappings for EKS clusters and passing in dynamically retrieved objects such as roleARNs? Right now I’m passing them from an iam stack as outputs then retrieved for roleMappings via

.getOutput('roles').apply(etc etc)

. But part of me also wants the roleMappings to be a config block that passes into the cluster creation. How are most of y’all doing this?

You’re approach is valid and is the proper decoupling with regards to how you’re splitting your stacks. I can see an argument for the user to provide this entire

roleMappings

config block, but

pulumi/eks

would also need the user to pass in the

instanceRole

mapping in the

roleMappings

as well, as it currently handles that: https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L268-L323 - specifically Line 315. If this

roleMappings

is supplied, I believe

pulumi/eks

would at best load it to parse and validate that its valid YAML, as trying to validate anything further like if users and roles are properly configured in it, can be a bit of a guessing game. This would put the onus on the user to make sure it is complete and correct.

thanks Mike - sorry for the slow feedback