From 590e1de2d9dcc5ecd35ac587fb183a7399dfa7bc Mon Sep 17 00:00:00 2001
From: Andrew Gargan <gargana@amazon.com>
Date: Tue, 15 Feb 2022 11:41:39 -0800
Subject: [PATCH] Simplify templates and fix reference to ClusterName from EKS
 stack

---
 .../templates/eks-cluster-prework.template.yaml  |  2 +-
 .../templates/prework.template.yaml              | 16 +++++++++-------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml b/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml
index db23bd6..aaf15d0 100644
--- a/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml
+++ b/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml
@@ -32,7 +32,7 @@ Resources:
     Type: Custom::GetOIDCProvider
     Properties:
       ServiceToken: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:eks-quickstart-ResourceReader"
-      AwsCliCommand: !Sub "eks describe-cluster --name ${ClusterName} --query 'cluster.identity.oidc.{issuer:issuer}'"
+      AwsCliCommand: !Sub "eks describe-cluster --name ${EKSStack.Outputs.EKSClusterName} --query 'cluster.identity.oidc.{issuer:issuer}'"
       IdField: 'issuer'
   PreworkStack:
     Type: AWS::CloudFormation::Stack
diff --git a/blog-assets/eks-cluster-prework/templates/prework.template.yaml b/blog-assets/eks-cluster-prework/templates/prework.template.yaml
index aae7057..b268e54 100644
--- a/blog-assets/eks-cluster-prework/templates/prework.template.yaml
+++ b/blog-assets/eks-cluster-prework/templates/prework.template.yaml
@@ -16,10 +16,6 @@ Parameters:
     ConstraintDescription: "a lowercase RFC 1123 subdomain must consist of lower case
       alphanumeric characters, '-' or '.', and must start and end with an alphanumeric
       character"
-  OIDCProvider:
-    Type: String
-    Description: Amazon EKS cluster OIDC provider, without the protocol (e.g., oidc.eks.us-east-1.amazonaws.com/id/SADFASFFASFXCCVXCVSDFSDF).
-    Default: ""
   KubernetesNameSpace:
     Type: String
     Default: "prework-example"
@@ -36,12 +32,12 @@ Resources:
               {
                 "Effect": "Allow",
                 "Principal": {
-                  "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/${OIDCProvider}"
+                  "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/${GetOIDCProvider}"
                 },
                 "Action": "sts:AssumeRoleWithWebIdentity",
                 "Condition": {
                   "StringEquals": {
-                    "${OIDCProvider}:sub": "system:serviceaccount:${NameSpace}:${ResourceName}"
+                    "${GetOIDCProvider}:sub": "system:serviceaccount:${NameSpace}:${ResourceName}"
                   }
                 }
               }
@@ -60,7 +56,13 @@ Resources:
                   - s3:GetObject
                   - s3:HeadObject
                 Resource:
-                  -  !Sub "arn:aws:s3:::${PreworkScriptBucket}/${PreworkScriptObject}"
+                  - !Sub "arn:${AWS::Partition}:s3:::${PreworkScriptBucket}/${PreworkScriptObject}"
+  GetOIDCProvider:
+    Type: Custom::GetOIDCProvider
+    Properties:
+      ServiceToken: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:eks-quickstart-ResourceReader"
+      AwsCliCommand: !Sub "eks describe-cluster --name ${ClusterName} --query 'cluster.identity.oidc.{issuer:issuer}'"
+      IdField: 'issuer'
   KubePreWorkNamespace:
     Type: "AWSQS::Kubernetes::Resource"
     Properties: