feat: updates on eks example, cmk, and s3bucket

EksIp6Nginxpod/pod_identities.tf

@@ -13,6 +13,7 @@ module "aws_lb_controller_pod_identity" {
   }
 }
 
+# https://aws.amazon.com/blogs/containers/amazon-eks-pod-identity-a-new-way-for-applications-on-eks-to-obtain-iam-credentials/
 module "CsiPodIdentity" {
   source      = "../modules/security_identity_compliance/iam-role-v2"
   description = "EKSCSIDriverRole"
@@ -29,7 +30,12 @@ module "CsiPodIdentity" {
           "Action" : [
             "sts:AssumeRole",
             "sts:TagSession"
-          ]
+          ],
+          "Condition" : {
+            "StringEquals" : {
+              "aws:SourceAccount" : data.aws_caller_identity.current.account_id
+            }
+          }
         }
       ]
     }