An opinionated Terraform module that can be used to create and manage an EKS cluster in AWS in a simplified way.
Name | Version |
terraform | >= 1.3.0 |
aws | >= 5.34.0 |
null | >= 3.1.1 |
tls | < 4.0.0 |
Name | Version |
aws | >= 5.34.0 |
null | >= 3.1.1 |
tls | < 4.0.0 |
Name | Source | Version |
iam_assumable_role_aws_ebs_csi_driver | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_aws_load_balancer_controller | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_cert_manager | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_cluster_autoscaler | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_external_dns | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_log_shipping | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_phlare | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.4.0 |
iam_assumable_role_velero | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.9.2 |
main | terraform-aws-modules/eks/aws | ~> 20.0 |
Name | Description | Type | Default | Required |
allow_imdsv1 | Whether to allow IMDSv1 access (insecure). | bool |
false |
no |
ami_owners | The list of acceptable owners of AMIs to be used for worker nodes. | list(string) |
[ |
no |
aws_ebs_csi_driver_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'aws-ebs-csi-driver' role using OpenID Connect. | list(string) |
[] |
no |
aws_load_balancer_controller_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'aws-load-balancer-controller' role using OpenID Connect. | list(string) |
[] |
no |
cert_manager_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'cert-manager' role using OpenID Connect. | list(string) |
[] |
no |
cluster_addons | Map of cluster addon configurations. | any |
{} |
no |
cluster_autoscaler_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'cluster-autoscaler' role using OpenID Connect. | list(string) |
[] |
no |
cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. | string |
null |
no |
control_plane_subnet_ids | Can be used to override the list of subnet IDs to use for the EKS control-plane. If not defined, subnets tagged with 'eks-control-plane: true' will be used. | list(string) |
[] |
no |
disable_aws_vpc_cni_plugin | Whether to disable the AWS VPC CNI plugin. Unless running in chaining mode, this should usually be 'true'. | bool |
n/a | yes |
echo_server_instance_enabled | Whether to create an EC2 instance outside the cluster that can act as 'echo-server'. | bool |
false |
no |
echo_server_instance_user_data | The user data script to use for the 'echo-server' instance. | string |
"" |
no |
external_dns_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'external-dns' role using OpenID Connect. | list(string) |
[] |
no |
include_public_subnets | Whether to include public subnets in the list of subnets usable by the EKS cluster. | bool |
true |
no |
kubernetes_version | The version of Kubernetes/EKS to use. | string |
n/a | yes |
log_shipping_bucket_name | The name of the S3 bucket that will be used to store logs. | string |
"" |
no |
log_shipping_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'log-shipping' role using OpenID Connect. | list(string) |
[] |
no |
name | The name of the EKS cluster. | string |
n/a | yes |
phlare_bucket_name | The name of the S3 bucket that will be used by Phlare | string |
"" |
no |
phlare_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'phlare' role using OpenID Connect. | list(string) |
[] |
no |
region | The region in which to create the EKS cluster. | string |
n/a | yes |
self_managed_node_groups | A map describing the set of self-managed node groups to create. Other types of node groups besides self-managed are currently not supported. | map(object({ |
n/a | yes |
tags | The set of tags to place on the EKS cluster. | map(string) |
n/a | yes |
velero_bucket_name | The name of the S3 bucket that will be used to upload Velero backups. | string |
"" |
no |
velero_oidc_fully_qualified_subjects | The list of trusted resources which can assume the 'velero' role using OpenID Connect. | list(string) |
[] |
no |
vpc_id | The ID of the VPC in which to create the EKS cluster. | string |
n/a | yes |
worker_node_additional_policies | A list of additional policies to add to worker nodes. | list(string) |
[] |
no |
Name | Description |
aws_ebs_csi_driver_policy_arn | n/a |
aws_ebs_csi_driver_role_arn | n/a |
aws_load_balancer_controller_role_arn | n/a |
cert_manager_role_arn | n/a |
cluster_arn | n/a |
cluster_autoscaler_role_arn | n/a |
cluster_certificate_authority_data | n/a |
cluster_endpoint | n/a |
cluster_version | n/a |
external_dns_role_arn | n/a |
id | n/a |
log_shipping_bucket_name | n/a |
log_shipping_role_arn | n/a |
oidc_provider_arn | n/a |
oidc_provider_url | n/a |
path_to_kubeconfig_file | n/a |
ssh_key_name | n/a |
ssh_private_key_pem | n/a |
workers_iam_role_arns | n/a |
workers_security_group_id | n/a |