Skip to content

isovalent/terraform-aws-eks

BranchesTags

Repository files navigation

terraform-aws-eks

An opinionated Terraform module that can be used to create and manage an EKS cluster in AWS in a simplified way.

Requirements

Name Version
terraform >= 1.3
aws ~> 6.0
null ~> 3.0
tls ~> 4.0

Providers

Name Version
aws ~> 6.0
null ~> 3.0
tls ~> 4.0

Modules

Name Source Version
iam_assumable_role_aws_ebs_csi_driver terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_aws_load_balancer_controller terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_cert_manager terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_cluster_autoscaler terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_external_dns terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_log_shipping terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_phlare terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_velero terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.9.2
main terraform-aws-modules/eks/aws ~> 21.3.1

Resources

Name Type
aws_eks_addon.coredns resource
aws_eks_addon.kube_proxy resource
aws_iam_policy.aws_ebs_csi_driver resource
aws_iam_policy.aws_load_balancer_controller resource
aws_iam_policy.cert_manager resource
aws_iam_policy.cluster_autoscaler resource
aws_iam_policy.external_dns resource
aws_iam_policy.log_shipping resource
aws_iam_policy.phlare resource
aws_iam_policy.velero resource
aws_instance.echo-server resource
aws_key_pair.ssh_access resource
aws_s3_bucket.log_shipping resource
aws_s3_bucket.phlare resource
aws_s3_bucket.velero resource
aws_s3_bucket_acl.log_shipping resource
aws_s3_bucket_acl.phlare resource
aws_s3_bucket_acl.velero resource
aws_s3_bucket_lifecycle_configuration.velero resource
aws_s3_bucket_ownership_controls.log_shipping_ownership_controls resource
aws_s3_bucket_ownership_controls.phlare_ownership_controls resource
aws_s3_bucket_ownership_controls.velero_ownership_controls resource
aws_s3_bucket_public_access_block.log_shipping_block_public_access resource
aws_s3_bucket_public_access_block.phlare_block_public_access resource
aws_s3_bucket_public_access_block.velero_block_public_access resource
aws_security_group_rule.cluster_to_workers_ingress_all resource
aws_security_group_rule.workers_egress_dns_tcp resource
aws_security_group_rule.workers_egress_dns_udp resource
aws_security_group_rule.workers_egress_http resource
aws_security_group_rule.workers_egress_ssh resource
aws_security_group_rule.workers_to_workers_egress_all resource
aws_security_group_rule.workers_to_workers_ingress_all resource
null_resource.kubeconfig resource
null_resource.wait_for_control_plane_subnets resource
null_resource.wait_for_node_ready resource
tls_private_key.ssh_key resource
aws_ami.ubuntu data source
aws_ami.workers data source
aws_caller_identity.current data source
aws_iam_policy_document.log_shipping data source
aws_iam_policy_document.phlare data source
aws_iam_policy_document.velero data source
aws_subnets.eks_control_plane data source
aws_subnets.private data source
aws_subnets.public data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
allow_imdsv1 Whether to allow IMDSv1 access (insecure). bool false no
ami_owners The list of acceptable owners of AMIs to be used for worker nodes. list(string) 
[
  "099720109477",
  "679593333241",
  "amazon",
  "self"
]
 no
aws_ebs_csi_driver_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'aws-ebs-csi-driver' role using OpenID Connect. list(string) [] no
aws_load_balancer_controller_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'aws-load-balancer-controller' role using OpenID Connect. list(string) [] no
cert_manager_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'cert-manager' role using OpenID Connect. list(string) [] no
cluster_addons Map of cluster addon configurations. any null no
cluster_autoscaler_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'cluster-autoscaler' role using OpenID Connect. list(string) [] no
cluster_service_ipv4_cidr The CIDR block to assign Kubernetes service IP addresses from. string null no
control_plane_subnet_ids Can be used to override the list of subnet IDs to use for the EKS control-plane. If not defined, subnets tagged with 'eks-control-plane: true' will be used. list(string) [] no
create_iam_role Whether to create an IAM role for the EKS cluster. If set to false, the 'eks_cluster_role_arn' variable must be provided. bool true no
create_node_iam_role Whether to create an IAM role for the EKS worker nodes. If set to false, the 'node_iam_role_arn' variable must be provided. bool true no
echo_server_instance_enabled Whether to create an EC2 instance outside the cluster that can act as 'echo-server'. bool false no
echo_server_instance_user_data The user data script to use for the 'echo-server' instance. string "" no
external_dns_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'external-dns' role using OpenID Connect. list(string) [] no
external_source_cidrs A list of CIDRs that should be allowed to access the EKS cluster API server. list(string) 
[
  ""
]
 no
iam_role_arn The ARN of the IAM role to use for the EKS cluster. If not provided, a new IAM role will be created. string null no
include_public_subnets Whether to include public subnets in the list of subnets usable by the EKS cluster. bool true no
kubernetes_version The version of Kubernetes/EKS to use. string n/a yes
log_shipping_bucket_name The name of the S3 bucket that will be used to store logs. string "" no
log_shipping_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'log-shipping' role using OpenID Connect. list(string) [] no
name The name of the EKS cluster. string n/a yes
phlare_bucket_name The name of the S3 bucket that will be used by Phlare string "" no
phlare_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'phlare' role using OpenID Connect. list(string) [] no
region The region in which to create the EKS cluster. string n/a yes
self_managed_node_groups A map describing the set of self-managed node groups to create. Other types of node groups besides self-managed are currently not supported. 
map(object({
    ami_type                 = string
    ami_name_filter          = string
    extra_tags               = map(string)
    instance_type            = string
    kubelet_extra_args       = string
    max_nodes                = number
    min_nodes                = number
    name                     = string
    pre_bootstrap_user_data  = string
    post_bootstrap_user_data = string
    cloudinit_pre_nodeadm = optional(list(object({
      content      = string
      content_type = optional(string)
      filename     = optional(string)
      merge_type   = optional(string)
    })))
    cloudinit_post_nodeadm = optional(list(object({
      content      = string
      content_type = optional(string)
      filename     = optional(string)
      merge_type   = optional(string)
    })))
    root_volume_id               = string
    root_volume_size             = number
    root_volume_type             = string
    subnet_ids                   = list(string)
    iam_role_additional_policies = map(string)
    iam_role_policy_arn          = optional(string)
    create_iam_instance_profile  = optional(bool)
    iam_instance_profile_arn     = optional(string)
    iam_role_arn                 = optional(string)
    key_name                     = optional(string)
    create_access_entry          = optional(bool, true)
    availability_zones           = optional(list(string))
    enable_efa_support           = optional(bool, false)
    network_interfaces           = optional(list(any))
    metadata_options = optional(
      object({
        http_endpoint               = optional(string, "enabled")
        http_protocol_ipv6          = optional(string)
        http_put_response_hop_limit = optional(number, 2)
        http_tokens                 = optional(string, "required")
        instance_metadata_tags      = optional(string)
      }),
      {
        http_endpoint               = "enabled"
        http_put_response_hop_limit = 2
        http_tokens                 = "required"
      }
    )
  }))
 n/a yes
tags The set of tags to place on the EKS cluster. map(string) n/a yes
velero_bucket_name The name of the S3 bucket that will be used to upload Velero backups. string "" no
velero_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'velero' role using OpenID Connect. list(string) [] no
vpc_id The ID of the VPC in which to create the EKS cluster. string n/a yes
worker_node_additional_policies A list of additional policies to add to worker nodes. list(string) [] no

Outputs

Name Description
aws_ebs_csi_driver_policy_arn n/a
aws_ebs_csi_driver_role_arn n/a
aws_load_balancer_controller_role_arn n/a
cert_manager_role_arn n/a
cluster_arn n/a
cluster_autoscaler_role_arn n/a
cluster_certificate_authority_data n/a
cluster_endpoint n/a
cluster_version n/a
external_dns_role_arn n/a
id n/a
log_shipping_bucket_name n/a
log_shipping_role_arn n/a
oidc_provider_arn n/a
oidc_provider_url n/a
path_to_kubeconfig_file n/a
ssh_key_name n/a
ssh_private_key_pem n/a
workers_iam_role_arns n/a
workers_security_group_id n/a

About

An opinionated Terraform module that can be used to create and manage an EKS cluster in AWS in a simplified way.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

28 watching

Forks

1 fork
Report repository

Releases 27

v1.9.7 Latest
Feb 12, 2026
+ 26 releases

Packages

 
 
 

Contributors

Languages