| addons |
Manages aws_eks_addon resources. |
any |
[
{
"addon_name": "coredns",
"addon_version": "v1.10.1-eksbuild.2",
"resolve_conflicts": "OVERWRITE"
},
{
"addon_name": "kube-proxy",
"addon_version": "v1.27.3-eksbuild.2",
"resolve_conflicts": "OVERWRITE"
},
{
"addon_name": "vpc-cni",
"addon_version": "v1.13.4-eksbuild.1",
"resolve_conflicts": "OVERWRITE"
}
] |
no |
| allowed_cidr_blocks |
List of CIDR blocks to be allowed to connect to the EKS cluster. |
list(string) |
[] |
no |
| allowed_security_groups |
List of Security Group IDs to be allowed to connect to the EKS cluster. |
list(string) |
[] |
no |
| apply_config_map_aws_auth |
Whether to generate local files from kubeconfig and config_map_aws_auth and perform kubectl apply to apply the ConfigMap to allow the worker nodes to join the EKS cluster. |
bool |
true |
no |
| attributes |
Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| cluster_encryption_config_enabled |
Set to true to enable Cluster Encryption Configuration |
bool |
true |
no |
| cluster_encryption_config_kms_key_deletion_window_in_days |
Cluster Encryption Config KMS Key Resource argument - key deletion windows in days post destruction |
number |
10 |
no |
| cluster_encryption_config_kms_key_enable_key_rotation |
Cluster Encryption Config KMS Key Resource argument - enable kms key rotation |
bool |
true |
no |
| cluster_encryption_config_kms_key_policy |
Cluster Encryption Config KMS Key Resource argument - key policy |
string |
null |
no |
| cluster_encryption_config_resources |
Cluster Encryption Config Resources to encrypt, e.g. ['secrets'] |
list(any) |
[
"secrets"
] |
no |
| cluster_ip_family |
The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created |
string |
null |
no |
| cluster_log_retention_period |
Number of days to retain cluster logs. Requires enabled_cluster_log_types to be set. See https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. |
number |
30 |
no |
| cluster_service_ipv4_cidr |
The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks |
string |
null |
no |
| cluster_service_ipv6_cidr |
The CIDR block to assign Kubernetes pod and service IP addresses from if ipv6 was specified when the cluster was created. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster |
string |
null |
no |
| cluster_timeouts |
Create, update, and delete timeout configurations for the cluster |
map(string) |
{} |
no |
| create_schedule |
Determines whether to create autoscaling group schedule or not |
bool |
true |
no |
| eks_additional_security_group_ids |
EKS additional security group id |
list(string) |
[] |
no |
| eks_tags |
Additional tags for EKS Cluster only. |
map(any) |
{} |
no |
| enabled |
Whether to create the resources. Set to false to prevent the module from creating any resources. |
bool |
true |
no |
| enabled_cluster_log_types |
A list of the desired control plane logging to enable. For more information, see https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. Possible values [api, audit, authenticator, controllerManager, scheduler]. |
list(string) |
[
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
] |
no |
| endpoint_private_access |
Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default to AWS EKS resource and it is false. |
bool |
true |
no |
| endpoint_public_access |
Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true. |
bool |
true |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| fargate_enabled |
Whether fargate profile is enabled or not |
bool |
false |
no |
| fargate_profiles |
The number of Fargate Profiles that would be created. |
map(any) |
{} |
no |
| iam_role_additional_policies |
Additional policies to be added to the IAM role |
map(string) |
{} |
no |
| kubernetes_version |
Desired Kubernetes master version. If you do not specify a value, the latest available version is used. |
string |
"" |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| local_exec_interpreter |
shell to use for local_exec |
list(string) |
[
"/bin/sh",
"-c"
] |
no |
| managed_node_group |
Map of eks-managed node group definitions to create |
any |
{} |
no |
| managed_node_group_defaults |
Map of eks-managed node group definitions to create |
any |
{} |
no |
| managedby |
ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. |
string |
"[email protected]" |
no |
| map_additional_aws_accounts |
Additional AWS account numbers to add to config-map-aws-auth ConfigMap |
list(string) |
[] |
no |
| map_additional_iam_roles |
Additional IAM roles to add to config-map-aws-auth ConfigMap |
list(object({
rolearn = string
username = string
groups = list(string)
})) |
[] |
no |
| map_additional_iam_users |
Additional IAM users to add to config-map-aws-auth ConfigMap |
list(object({
userarn = string
username = string
groups = list(string)
})) |
[] |
no |
| name |
Name (e.g. app or cluster). |
string |
"" |
no |
| nodes_additional_security_group_ids |
EKS additional node group ids |
list(string) |
[] |
no |
| oidc_provider_enabled |
Create an IAM OIDC identity provider for the cluster, then you can create IAM roles to associate with a service account in the cluster, instead of using kiam or kube2iam. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html |
bool |
true |
no |
| openid_connect_audiences |
List of OpenID Connect audience client IDs to add to the IRSA provider |
list(string) |
[] |
no |
| outpost_config |
Configuration for the AWS Outpost to provision the cluster on |
any |
{} |
no |
| permissions_boundary |
If provided, all IAM roles will be created with this permissions boundary attached. |
string |
null |
no |
| public_access_cidrs |
Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. |
list(string) |
[
"0.0.0.0/0"
] |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-eks" |
no |
| schedules |
Map of autoscaling group schedule to create |
map(any) |
{} |
no |
| self_node_group_defaults |
Map of self-managed node group default configurations |
any |
{} |
no |
| self_node_groups |
Map of self-managed node group definitions to create |
any |
{} |
no |
| subnet_ids |
A list of subnet IDs to launch the cluster in. |
list(string) |
[] |
no |
| tags |
Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| vpc_id |
VPC ID for the EKS cluster. |
string |
"" |
no |
| vpc_security_group_ids |
A list of security group IDs to associate |
list(string) |
[] |
no |
| wait_for_cluster_command |
local-exec command to execute to determine if the EKS cluster is healthy. Cluster endpoint are available as environment variable ENDPOINT |
string |
"curl --silent --fail --retry 60 --retry-delay 5 --retry-connrefused --insecure --output /dev/null $ENDPOINT/healthz" |
no |