feat: Add support bootstrap_self_managed_addons

README.md

@@ -411,6 +411,7 @@ Available targets:
 | <a name="input_allowed_security_group_ids"></a> [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the cluster. | `list(string)` | `[]` | no |
 | <a name="input_associated_security_group_ids"></a> [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the cluster with.<br>These security groups will not be modified. | `list(string)` | `[]` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
+| <a name="input_bootstrap_self_managed_addons"></a> [bootstrap\_self\_managed\_addons](#input\_bootstrap\_self\_managed\_addons) | Manages bootstrap of default networking addons after cluster has been created | `bool` | `null` | no |
 | <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
 | <a name="input_cluster_attributes"></a> [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | <pre>[<br>  "cluster"<br>]</pre> | no |

docs/terraform.md

@@ -66,6 +66,8 @@
 | <a name="input_allowed_security_group_ids"></a> [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the cluster. | `list(string)` | `[]` | no |
 | <a name="input_associated_security_group_ids"></a> [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the cluster with.<br>These security groups will not be modified. | `list(string)` | `[]` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
+| <a name="input_bootstrap_self_managed_addons"></a> [bootstrap\_self\_managed\_addons](#input\_bootstrap\_self\_managed\_addons) | Manages bootstrap of default networking addons after cluster has been created | `bool` | `null` | no |
+| <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
 | <a name="input_cluster_attributes"></a> [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | <pre>[<br>  "cluster"<br>]</pre> | no |
 | <a name="input_cluster_depends_on"></a> [cluster\_depends\_on](#input\_cluster\_depends\_on) | If provided, the EKS will depend on this object, and therefore not be created until this object is finalized.<br>This is useful if you want to ensure that the cluster is not created before some other condition is met, e.g. VPNs into the subnet are created. | `any` | `null` | no |

examples/complete/main.tf

@@ -110,8 +110,9 @@ module "eks_cluster" {
   cluster_encryption_config_kms_key_policy                  = var.cluster_encryption_config_kms_key_policy
   cluster_encryption_config_resources                       = var.cluster_encryption_config_resources
 
-  addons            = local.addons
-  addons_depends_on = [module.eks_node_group]
+  addons                        = local.addons
+  addons_depends_on             = [module.eks_node_group]
+  bootstrap_self_managed_addons = var.bootstrap_self_managed_addons
 
   access_entry_map = local.access_entry_map
   access_config = {

examples/complete/variables.tf

@@ -109,6 +109,12 @@ variable "addons" {
   description = "Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources."
 }
 
+variable "bootstrap_self_managed_addons" {
+  description = "Manages bootstrap of default networking addons after cluster has been created"
+  type        = bool
+  default     = null
+}
+
 variable "private_ipv6_enabled" {
   type        = bool
   default     = false

main.tf

@@ -56,12 +56,13 @@ resource "aws_kms_alias" "cluster" {
 resource "aws_eks_cluster" "default" {
   #bridgecrew:skip=BC_AWS_KUBERNETES_1:Allow permissive security group for public access, difficult to restrict without a VPN
   #bridgecrew:skip=BC_AWS_KUBERNETES_4:Let user decide on control plane logging, not necessary in non-production environments
-  count                     = local.enabled ? 1 : 0
-  name                      = module.label.id
-  tags                      = module.label.tags
-  role_arn                  = local.eks_service_role_arn
-  version                   = var.kubernetes_version
-  enabled_cluster_log_types = var.enabled_cluster_log_types
+  count                         = local.enabled ? 1 : 0
+  name                          = module.label.id
+  tags                          = module.label.tags
+  role_arn                      = local.eks_service_role_arn
+  version                       = var.kubernetes_version
+  enabled_cluster_log_types     = var.enabled_cluster_log_types
+  bootstrap_self_managed_addons = var.bootstrap_self_managed_addons
 
   access_config {
     authentication_mode                         = var.access_config.authentication_mode

variables.tf

@@ -197,6 +197,12 @@ variable "addons_depends_on" {
   default     = null
 }
 
+variable "bootstrap_self_managed_addons" {
+  description = "Manages bootstrap of default networking addons after cluster has been created"
+  type        = bool
+  default     = null
+}
+
 variable "cluster_attributes" {
   type        = list(string)
   description = "Override label module default cluster attributes"