diff --git a/README.md b/README.md
index eab2718..d7953ef 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,115 @@
-# terraform-aws-eks-cluster
-This repository showcases the terraform we use to setup EKS cluster on AWS.
+# Introduction
+This repository showcases the terraform template that will help you to create EKS cluster on AWS. 
+
+---
+
+# AWS EKS Architecture
+![github_eks](https://user-images.githubusercontent.com/38158144/60167519-e29fa700-9820-11e9-9ecc-86be99973cd7.png)
+
+**Note** - Above architecture doesn't reflect all the components that are created by this template. However, it does give an idea about core infrastructure that will be created. 
+
+- Creates a new VPC with CIDR Block - 10.15.0.0/19 (i.e 8190 IPs in a VPC) in a region of your choice. Feel free to change it, values are `variables.tf`.
+- Creates 3 public & 3 private subnets with each size of 1024 IP addresses in each zones
+- Creates security groups required for cluster and worker nodes.
+- Creates recommened IAM service and EC2 roles required for EKS cluster.
+- Creates Internet & NAT Gateway required for public and private communications.
+- Routing Table and routes for public and private subnets.
+
+
+### Before you start
+Before you execute this template make sure following dependencies are met.
+
+- [Install terraform](https://releases.hashicorp.com/terraform/0.11.13/)
+- [Configure AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-linux-al2017.html) - make sure you configure AWS CLI with admin previliges 
+- [AWS iam authenticator](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) - Amazon EKS uses IAM to provide authentication to your Kubernetes cluster through the AWS IAM Authenticator for Kubernetes.
+
+
+### Setup
+```
+$ git clone https://github.com/MediaIQ/terraform-aws-eks-cluster.git
+$ cd terraform-aws-eks-cluster
+```
+
+#### Initialize Terraform
+```
+$ terraform init
+```
+
+#### Terraform Plan
+The terraform plan command is used to create an execution plan. Always a good practice to run it before you apply it to see what all resources will be created.
+
+This will ask you to specify `cluster name` and worker node instance type. 
+
+```
+$ terraform plan
+
+var.cluster-name
+  Enter eks cluster name - example like eks-demo, eks-dev etc
+
+  Enter a value: eks-demo
+
+var.region
+  Enter region you want to create EKS cluster in
+
+  Enter a value: us-east-1
+
+var.ssh_key_pair
+  Enter SSH keypair name that already exist in the account
+
+  Enter a value: eks-keypair
+
+var.worker-node-instance_type
+  enter worker node instance type
+
+  Enter a value: t2.medium
+
+```
+
+#### Apply changes
+```
+$ terraform apply
+```
+
+#### Configure kubectl
+```
+$ aws eks --region <AWS-REGION> update-kubeconfig --name <CLUSTER-NAME>
+```
+**Note:-** If AWS CLI and AWS iam authenticator setup correctly, above command should setup kubeconfig file in ~/.kube/config in your system.
+
+#### Verify EKS cluster
+```
+$ kubectl get svc
+```
+
+**Output:**
+```
+NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+svc/kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   1m
+```
+
+Once cluster is verified succesfully, its time to create a configMap to add the worker nodes into the cluster. We have configured `output` with this template which will produce the configMap file content that you paste in *`aws-auth.yaml`*.
+
+#### Add worker node
+```
+$ kubectl apply -f aws-auth.yaml
+```
+
+#### Nodes status - watch them joining the cluster
+```
+$ kubectl get no -w
+```
+**Note:-** You should be seeing nodes joining the cluster within less than minutes.
+
+---
+
+## Contribution
+We are happy to accept the changes that you think can help the utilities grow.
+
+Here are some things to note:
+
+* Raise a ticket for any requirement
+* Discuss the implementation requirement or bug fix with the team members
+* Fork the repository and solve the issue in one single commit
+* Raise a PR regarding the same issue and attach the required documentation or provide a more detailed overview of the changes
+
+
diff --git a/aws-auth.yaml b/aws-auth.yaml
new file mode 100755
index 0000000..5eb61db
--- /dev/null
+++ b/aws-auth.yaml
@@ -0,0 +1,5 @@
+## This will have the configMap data that you would need to add EKS worker nodes. 
+## We have configured this terraform template to display the configMap details as OUTPUT. 
+## Once ``terrform apply`` is successful, you should see configMap details in the end of the output.
+## Create configMap by ``kubectl apply -f aws-auth.yaml``
+
diff --git a/aws-vpn-gtw.tf b/aws-vpn-gtw.tf
new file mode 100755
index 0000000..4723f39
--- /dev/null
+++ b/aws-vpn-gtw.tf
@@ -0,0 +1,10 @@
+# create aws vpn gateway for EKS VPC
+resource "aws_vpn_gateway" "vpn_gw" {
+  vpc_id = "${aws_vpc.eks.id}"
+
+  tags = "${
+    map(
+     "Name", "eks aws vpn gateway"
+    )
+  }"
+}
diff --git a/eks-architecture.png b/eks-architecture.png
new file mode 100644
index 0000000..ca4c4b1
Binary files /dev/null and b/eks-architecture.png differ
diff --git a/eks-cluster.tf b/eks-cluster.tf
new file mode 100755
index 0000000..c2bf0a2
--- /dev/null
+++ b/eks-cluster.tf
@@ -0,0 +1,103 @@
+#
+# EKS Cluster Resources
+#  * IAM Role to allow EKS service to manage other AWS services
+#  * EC2 Security Group to allow networking traffic with EKS cluster
+#  * EKS Cluster
+#
+
+resource "aws_iam_role" "eks-cluster" {
+  name = "terraform-eks-cluster"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = "${aws_iam_role.eks-cluster.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = "${aws_iam_role.eks-cluster.name}"
+}
+
+## Crate EKS master security group
+resource "aws_security_group" "eks-cluster" {
+  name        = "terraform-eks-cluster"
+  description = "Cluster communication with worker nodes"
+  vpc_id      = "${aws_vpc.eks.id}"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = "${
+    map(
+     "Name", "EKS - kubernetes master sg"
+    )
+  }"
+}
+
+##
+## Required set of ports inbound / outbound
+## More details - https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+##
+
+resource "aws_security_group_rule" "eks-cluster-ingress-node-https" {
+  description              = "Allow pods to communicate with the cluster API Server"
+  from_port                = 443
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.eks-cluster.id}"
+  source_security_group_id = "${aws_security_group.eks-node.id}"
+  to_port                  = 443
+  type                     = "ingress"
+}
+
+resource "aws_security_group_rule" "eks-cluster-ingress-workstation-https" {
+  cidr_blocks       = ["${local.workstation-external-cidr}"]
+  description       = "Allow workstation to communicate with the cluster API Server"
+  from_port         = 443
+  protocol          = "tcp"
+  security_group_id = "${aws_security_group.eks-cluster.id}"
+  to_port           = 443
+  type              = "ingress"
+}
+
+##
+## create EKS cluster
+## attaching required EKS policies
+##
+
+resource "aws_eks_cluster" "eks-cluster" {
+
+  name     = "${var.cluster-name}"
+  role_arn = "${aws_iam_role.eks-cluster.arn}"
+  version  = "${var.eks_version}"
+  # enabled_cluster_log_types = ["api", "audit", "scheduler", "controllerManager"]
+
+  vpc_config {
+    security_group_ids = ["${aws_security_group.eks-cluster.id}"]
+    subnet_ids         = ["${aws_subnet.eks-public.*.id}", "${aws_subnet.eks-private.*.id}"]
+  }
+
+  depends_on = [
+    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy",
+    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSServicePolicy",
+  ]
+}
diff --git a/eks-vpc.tf b/eks-vpc.tf
new file mode 100755
index 0000000..84bee55
--- /dev/null
+++ b/eks-vpc.tf
@@ -0,0 +1,114 @@
+#
+# EKS VPC Resources
+#  * VPC
+#  * Subnets
+#  * Internet Gateway
+#  * Route Table
+#
+
+resource "aws_vpc" "eks" {
+  cidr_block = "10.15.0.0/19"
+  enable_dns_hostnames = true
+
+  tags = "${
+    map(
+     "Name", "eks-vpc",
+     "kubernetes.io/cluster/${var.cluster-name}", "shared",
+    )
+  }"
+}
+
+## EKS public subnets
+resource "aws_subnet" "eks-public" {
+  count = "${length(var.public_subnets)}"
+
+  availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
+  cidr_block        = "${var.public_subnets[count.index]}"
+  vpc_id            = "${aws_vpc.eks.id}"
+
+  tags = "${
+    map(
+     "Name", "eks-public-subnet",
+     "kubernetes.io/cluster/${var.cluster-name}", "shared",
+    )
+  }"
+}
+
+
+## internet gateway
+resource "aws_internet_gateway" "eks-igw" {
+  vpc_id = "${aws_vpc.eks.id}"
+
+  tags {
+    Name = "eks-internet-gateway"
+  }
+}
+
+resource "aws_route_table" "eks-public" {
+  vpc_id = "${aws_vpc.eks.id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.eks-igw.id}"
+  }
+
+}
+
+resource "aws_route_table_association" "eks" {
+  count = "${length(var.public_subnets)}"
+
+  subnet_id      = "${aws_subnet.eks-public.*.id[count.index]}"
+  route_table_id = "${aws_route_table.eks-public.id}"
+}
+
+## EKS private subnets
+## NAT gateway
+## routing table, routing table association
+
+resource "aws_subnet" "eks-private" {
+  count = "${length(var.private_subnets)}"
+
+  availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
+  cidr_block        = "${var.private_subnets[count.index]}"
+  vpc_id            = "${aws_vpc.eks.id}"
+
+  tags = "${
+    map(
+     "Name", "eks-private-subnet",
+     "kubernetes.io/cluster/${var.cluster-name}", "shared",
+     "kubernetes.io/role/internal-elb", "1", 
+    )
+  }"
+}
+
+resource "aws_eip" "nat" {
+  vpc      = true
+}
+
+resource "aws_nat_gateway" "nat_gw" {
+  count = 1
+  
+  allocation_id = "${aws_eip.nat.id}"
+  subnet_id     = "${aws_subnet.eks-public.*.id[count.index]}"  #public subnet 
+  depends_on = ["aws_internet_gateway.eks-igw"]
+
+  tags {
+    Name = "gw NAT"
+  }
+}
+
+
+resource "aws_route_table" "eks-private" {
+  vpc_id = "${aws_vpc.eks.id}"
+
+  tags {
+        Name = "route table for private subnets",
+    }
+}
+
+resource "aws_route_table_association" "eks-private" {
+  count = "${length(var.private_subnets)}"
+
+  subnet_id      = "${aws_subnet.eks-private.*.id[count.index]}"
+  route_table_id = "${aws_route_table.eks-private.id}"
+}
diff --git a/eks-worker-node.tf b/eks-worker-node.tf
new file mode 100755
index 0000000..84f00a8
--- /dev/null
+++ b/eks-worker-node.tf
@@ -0,0 +1,188 @@
+# EKS currently documents this required userdata for EKS worker nodes to
+# properly configure Kubernetes applications on the EC2 instance.
+# We utilize a Terraform local here to simplify Base64 encoding this
+# information into the AutoScaling Launch Configuration.
+# More information: https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml
+
+## updated AMI support for /etc/eks/bootstrap.sh
+##
+
+resource "aws_security_group" "eks-node" {
+  name        = "eks-worker-node"
+  description = "Security group for all nodes in the cluster"
+  vpc_id      = "${aws_vpc.eks.id}"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = "${
+    map(
+     "Name", "eks-worker-node-sg",
+     "kubernetes.io/cluster/${var.cluster-name}", "owned"
+    )
+  }"
+}
+
+resource "aws_security_group_rule" "eks-node-ingress-self" {
+  description              = "Allow node to communicate with each other"
+  from_port                = 0
+  protocol                 = "-1"
+  security_group_id        = "${aws_security_group.eks-node.id}"
+  source_security_group_id = "${aws_security_group.eks-node.id}"
+  to_port                  = 65535
+  type                     = "ingress"
+}
+
+resource "aws_security_group_rule" "eks-node-ingress-cluster" {
+  description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
+  from_port                = 1025
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.eks-node.id}"
+  source_security_group_id = "${aws_security_group.eks-cluster.id}"
+  to_port                  = 65535
+  type                     = "ingress"
+}
+
+# HPA requires 443 to be open for k8s control plane.
+resource "aws_security_group_rule" "eks-node-ingress-hpa" {
+  description              = "Allow HPA to receive communication from the cluster control plane"
+  from_port                = 443
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.eks-node.id}"
+  source_security_group_id = "${aws_security_group.eks-cluster.id}"
+  to_port                  = 443
+  type                     = "ingress"
+}
+
+#### User data for worker launch
+
+locals {
+  eks-node-private-userdata = <<USERDATA
+#!/bin/bash -xe
+
+sudo /etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.eks-cluster.endpoint}' --b64-cluster-ca '${aws_eks_cluster.eks-cluster.certificate_authority.0.data}' '${var.cluster-name}'
+
+USERDATA
+}
+
+resource "aws_launch_configuration" "eks-private-lc" {
+  iam_instance_profile        = "${aws_iam_instance_profile.eks-node.name}"
+  image_id                    = "${var.eks-worker-ami}" ## visit https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
+  instance_type               = "${var.worker-node-instance_type}" # use instance variable
+  key_name                    = "${var.ssh_key_pair}"
+  name_prefix                 = "eks-private"
+  security_groups             = ["${aws_security_group.eks-node.id}"]
+  user_data_base64            = "${base64encode(local.eks-node-private-userdata)}"
+  
+  root_block_device {
+    delete_on_termination = true
+    volume_size = 30
+    volume_type = "gp2"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_autoscaling_group" "eks-private-asg" {
+  desired_capacity     = 1
+  launch_configuration = "${aws_launch_configuration.eks-private-lc.id}"
+  max_size             = 2
+  min_size             = 1
+  name                 = "eks-private"
+  vpc_zone_identifier  = ["${aws_subnet.eks-private.*.id}"]
+
+  tag {
+    key                 = "Name"
+    value               = "eks-worker-private-node"
+    propagate_at_launch = true
+  }
+
+  tag {
+    key                 = "kubernetes.io/cluster/${var.cluster-name}"
+    value               = "owned"
+    propagate_at_launch = true
+  }
+
+## Enable this when you use cluster autoscaler within cluster.
+## https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md
+
+#  tag {
+#    key                 = "k8s.io/cluster-autoscaler/enabled"
+#    value               = ""
+#    propagate_at_launch = true
+#  }
+#
+#  tag {
+#    key                 = "k8s.io/cluster-autoscaler/${var.cluster-name}"
+#    value               = ""
+#    propagate_at_launch = true
+#  }
+
+}
+
+
+# Adding EKS workers scaling policy for scale up/down 
+# Creating Cloudwatch alarms for both scale up/down 
+
+resource "aws_autoscaling_policy" "eks-cpu-policy-private" {
+  name = "eks-cpu-policy-private"
+  autoscaling_group_name = "${aws_autoscaling_group.eks-private-asg.name}"
+  adjustment_type = "ChangeInCapacity"
+  scaling_adjustment = "1"
+  cooldown = "300"
+  policy_type = "SimpleScaling"
+}
+
+# scaling up cloudwatch metric
+resource "aws_cloudwatch_metric_alarm" "eks-cpu-alarm-private" {
+  alarm_name = "eks-cpu-alarm-private"
+  alarm_description = "eks-cpu-alarm-private"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods = "2"
+  metric_name = "CPUUtilization"
+  namespace = "AWS/EC2"
+  period = "120"
+  statistic = "Average"
+  threshold = "80"
+
+dimensions = {
+  "AutoScalingGroupName" = "${aws_autoscaling_group.eks-private-asg.name}"
+}
+  actions_enabled = true
+  alarm_actions = ["${aws_autoscaling_policy.eks-cpu-policy-private.arn}"]
+}
+
+# scale down policy
+resource "aws_autoscaling_policy" "eks-cpu-policy-scaledown-private" {
+  name = "eks-cpu-policy-scaledown-private"
+  autoscaling_group_name = "${aws_autoscaling_group.eks-private-asg.name}"
+  adjustment_type = "ChangeInCapacity"
+  scaling_adjustment = "-1"
+  cooldown = "300"
+  policy_type = "SimpleScaling"
+}
+
+# scale down cloudwatch metric
+resource "aws_cloudwatch_metric_alarm" "eks-cpu-alarm-scaledown-private" {
+  alarm_name = "eks-cpu-alarm-scaledown-private"
+  alarm_description = "eks-cpu-alarm-scaledown-private"
+  comparison_operator = "LessThanOrEqualToThreshold"
+  evaluation_periods = "2"
+  metric_name = "CPUUtilization"
+  namespace = "AWS/EC2"
+  period = "120"
+  statistic = "Average"
+  threshold = "5"
+
+dimensions = {
+  "AutoScalingGroupName" = "${aws_autoscaling_group.eks-private-asg.name}"
+}
+  actions_enabled = true
+  alarm_actions = ["${aws_autoscaling_policy.eks-cpu-policy-scaledown-private.arn}"]
+}
diff --git a/iam.tf b/iam.tf
new file mode 100644
index 0000000..f285a26
--- /dev/null
+++ b/iam.tf
@@ -0,0 +1,95 @@
+# EKS currently documents this required userdata for EKS worker nodes to
+# properly configure Kubernetes applications on the EC2 instance.
+# We utilize a Terraform local here to simplify Base64 encoding this
+# information into the AutoScaling Launch Configuration.
+# More information: https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml
+
+## updated AMI support for /etc/eks/bootstrap.sh
+##
+
+resource "aws_iam_role" "eks-node" {
+  name = "eks-node"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+## Kube2IAM - allow worker to assume all roles
+resource "aws_iam_role_policy" "kube2iam_worker_policy" {
+  name = "kube2iam_worker_policy"
+  role = "${aws_iam_role.eks-node.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "sts:AssumeRole"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+###
+##  Allow worker nodes to send memory metrics to cloudwatch
+resource "aws_iam_role_policy" "mem_scaling_worker_policy" {
+  name = "mem_scaling_worker_policy"
+  role = "${aws_iam_role.eks-node.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "cloudwatch:PutMetricData",
+        "ec2:DescribeTags",
+        "cloudwatch:GetMetricStatistics",
+        "cloudwatch:ListMetrics"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "eks-node-AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = "${aws_iam_role.eks-node.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "eks-node-AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = "${aws_iam_role.eks-node.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "eks-node-AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = "${aws_iam_role.eks-node.name}"
+}
+
+resource "aws_iam_instance_profile" "eks-node" {
+  name = "eks-instance-role"
+  role = "${aws_iam_role.eks-node.name}"
+}
+
diff --git a/outputs.tf b/outputs.tf
new file mode 100755
index 0000000..9bdbb9d
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,59 @@
+#
+# Outputs
+#
+
+locals {
+  config-map-aws-auth = <<CONFIGMAPAWSAUTH
+
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aws-auth
+  namespace: kube-system
+data:
+  mapRoles: |
+    - rolearn: ${aws_iam_role.eks-node.arn}
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes
+CONFIGMAPAWSAUTH
+
+  kubeconfig = <<KUBECONFIG
+
+
+apiVersion: v1
+clusters:
+- cluster:
+    server: ${aws_eks_cluster.eks-cluster.endpoint}
+    certificate-authority-data: ${aws_eks_cluster.eks-cluster.certificate_authority.0.data}
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: aws
+  name: aws
+current-context: aws
+kind: Config
+preferences: {}
+users:
+- name: aws
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      command: aws-iam-authenticator
+      args:
+        - "token"
+        - "-i"
+        - "${var.cluster-name}"
+KUBECONFIG
+}
+
+output "config-map-aws-auth" {
+  value = "${local.config-map-aws-auth}"
+}
+
+output "kubeconfig" {
+  value = "${local.kubeconfig}"
+}
diff --git a/private-route.tf b/private-route.tf
new file mode 100644
index 0000000..a37c289
--- /dev/null
+++ b/private-route.tf
@@ -0,0 +1,6 @@
+## Enable internal route for NAT gw
+resource "aws_route" "nat_gtw" {
+ route_table_id = "${aws_route_table.eks-private.id}"
+ destination_cidr_block = "0.0.0.0/0"
+ nat_gateway_id = "${aws_nat_gateway.nat_gw.id}"    
+}
diff --git a/providers.tf b/providers.tf
new file mode 100755
index 0000000..fa5fd1b
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,15 @@
+#
+# Provider Configuration
+#
+
+provider "aws" {
+  region = "${var.region}"
+  profile = "${var.aws_profile}"
+}
+
+# Using these data sources allows the configuration to be
+# generic for any region.
+data "aws_region" "current" {}
+
+data "aws_availability_zones" "available" {}
+
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..e9485e6
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,47 @@
+variable "cluster-name" {
+  description = "Enter eks cluster name - example like eks-demo, eks-dev etc"
+  type    = "string"
+}
+
+variable "eks-worker-ami" {
+  description = "Please visit here - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html and select your pre-baked AMI depending on the cluster version and the region you are planning to launch cluster into"
+}
+
+# In eks worker node instance type directly affects the number of PODs can run on a Node. Choose wisely.
+# https://github.com/awslabs/amazon-eks-ami/blob/master/files/eni-max-pods.txt
+
+variable "worker-node-instance_type" {
+  description = "enter worker node instance type"
+}
+
+variable "ssh_key_pair" {
+   description = "Enter SSH keypair name that already exist in the account"
+
+}
+
+variable "public_subnets" {
+    type    = "list"
+    description = "you can replace these values as per your choice of subnet range"
+    default = ["10.15.0.0/22", "10.15.4.0/22", "10.15.8.0/22"]
+}
+
+variable "private_subnets" {
+    type    = "list"
+    description = "you can replace these values as per your choice of subnet range"
+    default = ["10.15.12.0/22", "10.15.16.0/22", "10.15.20.0/22"]
+}
+
+variable "aws_profile" {
+  default = "eks"
+  description = "configure AWS CLI profile"
+}
+
+variable "eks_version" {
+   description = "kubernetes cluster version provided by AWS EKS - It would be like 1.12 or 1.13"
+
+}
+
+variable "region" {
+   description = "Enter region you want to create EKS cluster in"
+
+}
diff --git a/workstation-external-ip.tf b/workstation-external-ip.tf
new file mode 100644
index 0000000..42afb21
--- /dev/null
+++ b/workstation-external-ip.tf
@@ -0,0 +1,19 @@
+#
+# Local Workstation External IP
+#
+# Optional configuration is not required and is
+# only provided as an example to easily fetch
+# the external IP of your local workstation to
+# configure inbound EC2 Security Group access
+# to the Kubernetes cluster.
+#
+
+data "http" "workstation-external-ip" {
+  url = "http://ipv4.icanhazip.com"
+}
+
+# Override with variable or hardcoded value if necessary
+locals {
+  workstation-external-cidr = "${chomp(data.http.workstation-external-ip.body)}/32"
+}
+