Terraform module to deploy AWS EKS
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles CÈBE ba47603d01
fix: mistakes in CHANGELOG + AZ
1 month ago
examples/default fix: mistakes in CHANGELOG + AZ 1 month ago
.gitignore fix pre-commit modifications 2 years ago
.pre-commit-config.yaml chore: bumps pre-commit hooks versions 2 months ago
CHANGELOG.md fix: mistakes in CHANGELOG + AZ 1 month ago
Jenkinsfile fix pre-commit modifications 2 years ago
LICENSE refactor: main.tf + versions.tf + LICENSE 1 month ago
README.md refactor: main.tf + versions.tf + LICENSE 1 month ago
data.tf fix: Add calculation of certificate thumbprint 1 year ago
main.tf refactor: main.tf + versions.tf + LICENSE 1 month ago
outputs.tf feat: Add security group to attach to workers 8 months ago
variables.tf fix: default value (0) for `allowed_security_group_count` (as we did for `allowed_security_group_ids`) 8 months ago
versions.tf refactor: main.tf + versions.tf + LICENSE 1 month ago

README.md

terraform-module-aws-eks

Terraform module to deploy EKS cluster on AWS. Optionally it can deploy ALB ingress controller.

Requirements

Name Version
terraform >= 0.14
aws >= 3.0
tls >= 3.0

Providers

Name Version
aws >= 3.0
kubernetes n/a
tls >= 3.0

Modules

No modules.

Resources

Name Type
aws_eks_cluster.this resource
aws_iam_openid_connect_provider.this resource
aws_iam_policy.this resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.master_cluster_policy resource
aws_iam_role_policy_attachment.master_missing_policy_from_aws resource
aws_iam_role_policy_attachment.master_service_policy resource
aws_security_group.this resource
aws_security_group.worker resource
aws_security_group_rule.this_allowed_egress_443 resource
aws_security_group_rule.this_allowed_egress_cidrs_443 resource
aws_security_group_rule.this_allowed_egress_cidrs_highports resource
aws_security_group_rule.this_allowed_egress_highports resource
aws_security_group_rule.this_allowed_egress_worker_443 resource
aws_security_group_rule.this_allowed_egress_worker_highports resource
aws_security_group_rule.this_ingress_443 resource
aws_security_group_rule.this_ingress_443_cidrs resource
aws_security_group_rule.this_ingress_443_worker resource
aws_security_group_rule.worker_egress_any resource
aws_security_group_rule.worker_ingress_controlplane_443 resource
aws_security_group_rule.worker_ingress_controlplane_highports resource
aws_security_group_rule.worker_ingress_self_any resource
kubernetes_config_map.this resource
aws_iam_policy_document.allow_ec2_describe data source
aws_iam_policy_document.this data source
aws_subnet.this data source
tls_certificate.this data source

Inputs

Name Description Type Default Required
allowed_cidrs List of CIDRs that will be allowed to talk to the EKS cluster. list(string) [] no
allowed_security_group_count exact length of the allowed_security_group_ids variable. number 0 no
allowed_security_group_ids List of security group ID's that will be allowed to talk to the EKS cluster. list(string) [] no
aws_auth_configmap_data List of maps that represent the aws-auth data needed for EKS to work properly. https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html for more information. list [] no
eks_tags Map of tags that will be applied on the EKS cluster. map {} no
enabled Whether or not to enable this module. bool true no
iam_policy_name Name of the additionnal IAM policy for the EKS cluster. string "eks-cluster" no
iam_role_name Name of the IAM role for the EKS cluster. string "eks-cluster" no
iam_role_tags Map of tags that will be applied on the IAM role. map {} no
kubernetes_aws_iam_integration_enabled Whether or not to enable the IAM Integration in kubernetes (this will allow you to map AWS IAM roles to specific Kubernetes service acounts) bool true no
kubernetes_version Version that will be used for the EKS cluster. string null no
name Name of the EKS cluster. string "eks-cluster" no
private_access Whether or not to enable private access to the EKS endpoint. bool false no
public_access Whether or not to enable public access to the EKS endpoint. bool true no
security_group_ids List of additionnal security group ID's to set on the AKS cluster. list [] no
security_group_name Name of the security group for the EKS cluster. string "eks-cluster" no
security_group_tags Map of tags that will be applied on the security group. map {} no
subnet_ids List of subnet ID's where the EKS master will be available from. list(string) n/a yes
tags Map of tags that will be applied on all resources. map {} no
worker_security_group_name Name of the security group for the EKS cluster. string "eks-workers-cluster" no
worker_security_group_tags Map of tags that will be applied on the security group. map {} no

Outputs

Name Description
arn ARN of the EKS cluster that is created.
certificate_authority Base 64 encoded certificate authority of the EKS cluster that is created.
endpoint Endpoint of the EKS cluster that is created.
iam_openid_connect_provider_arn n/a
iam_openid_connect_provider_url n/a
iam_role_arn ARN of the IAM role that is created.
iam_role_id ID of the IAM role that is created.
iam_role_name Name of the IAM role that is created.
iam_role_unique_id Uniauq ID of the IAM role that is created.
id ID of the EKS cluster that is created.
kubernates_config_map_name Config map for EKS workers
kubernetes_version Version of the EKS cluster.
name Name of the EKS cluster that is created.
security_group_arn ARN of the security group that is created.
security_group_id ID of the security group that is created.
security_group_name Name of the security group that is created.
worker_security_group_arn ARN of the security group that is created for the workers.
worker_security_group_id ID of the security group that is created for the workers