eks-cluster
cloudposse/eks-cluster/aws
Terraform Module
HCL
AWS
Terraform module for provisioning an EKS cluster
Install
module "eks-cluster" {
source = "cloudposse/eks-cluster/aws"
version = "4.8.0"
}
README
Terraform module to provision an EKS cluster on AWS. This Terraform module provisions a fully configured AWS EKS (Elastic Kubernetes Service) cluster. It's engineered to integrate smoothly with Karpenter and EKS addons, forming a critical part of Cloud Posse's reference architecture. Ideal for teams looking to deploy scalable and manageable Kubernetes clusters on AWS with minimal fuss. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction The module provisions the following resources: - EKS cluster of master nodes that
Inputs (50)
| Name | Type | Description | Default |
|---|---|---|---|
| subnet_ids | list(string) | A list of subnet IDs to launch the cluster in | |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| associated_security_group_ids | list(string) | A list of IDs of Security Groups to associate the cluster with. These security g | [] |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| region | string | OBSOLETE (not needed): AWS Region | null |
| cluster_encryption_config_kms_key_policy | string | Cluster Encryption Config KMS Key Resource argument - key policy | null |
| addons_depends_on | any | If provided, all addons will depend on this object, and therefore not be install | null |
| allowed_security_group_ids | list(string) | A list of IDs of Security Groups to allow access to the cluster. | [] |
| eks_cluster_service_role_arn | string | The ARN of an IAM role for the EKS cluster to use that provides permissions for | null |
| access_entry_map | map(object({ # key is prin | Map of IAM Principal ARNs to access configuration. Preferred over other inputs a | {} |
| managed_security_group_rules_enabled | bool | Flag to enable/disable the ingress and egress rules for the EKS managed Security | true |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| cluster_depends_on | any | If provided, the EKS will depend on this object, and therefore not be created un | null |
| cluster_encryption_config_enabled | bool | Set to `true` to enable Cluster Encryption Configuration | true |
| cluster_encryption_config_resources | list(any) | Cluster Encryption Config Resources to encrypt, e.g. ['secrets'] | [
"secrets"
] |
| bootstrap_self_managed_addons_enabled | bool | Manages bootstrap of default networking addons after cluster has been created | null |
| custom_ingress_rules | list(object({ description | A List of Objects, which are custom security group rules that | [] |
| kubernetes_version | string | Desired Kubernetes master version. If you do not specify a value, the latest ava | "1.21" |
| endpoint_public_access | bool | Indicates whether or not the Amazon EKS public API server endpoint is enabled. D | true |
| cluster_log_retention_period | number | Number of days to retain cluster logs. Requires `enabled_cluster_log_types` to b | 0 |
| permissions_boundary | string | If provided, all IAM roles will be created with this permissions boundary attach | null |
| … and 10 more inputs | |||
Outputs (18)
eks_cluster_role_arn — ARN of the EKS cluster IAM rolecluster_encryption_config_enabled — If true, Cluster Encryption Configuration is enabledcluster_encryption_config_provider_key_alias — Cluster Encryption Config KMS Key Alias ARNcloudwatch_log_group_name — The name of the log group created in cloudwatch where cluster logs are forwarded to if enabledeks_cluster_identity_oidc_issuer_arn — The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service eks_cluster_certificate_authority_data — The Kubernetes cluster certificate authority dataeks_cluster_id — The name of the clustereks_cluster_arn — The Amazon Resource Name (ARN) of the clustereks_addons_versions — Map of enabled EKS Addons names and versionscluster_encryption_config_provider_key_arn — Cluster Encryption Config KMS Key ARNeks_cluster_version — The Kubernetes server version of the clustereks_cluster_identity_oidc_issuer — The OIDC Identity issuer for the clustereks_cluster_managed_security_group_id — Security Group ID that was created by EKS for the cluster.
EKS creates a Security Group and applies eks_cluster_ipv4_service_cidr — The IPv4 CIDR block that Kubernetes pod and service IP addresses are assigned from
if `kubernetes_neeks_cluster_ipv6_service_cidr — The IPv6 CIDR block that Kubernetes pod and service IP addresses are assigned from
if `kubernetes_necluster_encryption_config_resources — Cluster Encryption Config Resourcescloudwatch_log_group_kms_key_id — KMS Key ID to encrypt AWS CloudWatch logseks_cluster_endpoint — The endpoint for the Kubernetes API serverResources (12)
aws_cloudwatch_log_groupaws_eks_access_entryaws_eks_access_policy_associationaws_eks_addonaws_eks_clusteraws_iam_openid_connect_provideraws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_kms_aliasaws_kms_keyaws_vpc_security_group_ingress_rule
Details
FrameworkTerraform Module
LanguageHCL
Version4.8.0
Cloud AWS
★ Stars548
Forks366
Total downloads1.0M
Inputs50
Outputs18
Resources12
Examples2
LicenseApache-2.0
Namespacecloudposse
Updated
Similar packages
caf-enterprise-scale
Azure landing zones Terraform module
★ 952terraform
caf
Terraform supermodule for the Terraform platform engineering for Azure
★ 581terraform
lz-vending
Terraform module to deploy landing zone subscriptions (and much more) in Azure
★ 210terraform
label
Terraform Module to define a consistent naming convention by (namespace, stage,
★ 702terraform