Terraform EKS module

The module is designed to create AWS EKS cluster with all necessary AWS resources such as:

• VPC network and subnets with proper tagging,
• Security Groups
• NAT Gateways
• AWS KMS encryption key to envelope encrypt Kubernetes Secrets
• AWS EKS clusters with default node group

Available Features

Requirements

No requirements.

Providers

Name	Version
aws	5.80.0
kubernetes	2.34.0

Modules

Name	Source	Version
ebs_csi_irsa_role	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	5.24.0
eks	terraform-aws-modules/eks/aws	19.19.0
vpc	terraform-aws-modules/vpc/aws	5.0.0

Resources

Name	Type
kubernetes_storage_class.storage_class	resource
aws_availability_zones.available	data source
aws_caller_identity.current	data source
aws_partition.current	data source
aws_vpc.selected	data source

Inputs

Name	Description	Type	Default	Required
additional_tags	Additional tags to include	map(string)	{}	no
create_aws_auth_configmap	Should Terraform create aws_auth ConfigMap used for setting up cluster access	bool	false	no
create_vpc	Specifies if new VPC be created, if not vpc_id and subnet_ids variables need to be provided	bool	true	no
eks_additional_cluster_addons	Map of additional cluster addon configurations to enable for the cluster.	any	{}	no
eks_cluster_auth_role	AWS roles with access permission to EKS cluster	list(object({ rolearn : string username : string groups = list(string) }))	[]	no
eks_cluster_auth_user	AWS users with access permission to EKS cluster	list(object({ userarn : string username : string groups = list(string) }))	[]	no
eks_cluster_endpoint_access	EKS managed node group default configurations	object({ enable_public_access : bool enable_private_access : bool })	{ "enable_private_access": false, "enable_public_access": true }	no
eks_cluster_fargate_profiles	EKS Fargate profile object	map(object({}))	{}	no
eks_cluster_log_types	A list of the desired control plane logs to enable	list(string)	[ "api", "audit", "authenticator" ]	no
eks_cluster_name	Name of the Kubernetes cluster	string	"eks-cluster"	no
eks_cluster_node_groups	EKS managed additional node group	any	{}	no
eks_cluster_node_groups_default_configuration	EKS managed node group default configurations	any	{ "attach_cluster_primary_security_group": true, "desired_size": 3, "disk_size": 40, "instance_types": [ "m5.large" ], "labels": { "node-group": "default" }, "max_size": 5, "min_size": 1 }	no
eks_cluster_version	Kubernetes cluster version	string	"1.26"	no
eks_create	Specifies if actually create the EKS cluster	bool	true	no
eks_default_cluster_addons	Map of default cluster addon configurations to enable for the cluster.	any	{ "coredns": { "most_recent": true, "preserve": true, "resolve_conflicts": "OVERWRITE" }, "kube-proxy": { "most_recent": true, "preserve": true, "resolve_conflicts": "OVERWRITE" }, "vpc-cni": { "most_recent": true, "preserve": true, "resolve_conflicts": "OVERWRITE" } }	no
eks_enable_secret_encryption	Should KMS key to encrypt kubernetes secrets be generated	bool	true	no
eks_node_security_group_tags	Map of tags for eks node sg	map(string)	{}	no
eks_single_az	Specifies if all node's should be deployed in the same AZ	bool	false	no
eks_storage_classes	EBS storage class with custom parameters	list(object({ name = string storage_class_provisioner = string parameters = optional(map(string)) volume_binding_mode = optional(string) reclaim_policy = optional(string) } ))	[]	no
enable_bastion	True if bastion host should be created	bool	false	no
enable_ebs_csi_driver	Specifies if enable the EBS/CSI driver	bool	true	no
environment	Environment name	string	n/a	yes
logs_retention_days	Log retention in days	number	14	no
manage_aws_auth_configmap	Should Terraform manage aws_auth ConfigMap used for setting up cluster access	bool	true	no
org	Organization name - part of other resource names	string	"terraform"	no
private_subnet_ids	List of IDs of existing private subnets, only used when create_vpc is set to false	list(string)	[]	no
public_subnet_ids	List of IDs of existing public subnets, only used when create_vpc is set to false	list(string)	[]	no
region	n/a	string	"eu-central-1"	no
vpc_cidr	VPC CIDR address	string	"10.0.0.0/16"	no
vpc_id	ID of existing VPC, only used when create_vpc is set to false	string	""	no
vpc_nat_setting	Enable NAT Gateway	object({ enable_nat_gateway : bool multi_az_nat_gateway : bool })	{ "enable_nat_gateway": true, "multi_az_nat_gateway": false }	no

Outputs

Name	Description
eks_cluster_arn	ARN of the cluster
eks_cluster_certificate_authority_data	Base64 encoded certificate data required to communicate with the cluster
eks_cluster_endpoint	Endpoint for your Kubernetes API server
eks_cluster_id	The id of the cluster
eks_cluster_name	The name of the cluster
eks_cluster_oidc_issuer_arn	The ARN on the EKS cluster OIDC provider
eks_cluster_oidc_issuer_url	The URL on the EKS cluster OIDC Issuer
eks_cluster_primary_security_group_id	The cluster primary security group ID created by the EKS cluster
eks_cluster_version	The Kubernetes server version for the EKS cluster.
vpc_id	The VPC ID
vpc_name	The name of the VPC
vpc_nats_ids	The list of allocation ID for Elastic IPs
vpc_private_route_table_ids	The list of IDs of private route tables
vpc_private_subnets_ids	The list of private subnets IDs associated with the VPC
vpc_public_route_table_ids	The list of IDs of public route tables
vpc_public_subnets_ids	The list of public subnets IDs associated with the VPC

eks_storage_classes variable

The eks_storage_classes variable takes the following parameters:

Name	Description	Type	Default	Required
name	Standard storage class's name in metadata	string	""	Required
storage_class_provisioner	Indicates the type of the provisioner	string	""	Required
parameters	The parameters for the provisioner that should create volumes of this storage class. See the documentaion for the available parameters	map(string)	{}	Optional
volume_binding_mode	Indicates when volume binding and dynamic provisioning should occur	string	"WaitForFirstConsumer"	Optional
reclaim_policy	Indicates the reclaim policy to use	string	"Delete"	Optional