terraform

Mar 11, 2025

ad83c2d · Mar 11, 2025

Name	Name	Last commit message	Last commit date
parent directory ..
configs	configs	module fixes and improvements	Aug 31, 2023
policies	policies	add initial changes	Aug 30, 2023
README.md	README.md	add cw groups for container insights	Jul 5, 2024
cloudwatch.tf	cloudwatch.tf	add cw groups for container insights	Jul 5, 2024
data-vpce.tf	data-vpce.tf	upgrade module to support eks 1.32	Jan 29, 2025
data.tf	data.tf	Update cluster role trusted policy	Feb 4, 2025
eks-addon-coredns.tf	eks-addon-coredns.tf	more improvements	Aug 30, 2023
eks-addons.tf	eks-addons.tf	add new addons	Jan 5, 2024
eks-cluster.tf	eks-cluster.tf	Update EKS cluster IAM Role perms	Feb 3, 2025
eks-managed-node-group-al2023.tf	eks-managed-node-group-al2023.tf	Update eks-managed-node-group-al2023.tf	Nov 14, 2024
eks-nodes-karpenter.tf	eks-nodes-karpenter.tf	Update eks-nodes-karpenter.tf	Nov 14, 2024
kms.tf	kms.tf	more improvements	Aug 30, 2023
locals.tf	locals.tf	remove legacy service ipv4 local	May 1, 2024
oidc-iam-policies.tf	oidc-iam-policies.tf	Update oidc-iam-policies.tf	Mar 11, 2025
oidc-iam-roles.tf	oidc-iam-roles.tf	improved partition detection	Aug 30, 2023
openid-connect.tf	openid-connect.tf	improved partition detection	Aug 30, 2023
sqs.tf	sqs.tf	module fixes and improvements	Aug 31, 2023
terraform.tfvars	terraform.tfvars	upgrade module to support eks 1.32	Jan 29, 2025
userdata_al2023.tpl	userdata_al2023.tpl	upgrade critical nodes to AL2023 plus improvements	Apr 29, 2024
variables.tf	variables.tf	add new addons	Jan 5, 2024
versions.tf	versions.tf	Update versions.tf	Nov 6, 2024
vpc.tf	vpc.tf	upgrade module to support eks 1.32	Jan 29, 2025

README.md

Usage

To run this module you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Requirements

Name	Version
terraform	>= 1.6.0
aws	>= 5.31
tls	>= 4.0

Providers

Name	Version
aws	>= 5.31
tls	>= 4.0

Modules

Name	Source	Version
eks_cluster	native-cube/kms/aws	~> 1.0.0
eks_node_group_al2023	native-cube/eks-node-group/aws	~> 1.1.0
eks_vpc_flow_logs	native-cube/vpc-flow-logs/aws	~> 2.1.0
vpc_eks	terraform-aws-modules/vpc/aws	5.8.1

Resources

Name	Type
aws_cloudwatch_event_rule.karpenter_spot_interruption	resource
aws_cloudwatch_event_target.karpenter_spot_interruption	resource
aws_cloudwatch_log_group.cluster	resource
aws_cloudwatch_log_group.cluster_application	resource
aws_cloudwatch_log_group.cluster_dataplane	resource
aws_cloudwatch_log_group.cluster_host	resource
aws_cloudwatch_log_group.cluster_performance	resource
aws_eks_addon.adot	resource
aws_eks_addon.aws_ebs_csi_driver	resource
aws_eks_addon.cloudwatch	resource
aws_eks_addon.core_dns	resource
aws_eks_addon.guardduty	resource
aws_eks_addon.identity_agent	resource
aws_eks_addon.kube_proxy	resource
aws_eks_addon.kubecost	resource
aws_eks_addon.snapshot_controller	resource
aws_eks_cluster.cluster	resource
aws_iam_instance_profile.eks_node_karpenter	resource
aws_iam_openid_connect_provider.cluster	resource
aws_iam_role.adot_collector	resource
aws_iam_role.cert_manager	resource
aws_iam_role.cluster	resource
aws_iam_role.ebs_csi_controller_sa	resource
aws_iam_role.eks_node_group	resource
aws_iam_role.eks_node_karpenter	resource
aws_iam_role.external_dns	resource
aws_iam_role.karpenter_controller	resource
aws_iam_role.load_balancer_controller	resource
aws_iam_role_policy.cert_manager	resource
aws_iam_role_policy.external_dns	resource
aws_iam_role_policy.karpenter_controller	resource
aws_iam_role_policy.load_balancer_controller	resource
aws_launch_template.cluster_al2023	resource
aws_security_group.core_dns	resource
aws_security_group.eks_vpc_endpoint	resource
aws_security_group.eks_vpc_endpoint_guardduty	resource
aws_security_group.node	resource
aws_security_group_rule.eks_vpc_endpoint_egress	resource
aws_security_group_rule.eks_vpc_endpoint_self_ingress	resource
aws_sqs_queue.karpenter_spot_interruption	resource
aws_sqs_queue_policy.karpenter_spot_interruption	resource
aws_vpc_endpoint.eks_vpc_aps_workspaces	resource
aws_vpc_endpoint.eks_vpc_ecr_dkr	resource
aws_vpc_endpoint.eks_vpc_guardduty	resource
aws_vpc_endpoint.eks_vpc_s3	resource
aws_vpc_endpoint.eks_vpc_sts	resource
aws_vpc_security_group_egress_rule.cluster_to_karpenter_nodes	resource
aws_vpc_security_group_egress_rule.core_dns_tcp	resource
aws_vpc_security_group_egress_rule.core_dns_udp	resource
aws_vpc_security_group_egress_rule.node_to_cluster	resource
aws_vpc_security_group_egress_rule.node_to_internet	resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_control_plane	resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_control_plane_to_core_dns	resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_karpenter_nodes_to_core_dns	resource
aws_vpc_security_group_ingress_rule.allow_ingress_from_coredns_to_cluster_nodes	resource
aws_vpc_security_group_ingress_rule.allow_ingress_from_coredns_to_karpenter_nodes	resource
aws_vpc_security_group_ingress_rule.cluster_to_nodes	resource
aws_vpc_security_group_ingress_rule.cluster_to_vpc_endpoints	resource
aws_vpc_security_group_ingress_rule.eks_vpc_guardduty	resource
aws_vpc_security_group_ingress_rule.node_to_vpc_endpoints	resource
aws_vpc_security_group_ingress_rule.self	resource
aws_caller_identity.current	data source
aws_iam_policy_document.cert_manager	data source
aws_iam_policy_document.cluster_role_assume_role_policy	data source
aws_iam_policy_document.eks_node_custom_inline_policy	data source
aws_iam_policy_document.eks_node_group_assume_role_policy	data source
aws_iam_policy_document.eks_node_karpenter_assume_role_policy	data source
aws_iam_policy_document.eks_vpc_aps_workspaces	data source
aws_iam_policy_document.eks_vpc_guardduty	data source
aws_iam_policy_document.external_dns	data source
aws_iam_policy_document.karpenter_controller	data source
aws_iam_policy_document.karpenter_spot_interruption	data source
aws_iam_policy_document.kms_policy_cluster	data source
aws_iam_policy_document.load_balancer_controller	data source
aws_partition.current	data source
aws_region.current	data source
aws_ssm_parameter.eks_al2023	data source
aws_ssm_parameter.eks_optimized_ami_id	data source
aws_vpc_endpoint_service.aps_workspaces	data source
aws_vpc_endpoint_service.ecr_dkr	data source
aws_vpc_endpoint_service.guardduty	data source
aws_vpc_endpoint_service.s3	data source
aws_vpc_endpoint_service.sts	data source
tls_certificate.cluster	data source

Inputs

Name	Description	Type	Default	Required
azs	A list of availability zones names or ids in the region	`list(string)`	`[]`	no
ebs_delete_on_termination	Whether the volume should be destroyed on instance termination.	`bool`	`true`	no
ebs_encrypted	Enables EBS encryption on the volume.	`bool`	`true`	no
ebs_volume_size	The size of the volume in gigabytes.	`number`	`100`	no
ebs_volume_type	The volume type.	`string`	`"gp3"`	no
eks_addon_version_adot	ADOT EKS addon version.	`string`	`null`	no
eks_addon_version_cloudwatch	Cloudwatch EKS addon version.	`string`	`null`	no
eks_addon_version_core_dns	Core DNS managed EKS addon version.	`string`	`null`	no
eks_addon_version_ebs_csi_driver	AWS ebs csi driver managed EKS addon version.	`string`	`null`	no
eks_addon_version_guardduty	Guardduty agent EKS addon version.	`string`	`null`	no
eks_addon_version_identity_agent	Pod Identity Agent EKS addon version.	`string`	`null`	no
eks_addon_version_kube_proxy	Kube proxy managed EKS addon version.	`string`	`null`	no
eks_addon_version_kubecost	KubeCost EKS addon version.	`string`	`null`	no
eks_addon_version_snapshot_controller	CSI Snapshot Controller EKS addon version.	`string`	`null`	no
eks_enabled_log_types	List of the desired control plane logging to enable.	`list(string)`	`[]`	no
eks_endpoint_private_access	Whether the Amazon EKS private API server endpoint is enabled.	`bool`	`true`	no
eks_endpoint_public_access	Whether the Amazon EKS public API server endpoint is enabled.	`bool`	`true`	no
eks_public_access_cidrs	List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled.	`list(string)`	[ "0.0.0.0/0" ]	no
eks_security_group_ids	List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.	`list(string)`	`[]`	no
eks_service_ipv4_cidr	The CIDR block to assign Kubernetes service IP addresses from.	`string`	`null`	no
eks_version	EKS controlplane version.	`string`	n/a	yes
instance_types	List of instance types associated with the EKS Node Group.	`list(string)`	[ "m6i.large" ]	no
name_prefix	Name prefix used across resources created by this module.	`string`	n/a	yes
private_subnets_cidrs	Classless Inter-Domain Routing ranges for private subnets.	`list(string)`	n/a	yes
public_subnets_cidrs	Classless Inter-Domain Routing ranges for public subnets.	`list(string)`	n/a	yes
vpc_cidr	Amazon Virtual Private Cloud Classless Inter-Domain Routing range.	`string`	n/a	yes

Outputs

Name	Description
eks_arn	EKS cluster ARN.
eks_id	EKS cluster name.
eks_network_config	EKS cluster network configuration.
private_subnet_ids	Private subnet IDs.
public_subnet_ids	Public subnet IDs.
vpc_id	VPC ID.

License

See LICENSE file for full details.

Maintainers

Marcin Cuber

Pre-commit hooks

Install dependencies

pre-commit
terraform-docs required for terraform_docs hooks.
TFLint required for terraform_tflint hook.

Generate terraform-docs

terraform-docs markdown table --output-file README.md --output-mode inject .

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Sponsors

Files

terraform

terraform

README.md

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

License

Maintainers

Pre-commit hooks

Install dependencies

Generate terraform-docs

MacOS

Files

terraform

Directory actions

More options

Directory actions

More options

Latest commit

History

terraform

Folders and files

parent directory

README.md

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

License

Maintainers

Pre-commit hooks

Install dependencies

Generate terraform-docs

MacOS