using s3 provider and team creation

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

deploy/kubernetes/terraform/addons.tf

@@ -4,6 +4,8 @@ data "aws_acm_certificate" "kubeshark_crt" {
   most_recent = true
 }
 
+data "aws_caller_identity" "current" {}
+
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
   version = "~> 1.0" #ensure to update this to the latest/desired version
@@ -47,11 +49,34 @@ module "eks_blueprints_addons" {
     ]
   }
 
+  aws_cloudwatch_metrics = {
+    max_history = 1
+  }
+
   tags = {
     Environment = "dev"
   }
 }
 
+module "admin_team" {
+  source = "aws-ia/eks-blueprints-teams/aws"
+
+  name = "admin-team"
+
+  # Enables elevated, admin privileges for this team
+  enable_admin = true
+  users        = [
+    # "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.role_name}",
+    "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/alongir",
+    "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/Mert",
+    ]
+  cluster_arn  = module.eks.cluster_arn
+
+  tags = {
+    team = "admin"
+  }
+}
+
 resource "helm_release" "kubeshark" {
   name = "kubeshark"
   repository = "https://helm.kubeshark.co"

deploy/kubernetes/terraform/eks.tf

@@ -36,6 +36,8 @@ module "eks" {
     }
   }
 
+  cloudwatch_log_group_retention_in_days = 1
+
   eks_managed_node_groups = {
     managed = {
       iam_role_name              = "${local.name}-managed" # Backwards compat
@@ -91,6 +93,11 @@ module "eks" {
     }
   }
 
+  manage_aws_auth_configmap = true
+  aws_auth_roles = flatten([
+    module.admin_team.aws_auth_configmap_role,
+  ])
+
   tags = local.tags
 }
 

deploy/kubernetes/terraform/outputs.tf

@@ -3,7 +3,12 @@ output "region" {
   value       = var.region
 }
 
-# output "configure_kubectl" {
-#   description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-#   value       = module.eks_blueprints.configure_kubectl
-# }
+output "cluster_name" {
+  description = "Cluster name"
+  value       = local.name
+}
+
+output "configure_kubectl" {
+  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = "aws eks update-kubeconfig --name ${local.name} --kubeconfig <config_file>"
+}

deploy/kubernetes/terraform/provider.tf

@@ -73,6 +73,11 @@ terraform {
   # backend "local" {
   #   path = "relative/path/to/terraform.tfstate"
   # }
+  backend "s3" {
+    bucket = "dko-6"
+    key    = "eks-demo"
+    region = "us-east-1"
+  }
 
   required_version = "~> 1.3"
 }

deploy/kubernetes/terraform/variables.tf

@@ -1,11 +1,11 @@
 variable "env_name" {
-  default = "development"
+  default = "dko-6"
 }
 
 variable "region" {
   description = "AWS region"
   type        = string
-  default     = "us-east-2"
+  default     = "us-east-1"
 }
 
 variable "enable_kubeshark" {
@@ -38,3 +38,9 @@ variable "enable_ingress_nginx" {
   default = false
 }
 
+variable "role_name" {
+  description = "Default role name"
+  type = string
+  default = "AWSReservedSSO_AdministratorAccess_4ad944a45478ee7e"
+}
+