{"id":13677239,"url":"https://github.com/WesleyCharlesBlake/terraform-aws-eks","last_synced_at":"2025-04-29T10:32:22.369Z","repository":{"id":40685787,"uuid":"137328738","full_name":"WesleyCharlesBlake/terraform-aws-eks","owner":"WesleyCharlesBlake","description":"Deploy a full EKS cluster with Terraform","archived":false,"fork":false,"pushed_at":"2022-12-30T18:21:41.000Z","size":19561,"stargazers_count":194,"open_issues_count":8,"forks_count":179,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-11-11T19:40:04.124Z","etag":null,"topics":["amazon-web-services","devops","eks","kubernetes","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WesleyCharlesBlake.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-06-14T08:24:33.000Z","updated_at":"2024-11-02T07:48:54.000Z","dependencies_parsed_at":"2023-01-31T12:55:12.514Z","dependency_job_id":null,"html_url":"https://github.com/WesleyCharlesBlake/terraform-aws-eks","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WesleyCharlesBlake%2Fterraform-aws-eks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WesleyCharlesBlake%2Fterraform-aws-eks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WesleyCharlesBlake%2Fterraform-aws-eks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WesleyCharlesBlake%2Fterraform-aws-eks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WesleyCharlesBlake","download_url":"https://codeload.github.com/WesleyCharlesBlake/terraform-aws-eks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251484076,"owners_count":21596655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amazon-web-services","devops","eks","kubernetes","terraform"],"created_at":"2024-08-02T13:00:39.277Z","updated_at":"2025-04-29T10:32:17.346Z","avatar_url":"https://github.com/WesleyCharlesBlake.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"# terraform-aws-eks\n\n[![CircleCI](https://circleci.com/gh/WesleyCharlesBlake/terraform-aws-eks.svg?style=svg)](https://circleci.com/gh/WesleyCharlesBlake/terraform-aws-eks)\n[![TerraformRefigistry](https://img.shields.io/badge/Terraform%20Registry-version_3-blue.svg)](https://registry.terraform.io/modules/WesleyCharlesBlake/eks/aws/)\n\n\nDeploy a full AWS EKS cluster with Terraform\n\n## What resources are created\n\n1. VPC\n2. Internet Gateway (IGW)\n3. Public and Private Subnets\n4. Security Groups, Route Tables and Route Table Associations\n5. IAM roles, instance profiles and policies\n6. An EKS Cluster\n7. EKS Managed Node group\n8. Autoscaling group and Launch Configuration\n9. Worker Nodes in a private Subnet\n10. bastion host for ssh access to the VPC\n11. The ConfigMap required to register Nodes with EKS\n12. KUBECONFIG file to authenticate kubectl using the `aws eks get-token` command. needs awscli version `1.16.156 \u003e`\n\n## Configuration\n\nYou can configure you config with the following input variables:\n\n| Name | Description | Default |\n| ------------------------- | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `cluster-name` | The name of your EKS Cluster | `eks-cluster` |\n| `aws-region` | The AWS Region to deploy EKS | `us-east-1` |\n| `availability-zones` | AWS Availability Zones | `[\"us-east-1a\", \"us-east-1b\", \"us-east-1c\"]` |\n| `k8s-version` | The desired K8s version to launch | `1.13` |\n| `node-instance-type` | Worker Node EC2 instance type | `m4.large` |\n| `root-block-size` | Size of the root EBS block device | `20` |\n| `desired-capacity` | Autoscaling Desired node capacity | `2` |\n| `max-size` | Autoscaling Maximum node capacity | `5` |\n| `min-size` | Autoscaling Minimum node capacity | `1` | |\n| `vpc-subnet-cidr` | Subnet CIDR | `10.0.0.0/16` |\n| `private-subnet-cidr` | Private Subnet CIDR | `[\"10.0.0.0/19\", \"10.0.32.0/19\", \"10.0.64.0/19\"]` |\n| `public-subnet-cidr` | Public Subnet CIDR | `[\"10.0.128.0/20\", \"10.0.144.0/20\", \"10.0.160.0/20\"]` |\n| `db-subnet-cidr` | DB/Spare Subnet CIDR | `[\"10.0.192.0/21\", \"10.0.200.0/21\", \"10.0.208.0/21\"]` |\n| `eks-cw-logging` | EKS Logging Components | `[\"api\", \"audit\", \"authenticator\", \"controllerManager\", \"scheduler\"]` |\n| `ec2-key-public-key` | EC2 Key Pair for bastion and nodes | `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com` |\n\n\u003e You can create a file called terraform.tfvars or copy [variables.tf](https://github.com/WesleyCharlesBlake/terraform-aws-eks/blob/master/variables.tf) into the project root, if you would like to over-ride the defaults.\n\n## How to use this example\n\n\u003e **NOTE on versions**\n\u003e The versions of this module are compatible with the following Terraform releases. Please use the correct version for your use case:\n\u003e - `version = 3.0.0 \u003e` with terraform `0.13.x \u003e` \n\u003e - `version = 2.0.0 ` with terraform `\u003c 0.12.x` \n\u003e - `version = 1.0.4 ` with terraform `\u003c 0.11.x`\n\nHave a look at the [examples](examples) for complete references\nYou can use this module from the Terraform registry as a remote source:\n\n```terraform\nmodule \"eks\" {\n source = \"WesleyCharlesBlake/eks/aws\"\n\n aws-region = \"us-east-1\"\n availability-zones = [\"us-east-1a\", \"us-east-1b\", \"us-east-1c\"]\n cluster-name = \"my-cluster\"\n k8s-version = \"1.17\"\n node-instance-type = \"t3.medium\"\n root-block-size = \"40\"\n desired-capacity = \"3\"\n max-size = \"5\"\n min-size = \"1\"\n vpc-subnet-cidr = \"10.0.0.0/16\"\n private-subnet-cidr = [\"10.0.0.0/19\", \"10.0.32.0/19\", \"10.0.64.0/19\"]\n public-subnet-cidr = [\"10.0.128.0/20\", \"10.0.144.0/20\", \"10.0.160.0/20\"]\n db-subnet-cidr = [\"10.0.192.0/21\", \"10.0.200.0/21\", \"10.0.208.0/21\"]\n eks-cw-logging = [\"api\", \"audit\", \"authenticator\", \"controllerManager\", \"scheduler\"]\n ec2-key-public-key = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com\"\n}\n\noutput \"kubeconfig\" {\n value = module.eks.kubeconfig\n}\n\noutput \"config-map\" {\n value = module.eks.config-map-aws-auth\n}\n\n```\n\n**Or** by using variables.tf or a tfvars file:\n\n```terraform\nmodule \"eks\" {\n source = \"WesleyCharlesBlake/eks/aws\"\n\n aws-region = var.aws-region\n availability-zones = var.availability-zones\n cluster-name = var.cluster-name\n k8s-version = var.k8s-version\n node-instance-type = var.node-instance-type\n root-block-size = var.root-block-size\n desired-capacity = var.desired-capacity\n max-size = var.max-size\n min-size = var.min-size\n vpc-subnet-cidr = var.vpc-subnet-cidr\n private-subnet-cidr = var.private-subnet-cidr\n public-subnet-cidr = var.public-subnet-cidr\n db-subnet-cidr = var.db-subnet-cidr\n eks-cw-logging = var.eks-cw-logging\n ec2-key-public-key = var.ec2-key\n}\n```\n\n### IAM\n\nThe AWS credentials must be associated with a user having at least the following AWS managed IAM policies\n\n* IAMFullAccess\n* AutoScalingFullAccess\n* AmazonEKSClusterPolicy\n* AmazonEKSWorkerNodePolicy\n* AmazonVPCFullAccess\n* AmazonEKSServicePolicy\n* AmazonEKS_CNI_Policy\n* AmazonEC2FullAccess\n\nIn addition, you will need to create the following managed policies\n\n*EKS*\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"eks:*\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Terraform\n\nYou need to run the following commands to create the resources with Terraform:\n\n```bash\nterraform init\nterraform plan\nterraform apply\n```\n\n\u003e TIP: you should save the plan state `terraform plan -out eks-state` or even better yet, setup [remote storage](https://www.terraform.io/docs/state/remote.html) for Terraform state. You can store state in an [S3 backend](https://www.terraform.io/docs/backends/types/s3.html), with locking via DynamoDB\n\n### Setup kubectl\n\nSetup your `KUBECONFIG`\n\n```bash\nterraform output kubeconfig \u003e ~/.kube/eks-cluster\nexport KUBECONFIG=~/.kube/eks-cluster\n```\n\n### Authorize users to access the cluster\n\nInitially, only the system that deployed the cluster will be able to access the cluster. To authorize other users for accessing the cluster, `aws-auth` config needs to be modified by using the steps given below:\n\n* Open the aws-auth file in the edit mode on the machine that has been used to deploy EKS cluster:\n\n```bash\nsudo kubectl edit -n kube-system configmap/aws-auth\n```\n\n* Add the following configuration in that file by changing the placeholders:\n\n\n```yaml\n\nmapUsers: |\n - userarn: arn:aws:iam::111122223333:user/\u003cusername\u003e\n username: \u003cusername\u003e\n groups:\n - system:masters\n```\n\nSo, the final configuration would look like this:\n\n```yaml\napiVersion: v1\ndata:\n mapRoles: |\n - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6\n username: system:node:{{EC2PrivateDNSName}}\n groups:\n - system:bootstrappers\n - system:nodes\n mapUsers: |\n - userarn: arn:aws:iam::111122223333:user/\u003cusername\u003e\n username: \u003cusername\u003e\n groups:\n - system:masters\n```\n\n* Once the user map is added in the configuration we need to create cluster role binding for that user:\n\n```bash\nkubectl create clusterrolebinding ops-user-cluster-admin-binding-\u003cusername\u003e --clusterrole=cluster-admin --user=\u003cusername\u003e\n```\n\nReplace the placeholder with proper values\n\n### Cleaning up\n\nYou can destroy this cluster entirely by running:\n\n```bash\nterraform plan -destroy\nterraform destroy --force\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FWesleyCharlesBlake%2Fterraform-aws-eks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FWesleyCharlesBlake%2Fterraform-aws-eks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FWesleyCharlesBlake%2Fterraform-aws-eks/lists"}