{"id":28480457,"url":"https://github.com/cruxstack/terraform-aws-k3s","last_synced_at":"2026-04-29T16:33:25.275Z","repository":{"id":297017864,"uuid":"995088940","full_name":"cruxstack/terraform-aws-k3s","owner":"cruxstack","description":"Terraform module to provision a self-managed K3s cluster on AWS EC2.","archived":false,"fork":false,"pushed_at":"2025-06-13T15:47:01.000Z","size":50,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-03T19:44:56.613Z","etag":null,"topics":["aws","aws-ec2","aws-ec2-instance","cloudposse","high-availability","infrastructure","k3s","k3s-cluster","kubernetes","kubernetes-cluster","kubernetes-deployment","sweetops","terrafo","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/cruxstack/k3s/aws/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cruxstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-03T00:31:30.000Z","updated_at":"2025-06-13T15:46:57.000Z","dependencies_parsed_at":"2025-06-03T22:33:07.081Z","dependency_job_id":"bfce0927-6ba9-4ba9-a718-92c77f9d5376","html_url":"https://github.com/cruxstack/terraform-aws-k3s","commit_stats":null,"previous_names":["cruxstack/terraform-aws-k3s"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/cruxstack/terraform-aws-k3s","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-k3s","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-k3s/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-k3s/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-k3s/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cruxstack","download_url":"https://codeload.github.com/cruxstack/terraform-aws-k3s/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-k3s/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278457474,"owners_count":25989956,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-ec2","aws-ec2-instance","cloudposse","high-availability","infrastructure","k3s","k3s-cluster","kubernetes","kubernetes-cluster","kubernetes-deployment","sweetops","terrafo","terraform-module"],"created_at":"2025-06-07T19:06:31.274Z","updated_at":"2025-10-05T13:03:10.666Z","avatar_url":"https://github.com/cruxstack.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-k3s\n\n## Overview\n\nThis module provisions a self-managed K3s cluster on AWS EC2, eliminating the\n$300/month EKS control-plane fee and giving you full control over node sizing,\nscaling, and networking. All nodes bootstrap themselves without external\norchestration or SSH access. In just a few lines of Terraform, you get:\n\n- **Automated leader election**\n  Server nodes automatically elect a leader to initialize the control plane.\n- **Kubeconfig in SSM**\n  The leader publishes its kubeconfig to SSM so you can fetch it securely and\n  start using kubectl immediately.\n- **Auto-joining agents**\n  Worker (agent) nodes wait for the control plane to be ready, then join\n  automatically without manual intervention.\n- **Minimal IAM footprint**\n  Nodes receive only the permissions they need—SSM parameter access, EC2\n  describe, self-termination, and CloudWatch Logs.\n- **Built-in CloudWatch logging**\n  Every node installs the CloudWatch Agent to stream EC2 instance logs to a\n  dedicated log group (does not include pod logs). Retention is configurable.\n- **Optional Elastic IP support**\n  If enabled, EIPs are allocated and attached to server nodes via a companion\n  EIP manager module.\n- **Single shared security group**\n  All servers and agents share one security group. Only port 6443 is exposed\n  to your admin CIDRs; intra-cluster traffic is unrestricted.\n\n## Why use this instead of EKS?\n\n- **Avoid fixed control plane cost**\n  EKS control plane alone is $300/month. With this module, you pay only for\n  the EC2 instances you launch.\n- **Simplified, lean setup**\n  A single EC2 instance can stand up a full K3s control plane (embedded etcd).\n  Perfect for dev/staging, small teams, or cost-sensitive workloads.\n- **Hands-on flexibility**\n  You choose instance types, replica counts, spot vs on-demand, tagging, and\n  scaling. Updates and upgrades are fully under your control.\n\n## Basic Usage\n\n```hcl\nmodule \"k3s_cluster\" {\n  source  = \"cruxstack/k3s/aws\"\n  version = \"x.x.x\"\n\n  name                    = \"example\"\n  k3s_admin_allowed_cidrs = [\"x.x.x.x/32\"]\n\n  k3s_server_instances = {\n    count            = 1\n    assign_public_ip = true\n    vpc_subnet_ids   = [\"subnet-0abcd1234efgh5678\"]\n  }\n}\n```\n\nFetch the kubeconfig:\n\n```bash\naws ssm get-parameter \\\n  --name \"/k3s-cluster/server/kubeconfig\" \\\n  --with-decryption \\\n  --region us-east-1 \\\n  --query \"Parameter.Value\" --output text \\\n  \u003e kubeconfig.yaml\n\nexport KUBECONFIG=./kubeconfig.yaml\nkubectl get nodes\n```\n\n## Inputs\n\n| Name                      | Description                                                     | Type                                                                                                                                                                                                                             | Default          |\n| ------------------------- | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |\n| `k3s_server_instances`    | Controls number/type of K3s servers; EIP support; subnets.      | `\u003cpre\u003eobject({\u003cbr\u003e  count: number\u003cbr\u003e  key\\_name: string\u003cbr\u003e  vpc\\_subnet\\_ids: list(string)\u003cbr\u003e  assign\\_public\\_ip: bool\u003cbr\u003e  eip\\_enabled: bool\u003cbr\u003e  types: list(object({type\\:string,weight\\:number}))\u003cbr\u003e})\u003c/pre\u003e           | `{ count=1, … }` |\n| `k3s_agent_instances`     | Controls number/type of K3s agents; spot settings; subnets.     | `\u003cpre\u003eobject({\u003cbr\u003e  count: number\u003cbr\u003e  key\\_name: string\u003cbr\u003e  vpc\\_subnet\\_ids: list(string)\u003cbr\u003e  spot: object({enabled\\:bool,allocation\\_strategy\\:string})\u003cbr\u003e  types: list(object({type\\:string,weight\\:number}))\u003cbr\u003e})\u003c/pre\u003e | `{ count=0, … }` |\n| `k3s_version`             | K3s version (“stable”, “latest”, or literal).                   | `string`                                                                                                                                                                                                                         | `\"stable\"`       |\n| `k3s_admin_allowed_cidrs` | CIDRs allowed to reach API server (port 6443).                  | `list(string)`                                                                                                                                                                                                                   | `[]`             |\n| `ssm_param_namespace`     | Base path for cluster SSM parameters (init-status, kubeconfig). | `string`                                                                                                                                                                                                                         | `\"/k3s-cluster\"` |\n| `ssm_sessions`            | Enable SSM Session Manager logging and specify S3 bucket.       | `object({enabled:bool,logs_bucket_name:string})`                                                                                                                                                                                 | `{}`             |\n| `logs_group_retention`    | Days to retain CloudWatch logs.                                 | `number`                                                                                                                                                                                                                         | `90`             |\n| `vpc_security_group_ids`  | Extra security group IDs to attach to each node.                | `list(string)`                                                                                                                                                                                                                   | `[]`             |\n\n*All standard `cloudposse/label/null` inputs are also accepted.*\n\n\n## Outputs\n\n| Name                          | Description                                                                       |\n| ----------------------------- | --------------------------------------------------------------------------------- |\n| `k3s_kubeconfg_ssm_parameter` | SSM path where kubeconfig is published (e.g. `\"/k3s-cluster/server/kubeconfig\"`). |\n| `security_group_id`           | ID of the security group used by all K3s instances.                               |\n| `security_group_name`         | Name of that security group.                                                      |\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fterraform-aws-k3s","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcruxstack%2Fterraform-aws-k3s","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fterraform-aws-k3s/lists"}