{"id":15698723,"url":"https://github.com/ishuar/terraform-aws-eks","last_synced_at":"2025-05-09T02:01:12.515Z","repository":{"id":65227819,"uuid":"581609375","full_name":"ishuar/terraform-aws-eks","owner":"ishuar","description":"This repository contains terraform module to deploy AWS Elastic Kubernetes Service with real world examples.","archived":false,"fork":false,"pushed_at":"2023-11-05T23:41:08.000Z","size":119,"stargazers_count":6,"open_issues_count":2,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-31T21:19:56.593Z","etag":null,"topics":["aws","aws-eks","eks","eks-cluster","iaac","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ishuar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-23T17:50:23.000Z","updated_at":"2024-10-06T20:35:49.000Z","dependencies_parsed_at":"2023-01-15T17:15:19.273Z","dependency_job_id":"a14acedd-4d68-44d7-af35-bab763cb6d6c","html_url":"https://github.com/ishuar/terraform-aws-eks","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ishuar%2Fterraform-aws-eks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ishuar%2Fterraform-aws-eks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ishuar%2Fterraform-aws-eks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ishuar%2Fterraform-aws-eks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ishuar","download_url":"https://codeload.github.com/ishuar/terraform-aws-eks/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253176434,"owners_count":21866142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-eks","eks","eks-cluster","iaac","terraform","terraform-module"],"created_at":"2024-10-03T19:32:52.832Z","updated_at":"2025-05-09T02:01:12.185Z","avatar_url":"https://github.com/ishuar.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nWelcome to the Terraform EKS Module!\n\nTerraform module which creates AWS EKS (Kubernetes) resources. This module makes it easy to create and manage an EKS cluster on AWS, with an example terraform configuration for all necessary resources such as VPC, subnets,etc. This module in the current state only focus on [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) concept of worker nodes. The example directory shows how to use the module in a real-world scenario. This module is versioned following semantic versioning. I would love to hear your feedback and see how you're using the module. Please feel free to open an issue on this repository if you have any questions or suggestions.\n\n\u003e :star: This module is motivated from [terraform-aws-eks](https://github.com/terraform-aws-modules/terraform-aws-eks) :star:\n\n## Background Knowledge or External Documentation\n\n- [AWS EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html)\n- [Kubernetes Documentation](https://kubernetes.io/docs/home/)\n\n## Available Features\n\n- AWS EKS Cluster Addons\n- AWS EKS Identity Provider Configuration\n- Support for Eks Node groups with Launch Templates\n- Global KMS Key Creation for cluster secrets and Node groups EBS volumes.\n- VPC Endpoints Creation in case of Private clusters.\n\n## Usage\n\n```hcl\nmodule \"eks\" {\n  source  = \"ishuar/eks/aws\"\n  version = \"~\u003e 1.0\"\n\n  name                                  = \"my-cluster\"\n  cluster_version                       = \"1.24\"\n  create_eks_cluster                    = true\n  create_cluster_iam_role               = true\n  attach_cluster_encryption_policy      = true\n  create_cloudwatch_log_group           = true\n  cluster_iam_role_name                 = \"my-cluster-role\"\n  subnet_ids                            = [\"subnet-abcde012\", \"subnet-bcde012a\"]\n  vpc_id                                = \"vpc-1234556abcdef\"\n  cluster_additional_security_group_ids = [\"sg-123456abcdefg\"]\n\n  ## Create Global KMS key for node and EKS cluster encryption.\n  create_encryption_kms_key = true\n\n  ## Encryption Config to encrpt secrets for Cluster using Global KMS key created within the module.\n  cluster_encryption_config = [\n    {\n      resources = [\"secrets\"]\n    }\n  ]\n\n  # Node groups Config.\n  create_node_group          = true\n  create_node_group_iam_role = true\n  use_launch_template        = true\n  node_group_iam_role_name   = \"my-nodegroup-role\"\n  ebs_optimized              = true\n  enable_monitoring          = false\n\n  block_device_mappings = {\n    xvda = {\n      device_name = \"/dev/xvda\"\n      ebs = {\n        encrypted             = true\n        delete_on_termination = true\n        volume_size           = 80\n        volume_type           = \"gp3\"\n      }\n    }\n  }\n  node_groups = {\n    node_group_001 = {\n      min_size       = 0\n      max_size       = 2\n      desired_size   = 1\n      ami_type       = \"AL2_x86_64\"\n      instance_types = [\"t3.medium\"]\n    }\n  }\n\n  tags = {\n    Environment = \"dev\"\n    Terraform   = \"true\"\n  }\n}\n```\n\n## Examples\n\n- [Complete Private Cluster](https://github.com/ishuar/terraform-eks/tree/main/examples/private_cluster) Cluster using private endpoint with private node groups , only accessible via private ec2 instance managed with SSM.\n- [AWS ALB Controller and External DNS with EKS](https://github.com/ishuar/terraform-eks/tree/main/examples/cluster_with_alb) Real world example for How to deploy AWS ALB controller and External DNS add ons in EKS with documentation.\n- [AWS EKS Cluster Autoscaler as Helm Add-on](https://github.com/ishuar/terraform-aws-eks/tree/main/examples/cluster-autoscaler-helm-add-on) demonstrate How to deploy AWS EKS cluster Autoscaler as helm addon using  [ishuar/terraform-aws-eks](https://github.com/ishuar/terraform-aws-eks) `helm-add-on` and `irsa` submodules.\n\n## Submodules\n\n- [`helm-add-on`](https://github.com/ishuar/terraform-aws-eks/tree/main/modules/helm-add-on)\n- [`irsa`](https://github.com/ishuar/terraform-aws-eks/tree/main/modules/irsa)\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4.0 |\n| \u003ca name=\"requirement_tls\"\u003e\u003c/a\u003e [tls](#requirement\\_tls) | ~\u003e 4.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 4.0 |\n| \u003ca name=\"provider_tls\"\u003e\u003c/a\u003e [tls](#provider\\_tls) | ~\u003e 4.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_eks_addon.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource |\n| [aws_eks_node_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource |\n| [aws_iam_openid_connect_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |\n| [aws_iam_policy.cluster_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.node_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.cluster_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.node_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_service_linked_role.autoscaling](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_linked_role) | resource |\n| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |\n| [aws_kms_grant.autoscaling_role_for_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_grant) | resource |\n| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_launch_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |\n| [aws_vpc_endpoint.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.ecr_api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.ecr_dkr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.elasticloadbalancing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |\n| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.autoscaling](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.node_group_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_role.autoscaling](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n| [tls_certificate.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_create_encryption_kms_key\"\u003e\u003c/a\u003e [create\\_encryption\\_kms\\_key](#input\\_create\\_encryption\\_kms\\_key) | (Required) Whether to create the encryption key or not ? | `bool` | n/a | yes |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | (Required) Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores. | `string` | n/a | yes |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | (Required) List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane. | `list(string)` | n/a | yes |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | (Required) VPC ID where any of the required endpoints would be created( vpc id where EKS is deployed). Required if any of the required endpoints are missing | `string` | n/a | yes |\n| \u003ca name=\"input_ami_id\"\u003e\u003c/a\u003e [ami\\_id](#input\\_ami\\_id) | (optional) The AMI from which to launch the instance. If not supplied, EKS will use its own default image | `string` | `\"\"` | no |\n| \u003ca name=\"input_attach_cluster_encryption_policy\"\u003e\u003c/a\u003e [attach\\_cluster\\_encryption\\_policy](#input\\_attach\\_cluster\\_encryption\\_policy) | (Optional) Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | `bool` | `true` | no |\n| \u003ca name=\"input_block_device_mappings\"\u003e\u003c/a\u003e [block\\_device\\_mappings](#input\\_block\\_device\\_mappings) | (optional) Specify volumes to attach to the instance besides the volumes specified by the AMI | `any` | `{}` | no |\n| \u003ca name=\"input_capacity_reservation_specification\"\u003e\u003c/a\u003e [capacity\\_reservation\\_specification](#input\\_capacity\\_reservation\\_specification) | Targeting for EC2 capacity reservations | `any` | `{}` | no |\n| \u003ca name=\"input_cloudwatch_log_group_kms_key_id\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_kms\\_key\\_id](#input\\_cloudwatch\\_log\\_group\\_kms\\_key\\_id) | (Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `30` | no |\n| \u003ca name=\"input_cluster_additional_security_group_ids\"\u003e\u003c/a\u003e [cluster\\_additional\\_security\\_group\\_ids](#input\\_cluster\\_additional\\_security\\_group\\_ids) | (optional) Additional Security Group IDs attached with EKS cluster. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cluster_addons\"\u003e\u003c/a\u003e [cluster\\_addons](#input\\_cluster\\_addons) | (optional) Cluster AddOn Config | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_encryption_config\"\u003e\u003c/a\u003e [cluster\\_encryption\\_config](#input\\_cluster\\_encryption\\_config) | (Optional) Configuration block with encryption configuration for the cluster | `list(any)` | `[]` | no |\n| \u003ca name=\"input_cluster_encryption_policy_description\"\u003e\u003c/a\u003e [cluster\\_encryption\\_policy\\_description](#input\\_cluster\\_encryption\\_policy\\_description) | (Optional) Description of the cluster encryption policy created | `string` | `\"Cluster encryption policy to allow cluster role to utilize CMK provided\"` | no |\n| \u003ca name=\"input_cluster_encryption_policy_name\"\u003e\u003c/a\u003e [cluster\\_encryption\\_policy\\_name](#input\\_cluster\\_encryption\\_policy\\_name) | (Optional) Name to use on cluster encryption policy created | `string` | `null` | no |\n| \u003ca name=\"input_cluster_encryption_policy_path\"\u003e\u003c/a\u003e [cluster\\_encryption\\_policy\\_path](#input\\_cluster\\_encryption\\_policy\\_path) | (Optional) Cluster encryption policy path | `string` | `null` | no |\n| \u003ca name=\"input_cluster_encryption_policy_tags\"\u003e\u003c/a\u003e [cluster\\_encryption\\_policy\\_tags](#input\\_cluster\\_encryption\\_policy\\_tags) | (Optional) A map of additional tags to add to the cluster encryption policy created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_force_detach_policies\"\u003e\u003c/a\u003e [cluster\\_force\\_detach\\_policies](#input\\_cluster\\_force\\_detach\\_policies) | (Optional) Whether to force detaching any policies the role has before destroying it. | `bool` | `true` | no |\n| \u003ca name=\"input_cluster_iam_role_additional_policies\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_additional\\_policies](#input\\_cluster\\_iam\\_role\\_additional\\_policies) | (optional) List of additional policies arns attached to EKS cluster iam role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cluster_iam_role_description\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_description](#input\\_cluster\\_iam\\_role\\_description) | (Optional) Description of the EKS cluster role. | `string` | `\"IAM role for EKS cluster role with required and optional additional iam policies\"` | no |\n| \u003ca name=\"input_cluster_iam_role_name\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_name](#input\\_cluster\\_iam\\_role\\_name) | (Optional, Forces new resource) Friendly name of the role for EKS cluster. If omitted, fallback to interpolated name of cluster name and cluster suffix. | `string` | `null` | no |\n| \u003ca name=\"input_cluster_iam_role_path\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_path](#input\\_cluster\\_iam\\_role\\_path) | (Optional) Path to the EKS cluster role | `string` | `null` | no |\n| \u003ca name=\"input_cluster_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_permissions\\_boundary](#input\\_cluster\\_iam\\_role\\_permissions\\_boundary) | (Optional) ARN of the policy that is used to set the permissions boundary for the EKS cluster role | `string` | `null` | no |\n| \u003ca name=\"input_cluster_iam_role_tags\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_tags](#input\\_cluster\\_iam\\_role\\_tags) | (optional) Tags attached to iam resources for EKS cluster. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_tags\"\u003e\u003c/a\u003e [cluster\\_tags](#input\\_cluster\\_tags) | (optional) Key-value map of cluster tags | `map(string)` | `null` | no |\n| \u003ca name=\"input_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#input\\_cluster\\_version) | (Optional) Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS | `string` | `null` | no |\n| \u003ca name=\"input_cpu_options\"\u003e\u003c/a\u003e [cpu\\_options](#input\\_cpu\\_options) | The CPU options for the instance | `map(string)` | `{}` | no |\n| \u003ca name=\"input_create_autoscaling_service_role\"\u003e\u003c/a\u003e [create\\_autoscaling\\_service\\_role](#input\\_create\\_autoscaling\\_service\\_role) | (optional) Whehter the service link role for autoscaling service exists or not ? | `bool` | `false` | no |\n| \u003ca name=\"input_create_cloudwatch_log_group\"\u003e\u003c/a\u003e [create\\_cloudwatch\\_log\\_group](#input\\_create\\_cloudwatch\\_log\\_group) | (optional) Whether or not to create the cloudwatch log group for EKS cluster? | `bool` | `true` | no |\n| \u003ca name=\"input_create_cluster_iam_role\"\u003e\u003c/a\u003e [create\\_cluster\\_iam\\_role](#input\\_create\\_cluster\\_iam\\_role) | Determines whether a an IAM role is created or to use an existing IAM role for EKS cluster | `bool` | `true` | no |\n| \u003ca name=\"input_create_eks_cluster\"\u003e\u003c/a\u003e [create\\_eks\\_cluster](#input\\_create\\_eks\\_cluster) | (optional) Whether or not to create a new EKS cluster or to use the existing one | `bool` | `true` | no |\n| \u003ca name=\"input_create_launch_template\"\u003e\u003c/a\u003e [create\\_launch\\_template](#input\\_create\\_launch\\_template) | Determines whether to create a launch template or not. If set to `false`, EKS will use its own default launch template | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_group\"\u003e\u003c/a\u003e [create\\_node\\_group](#input\\_create\\_node\\_group) | (optional) Whether or not to create additional node group within the module | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_group_iam_role\"\u003e\u003c/a\u003e [create\\_node\\_group\\_iam\\_role](#input\\_create\\_node\\_group\\_iam\\_role) | (optional) Whether or not to create iam role for node group | `bool` | `true` | no |\n| \u003ca name=\"input_credit_specification\"\u003e\u003c/a\u003e [credit\\_specification](#input\\_credit\\_specification) | Customize the credit specification of the instance | `map(string)` | `{}` | no |\n| \u003ca name=\"input_customer_master_key_spec\"\u003e\u003c/a\u003e [customer\\_master\\_key\\_spec](#input\\_customer\\_master\\_key\\_spec) | (Optional) Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\\_DEFAULT, RSA\\_2048, RSA\\_3072, RSA\\_4096, ECC\\_NIST\\_P256, ECC\\_NIST\\_P384, ECC\\_NIST\\_P521, or ECC\\_SECG\\_P256K1. Defaults to SYMMETRIC\\_DEFAULT | `string` | `\"SYMMETRIC_DEFAULT\"` | no |\n| \u003ca name=\"input_deletion_window_in_days\"\u003e\u003c/a\u003e [deletion\\_window\\_in\\_days](#input\\_deletion\\_window\\_in\\_days) | (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. | `number` | `30` | no |\n| \u003ca name=\"input_disable_api_termination\"\u003e\u003c/a\u003e [disable\\_api\\_termination](#input\\_disable\\_api\\_termination) | (optional) If true, enables EC2 instance termination protection | `bool` | `null` | no |\n| \u003ca name=\"input_ebs_optimized\"\u003e\u003c/a\u003e [ebs\\_optimized](#input\\_ebs\\_optimized) | (optional) If true, the launched EC2 instance(s) will be EBS-optimized | `bool` | `null` | no |\n| \u003ca name=\"input_elastic_gpu_specifications\"\u003e\u003c/a\u003e [elastic\\_gpu\\_specifications](#input\\_elastic\\_gpu\\_specifications) | (optional) The elastic GPU to attach to the instance | `any` | `{}` | no |\n| \u003ca name=\"input_elastic_inference_accelerator\"\u003e\u003c/a\u003e [elastic\\_inference\\_accelerator](#input\\_elastic\\_inference\\_accelerator) | (optional) Configuration block containing an Elastic Inference Accelerator to attach to the instance | `map(string)` | `{}` | no |\n| \u003ca name=\"input_enable_ec2_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_ec2\\_vpc\\_endpoint](#input\\_enable\\_ec2\\_vpc\\_endpoint) | (optional) Whether to enable ec2 vpc endpoint or not? Required if cluster is private and there is no existing ec2 vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_ecr_api_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_ecr\\_api\\_vpc\\_endpoint](#input\\_enable\\_ecr\\_api\\_vpc\\_endpoint) | (optional) Whether to enable 'ecr.api' vpc endpoint or not? Required if cluster is private and there is no existing 'ecr.api' vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_ecr_dkr_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_ecr\\_dkr\\_vpc\\_endpoint](#input\\_enable\\_ecr\\_dkr\\_vpc\\_endpoint) | (optional) Whether to enable 'ecr.dkr' vpc endpoint or not? Required if cluster is private and there is no existing 'ecr.dkr' vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_elasticloadbalancing_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_elasticloadbalancing\\_vpc\\_endpoint](#input\\_enable\\_elasticloadbalancing\\_vpc\\_endpoint) | (optional) Whether to enable elasticloadbalancing vpc endpoint or not? Required if cluster is private and there is no existing elasticloadbalancing vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_logs_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_logs\\_vpc\\_endpoint](#input\\_enable\\_logs\\_vpc\\_endpoint) | (optional) Whether to enable logs vpc endpoint or not? Required if cluster is private and there is no existing logs vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_monitoring\"\u003e\u003c/a\u003e [enable\\_monitoring](#input\\_enable\\_monitoring) | (optional) Enables/disables detailed monitoring | `bool` | `false` | no |\n| \u003ca name=\"input_enable_s3_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_s3\\_vpc\\_endpoint](#input\\_enable\\_s3\\_vpc\\_endpoint) | (optional) Whether to enable s3 vpc endpoint or not? Required if cluster is private and there is no existing s3 vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_sts_vpc_endpoint\"\u003e\u003c/a\u003e [enable\\_sts\\_vpc\\_endpoint](#input\\_enable\\_sts\\_vpc\\_endpoint) | (optional) Whether to enable sts vpc endpoint or not? Required if cluster is private and there is no existing sts vpc endpoint in the respective VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_enabled_cluster_log_types\"\u003e\u003c/a\u003e [enabled\\_cluster\\_log\\_types](#input\\_enabled\\_cluster\\_log\\_types) | (Optional) List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging | `list(string)` | `null` | no |\n| \u003ca name=\"input_enclave_options\"\u003e\u003c/a\u003e [enclave\\_options](#input\\_enclave\\_options) | (optional) Enable Nitro Enclaves on launched instances | `map(string)` | `{}` | no |\n| \u003ca name=\"input_endpoint_private_access\"\u003e\u003c/a\u003e [endpoint\\_private\\_access](#input\\_endpoint\\_private\\_access) | (Optional) Whether the Amazon EKS private API server endpoint is enabled. Default is false. | `bool` | `null` | no |\n| \u003ca name=\"input_endpoint_private_dns_enabled\"\u003e\u003c/a\u003e [endpoint\\_private\\_dns\\_enabled](#input\\_endpoint\\_private\\_dns\\_enabled) | (Optional) AWS services and AWS Marketplace partner services only) Whether or not to associate a private hosted zone with the specified VPC. | `bool` | `false` | no |\n| \u003ca name=\"input_endpoint_public_access\"\u003e\u003c/a\u003e [endpoint\\_public\\_access](#input\\_endpoint\\_public\\_access) | (Optional) Whether the Amazon EKS public API server endpoint is enabled. Default is true. | `bool` | `null` | no |\n| \u003ca name=\"input_endpoint_route_table_ids\"\u003e\u003c/a\u003e [endpoint\\_route\\_table\\_ids](#input\\_endpoint\\_route\\_table\\_ids) | (optional) Route table IDs for the S3 Gateway vpc endpoint. Required if cluster is private and s3 gateway endpoint is missing | `list(string)` | `[]` | no |\n| \u003ca name=\"input_endpoint_security_group_ids\"\u003e\u003c/a\u003e [endpoint\\_security\\_group\\_ids](#input\\_endpoint\\_security\\_group\\_ids) | (optional) List of security group ids for interface type vpc endpoint. Required if cluster is private and if any of the required endpoints are missing. Security groups should allow atleast 443 traffic within the subnets where EKS cluster is deployed | `list(string)` | `[]` | no |\n| \u003ca name=\"input_instance_market_options\"\u003e\u003c/a\u003e [instance\\_market\\_options](#input\\_instance\\_market\\_options) | (optional) The market (purchasing) option for the instance | `any` | `{}` | no |\n| \u003ca name=\"input_ip_family\"\u003e\u003c/a\u003e [ip\\_family](#input\\_ip\\_family) | (Optional) The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | `string` | `null` | no |\n| \u003ca name=\"input_kernel_id\"\u003e\u003c/a\u003e [kernel\\_id](#input\\_kernel\\_id) | The kernel ID | `string` | `null` | no |\n| \u003ca name=\"input_key_name\"\u003e\u003c/a\u003e [key\\_name](#input\\_key\\_name) | (optional) The key name that should be used for the instance(s) | `string` | `null` | no |\n| \u003ca name=\"input_key_usage\"\u003e\u003c/a\u003e [key\\_usage](#input\\_key\\_usage) | (Optional) Specifies the intended use of the key. Valid values: ENCRYPT\\_DECRYPT or SIGN\\_VERIFY. Defaults to ENCRYPT\\_DECRYPT. | `string` | `\"ENCRYPT_DECRYPT\"` | no |\n| \u003ca name=\"input_launch_template_default_version\"\u003e\u003c/a\u003e [launch\\_template\\_default\\_version](#input\\_launch\\_template\\_default\\_version) | (optional) Default version of the launch template | `string` | `null` | no |\n| \u003ca name=\"input_launch_template_name\"\u003e\u003c/a\u003e [launch\\_template\\_name](#input\\_launch\\_template\\_name) | (optional) Name of launch template to be created | `string` | `null` | no |\n| \u003ca name=\"input_launch_template_tags\"\u003e\u003c/a\u003e [launch\\_template\\_tags](#input\\_launch\\_template\\_tags) | (optional) A map of additional tags to add to the tag\\_specifications of launch template created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_license_specifications\"\u003e\u003c/a\u003e [license\\_specifications](#input\\_license\\_specifications) | (optional) A map of license specifications to associate with | `any` | `{}` | no |\n| \u003ca name=\"input_maintenance_options\"\u003e\u003c/a\u003e [maintenance\\_options](#input\\_maintenance\\_options) | (optional) The maintenance options for the instance | `any` | `{}` | no |\n| \u003ca name=\"input_metadata_options\"\u003e\u003c/a\u003e [metadata\\_options](#input\\_metadata\\_options) | Customize the metadata options for the instance | `map(string)` | \u003cpre\u003e{\u003cbr\u003e  \"http_endpoint\": \"enabled\",\u003cbr\u003e  \"http_put_response_hop_limit\": 2,\u003cbr\u003e  \"http_tokens\": \"required\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_network_interfaces\"\u003e\u003c/a\u003e [network\\_interfaces](#input\\_network\\_interfaces) | (optional) Customize network interfaces to be attached at instance boot time | `list(any)` | `[]` | no |\n| \u003ca name=\"input_node_group_force_detach_policies\"\u003e\u003c/a\u003e [node\\_group\\_force\\_detach\\_policies](#input\\_node\\_group\\_force\\_detach\\_policies) | (Optional) Whether to force detaching any policies the role has before destroying it. | `bool` | `true` | no |\n| \u003ca name=\"input_node_group_iam_role_additional_policies\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_additional\\_policies](#input\\_node\\_group\\_iam\\_role\\_additional\\_policies) | (optional) Additional policies to be added to the IAM role for Node Group | `list(string)` | `[]` | no |\n| \u003ca name=\"input_node_group_iam_role_attach_cni_policy\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_attach\\_cni\\_policy](#input\\_node\\_group\\_iam\\_role\\_attach\\_cni\\_policy) | (optional) Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster | `bool` | `true` | no |\n| \u003ca name=\"input_node_group_iam_role_description\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_description](#input\\_node\\_group\\_iam\\_role\\_description) | (Optional) Description of the role. | `string` | `\"IAM role with required and optional additional iam policies for node group role\"` | no |\n| \u003ca name=\"input_node_group_iam_role_name\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_name](#input\\_node\\_group\\_iam\\_role\\_name) | (Optional, Forces new resource) Friendly name of the role for EKS node group. If omitted, fallback to interpolated name of cluster name and node group suffix. | `string` | `null` | no |\n| \u003ca name=\"input_node_group_iam_role_path\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_path](#input\\_node\\_group\\_iam\\_role\\_path) | (optional) Optional) Path to the node group role | `string` | `null` | no |\n| \u003ca name=\"input_node_group_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_permissions\\_boundary](#input\\_node\\_group\\_iam\\_role\\_permissions\\_boundary) | (optional) (Optional) ARN of the policy that is used to set the permissions boundary for the node group role | `string` | `null` | no |\n| \u003ca name=\"input_node_group_iam_role_tags\"\u003e\u003c/a\u003e [node\\_group\\_iam\\_role\\_tags](#input\\_node\\_group\\_iam\\_role\\_tags) | (optional) Tags attached to iam resources for Node Group | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_group_timeouts\"\u003e\u003c/a\u003e [node\\_group\\_timeouts](#input\\_node\\_group\\_timeouts) | (optional) Timeout config for EKS node groups | `map(string)` | \u003cpre\u003e{\u003cbr\u003e  \"create\": \"15m\",\u003cbr\u003e  \"delete\": \"45m\",\u003cbr\u003e  \"update\": \"15m\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_node_groups\"\u003e\u003c/a\u003e [node\\_groups](#input\\_node\\_groups) | (optional) Additional node groups configuration | `any` | `{}` | no |\n| \u003ca name=\"input_placement\"\u003e\u003c/a\u003e [placement](#input\\_placement) | (optional) The placement of the instance | `map(string)` | `{}` | no |\n| \u003ca name=\"input_private_dns_name_options\"\u003e\u003c/a\u003e [private\\_dns\\_name\\_options](#input\\_private\\_dns\\_name\\_options) | (optional) The options for the instance hostname. The default values are inherited from the subnet | `map(string)` | `{}` | no |\n| \u003ca name=\"input_public_access_cidrs\"\u003e\u003c/a\u003e [public\\_access\\_cidrs](#input\\_public\\_access\\_cidrs) | (Optional) List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. Terraform will only perform drift detection of its value when present in a configuration. | `list(string)` | `null` | no |\n| \u003ca name=\"input_ram_disk_id\"\u003e\u003c/a\u003e [ram\\_disk\\_id](#input\\_ram\\_disk\\_id) | (optional) The ID of the ram disk | `string` | `null` | no |\n| \u003ca name=\"input_role_arn\"\u003e\u003c/a\u003e [role\\_arn](#input\\_role\\_arn) | (Optional) ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding depends\\_on if using the aws\\_iam\\_role\\_policy resource or aws\\_iam\\_role\\_policy\\_attachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion | `string` | `null` | no |\n| \u003ca name=\"input_service_ipv4_cidr\"\u003e\u003c/a\u003e [service\\_ipv4\\_cidr](#input\\_service\\_ipv4\\_cidr) | (Optional) The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks.for more info. refer [Terraform Documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#service_ipv4_cidr) | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | (Optional) Key-value map of resource tags. If configured with a provider default\\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level | `map(string)` | `null` | no |\n| \u003ca name=\"input_timeouts\"\u003e\u003c/a\u003e [timeouts](#input\\_timeouts) | (optional) Timeout config for EKS cluster | `map(string)` | \u003cpre\u003e{\u003cbr\u003e  \"create\": \"25m\",\u003cbr\u003e  \"delete\": \"45m\",\u003cbr\u003e  \"update\": \"25m\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_update_launch_template_default_version\"\u003e\u003c/a\u003e [update\\_launch\\_template\\_default\\_version](#input\\_update\\_launch\\_template\\_default\\_version) | (optional) Whether to update the launch templates default version on each update. Conflicts with `launch_template_default_version` | `bool` | `true` | no |\n| \u003ca name=\"input_use_launch_template\"\u003e\u003c/a\u003e [use\\_launch\\_template](#input\\_use\\_launch\\_template) | (optional) Whether to use the launch template with node groups or not? | `bool` | `false` | no |\n| \u003ca name=\"input_user_data\"\u003e\u003c/a\u003e [user\\_data](#input\\_user\\_data) | (Optional) The base64-encoded user data to provide when launching the instance. | `string` | `null` | no |\n| \u003ca name=\"input_vpc_security_group_ids\"\u003e\u003c/a\u003e [vpc\\_security\\_group\\_ids](#input\\_vpc\\_security\\_group\\_ids) | (optional) A list of security group IDs to associate | `list(string)` | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cloudwatch_log_group_arn\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_arn](#output\\_cloudwatch\\_log\\_group\\_arn) | The Amazon Resource Name (ARN) specifying the log group. Any :* suffix added by the API, denoting all CloudWatch Log Streams under the CloudWatch Log Group, is removed for greater compatibility with other AWS services that do not accept the suffix. |\n| \u003ca name=\"output_eks_cluster_arn\"\u003e\u003c/a\u003e [eks\\_cluster\\_arn](#output\\_eks\\_cluster\\_arn) | ARN of the cluster. |\n| \u003ca name=\"output_eks_cluster_certificate_authority\"\u003e\u003c/a\u003e [eks\\_cluster\\_certificate\\_authority](#output\\_eks\\_cluster\\_certificate\\_authority) | Attribute block containing certificate-authority-data for your cluster. Detailed below. |\n| \u003ca name=\"output_eks_cluster_created_at\"\u003e\u003c/a\u003e [eks\\_cluster\\_created\\_at](#output\\_eks\\_cluster\\_created\\_at) | Unix epoch timestamp in seconds for when the cluster was created. |\n| \u003ca name=\"output_eks_cluster_endpoint\"\u003e\u003c/a\u003e [eks\\_cluster\\_endpoint](#output\\_eks\\_cluster\\_endpoint) | Endpoint for your Kubernetes API server. |\n| \u003ca name=\"output_eks_cluster_id\"\u003e\u003c/a\u003e [eks\\_cluster\\_id](#output\\_eks\\_cluster\\_id) | Name of the cluster. |\n| \u003ca name=\"output_eks_cluster_identity\"\u003e\u003c/a\u003e [eks\\_cluster\\_identity](#output\\_eks\\_cluster\\_identity) | Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below. |\n| \u003ca name=\"output_eks_cluster_name\"\u003e\u003c/a\u003e [eks\\_cluster\\_name](#output\\_eks\\_cluster\\_name) | Name of the eks cluster |\n| \u003ca name=\"output_eks_cluster_oidc_issuer\"\u003e\u003c/a\u003e [eks\\_cluster\\_oidc\\_issuer](#output\\_eks\\_cluster\\_oidc\\_issuer) | Issuer URL for the OpenID Connect identity provider. |\n| \u003ca name=\"output_eks_cluster_open_id_provider_arn\"\u003e\u003c/a\u003e [eks\\_cluster\\_open\\_id\\_provider\\_arn](#output\\_eks\\_cluster\\_open\\_id\\_provider\\_arn) | ARN of the Open-ID provider configurred for the cluster |\n| \u003ca name=\"output_eks_cluster_platform_version\"\u003e\u003c/a\u003e [eks\\_cluster\\_platform\\_version](#output\\_eks\\_cluster\\_platform\\_version) | Platform version for the cluster. |\n| \u003ca name=\"output_eks_cluster_primary_security_group_id\"\u003e\u003c/a\u003e [eks\\_cluster\\_primary\\_security\\_group\\_id](#output\\_eks\\_cluster\\_primary\\_security\\_group\\_id) | Primary security group id of the EKS cluster |\n| \u003ca name=\"output_eks_cluster_status\"\u003e\u003c/a\u003e [eks\\_cluster\\_status](#output\\_eks\\_cluster\\_status) | Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED. |\n| \u003ca name=\"output_eks_cluster_tags_all\"\u003e\u003c/a\u003e [eks\\_cluster\\_tags\\_all](#output\\_eks\\_cluster\\_tags\\_all) | Map of tags assigned to the resource, including those inherited from the provider default\\_tags configuration block. |\n| \u003ca name=\"output_eks_cluster_vpc_config\"\u003e\u003c/a\u003e [eks\\_cluster\\_vpc\\_config](#output\\_eks\\_cluster\\_vpc\\_config) | Configuration block argument that also includes attributes for the VPC associated with your cluster. Detailed below. |\n| \u003ca name=\"output_global_encryption_kms_key_arn\"\u003e\u003c/a\u003e [global\\_encryption\\_kms\\_key\\_arn](#output\\_global\\_encryption\\_kms\\_key\\_arn) | KMS Key arn used by node groups and the the eks cluster for encryption. |\n| \u003ca name=\"output_node_group_arn\"\u003e\u003c/a\u003e [node\\_group\\_arn](#output\\_node\\_group\\_arn) | Amazon Resource Name (ARN) of the EKS Node Group. |\n| \u003ca name=\"output_node_group_id\"\u003e\u003c/a\u003e [node\\_group\\_id](#output\\_node\\_group\\_id) | EKS Cluster name and EKS Node Group name separated by a colon (:). |\n| \u003ca name=\"output_node_group_resources\"\u003e\u003c/a\u003e [node\\_group\\_resources](#output\\_node\\_group\\_resources) | List of objects containing information about underlying resources. |\n| \u003ca name=\"output_node_group_role_arn\"\u003e\u003c/a\u003e [node\\_group\\_role\\_arn](#output\\_node\\_group\\_role\\_arn) | IAM Role Arn used by node groups in the eks cluster |\n| \u003ca name=\"output_node_group_status\"\u003e\u003c/a\u003e [node\\_group\\_status](#output\\_node\\_group\\_status) | Status of the EKS Node Group. |\n| \u003ca name=\"output_node_group_tags_all\"\u003e\u003c/a\u003e [node\\_group\\_tags\\_all](#output\\_node\\_group\\_tags\\_all) | A map of tags assigned to the resource, including those inherited from the provider default\\_tags configuration block. |\n\n## License\n\nMIT License. See [LICENSE](https://github.com/ishuar/terraform-aws-eks/blob/main/LICENSE) for full details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fishuar%2Fterraform-aws-eks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fishuar%2Fterraform-aws-eks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fishuar%2Fterraform-aws-eks/lists"}