{"id":36616389,"url":"https://github.com/pelotech/terraform-foundation-aws-stack","last_synced_at":"2026-04-25T21:01:00.775Z","repository":{"id":269974466,"uuid":"909005721","full_name":"pelotech/terraform-foundation-aws-stack","owner":"pelotech","description":"Terraform module for the foundation base stack on aws","archived":false,"fork":false,"pushed_at":"2026-04-25T19:10:31.000Z","size":178,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-25T19:12:52.518Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pelotech.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-27T14:12:36.000Z","updated_at":"2026-04-25T19:10:24.000Z","dependencies_parsed_at":"2025-01-23T08:25:48.574Z","dependency_job_id":"81c42590-5591-40d1-ba7a-803d54ef75ef","html_url":"https://github.com/pelotech/terraform-foundation-aws-stack","commit_stats":null,"previous_names":["pelotech/terraform-foundation-aws-stack"],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/pelotech/terraform-foundation-aws-stack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pelotech%2Fterraform-foundation-aws-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pelotech%2Fterraform-foundation-aws-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pelotech%2Fterraform-foundation-aws-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pelotech%2Fterraform-foundation-aws-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pelotech","download_url":"https://codeload.github.com/pelotech/terraform-foundation-aws-stack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pelotech%2Fterraform-foundation-aws-stack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32276628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-25T18:29:39.964Z","status":"ssl_error","status_checked_at":"2026-04-25T18:29:32.149Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-12T09:12:07.376Z","updated_at":"2026-04-25T21:01:00.768Z","avatar_url":"https://github.com/pelotech.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"![pre-commit](https://github.com/pelotech/terraform-foundation-aws-stack/actions/workflows/pre-commit.yaml/badge.svg)\n\n# Foundation - Pelotech's GitOps K8s Cluster\nThis is the terraform module that helps bootstrap foundation in AWS\n\nThis project uses [release-please](https://github.com/googleapis/release-please) for the release flow of contributions\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n| ---- | ------- |\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5.7 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 6.14.1 |\n\n## Providers\n\n| Name | Version |\n| ---- | ------- |\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 6.42.0 |\n\n## Modules\n\n| Name | Source | Version |\n| ---- | ------ | ------- |\n| \u003ca name=\"module_cert_manager_irsa_role\"\u003e\u003c/a\u003e [cert\\_manager\\_irsa\\_role](#module\\_cert\\_manager\\_irsa\\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.5.0 |\n| \u003ca name=\"module_ebs_csi_driver_irsa_role\"\u003e\u003c/a\u003e [ebs\\_csi\\_driver\\_irsa\\_role](#module\\_ebs\\_csi\\_driver\\_irsa\\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.5.0 |\n| \u003ca name=\"module_eks\"\u003e\u003c/a\u003e [eks](#module\\_eks) | terraform-aws-modules/eks/aws | 21.18.0 |\n| \u003ca name=\"module_external_dns_irsa_role\"\u003e\u003c/a\u003e [external\\_dns\\_irsa\\_role](#module\\_external\\_dns\\_irsa\\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.5.0 |\n| \u003ca name=\"module_fck_nat\"\u003e\u003c/a\u003e [fck\\_nat](#module\\_fck\\_nat) | RaJiska/fck-nat/aws | 1.4.0 |\n| \u003ca name=\"module_karpenter\"\u003e\u003c/a\u003e [karpenter](#module\\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 21.18.0 |\n| \u003ca name=\"module_load_balancer_controller_irsa_role\"\u003e\u003c/a\u003e [load\\_balancer\\_controller\\_irsa\\_role](#module\\_load\\_balancer\\_controller\\_irsa\\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.5.0 |\n| \u003ca name=\"module_s3_csi\"\u003e\u003c/a\u003e [s3\\_csi](#module\\_s3\\_csi) | terraform-aws-modules/s3-bucket/aws | 5.12.0 |\n| \u003ca name=\"module_s3_driver_irsa_role\"\u003e\u003c/a\u003e [s3\\_driver\\_irsa\\_role](#module\\_s3\\_driver\\_irsa\\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.5.0 |\n| \u003ca name=\"module_vpc\"\u003e\u003c/a\u003e [vpc](#module\\_vpc) | terraform-aws-modules/vpc/aws | 6.6.1 |\n\n## Resources\n\n| Name | Type |\n| ---- | ---- |\n| [aws_eip.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |\n| [aws_vpc_endpoint.eks_vpc_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_ami.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n| ---- | ----------- | ---- | ------- | :------: |\n| \u003ca name=\"input_initial_instance_types\"\u003e\u003c/a\u003e [initial\\_instance\\_types](#input\\_initial\\_instance\\_types) | instance types of the initial managed node group | `list(string)` | n/a | yes |\n| \u003ca name=\"input_cluster_enabled_log_types\"\u003e\u003c/a\u003e [cluster\\_enabled\\_log\\_types](#input\\_cluster\\_enabled\\_log\\_types) | List of EKS control plane log types to enable. Valid values: api, audit, authenticator, controllerManager, scheduler. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cluster_endpoint_public_access\"\u003e\u003c/a\u003e [cluster\\_endpoint\\_public\\_access](#input\\_cluster\\_endpoint\\_public\\_access) | Whether the EKS cluster API server endpoint is publicly accessible. Set to false for private-only access (requires VPC connectivity). | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_security_group\"\u003e\u003c/a\u003e [create\\_node\\_security\\_group](#input\\_create\\_node\\_security\\_group) | Whether to create a dedicated security group for EKS managed node groups. When true, the node\\_security\\_group\\_id output is populated. | `bool` | `false` | no |\n| \u003ca name=\"input_eks_cluster_version\"\u003e\u003c/a\u003e [eks\\_cluster\\_version](#input\\_eks\\_cluster\\_version) | Kubernetes version to set for the cluster | `string` | `\"1.35\"` | no |\n| \u003ca name=\"input_extra_access_entries\"\u003e\u003c/a\u003e [extra\\_access\\_entries](#input\\_extra\\_access\\_entries) | EKS access entries needed by IAM roles interacting with this cluster | \u003cpre\u003elist(object({\u003cbr/\u003e    principal_arn     = string\u003cbr/\u003e    kubernetes_groups = optional(list(string))\u003cbr/\u003e    policy_associations = optional(map(object({\u003cbr/\u003e      policy_arn = string\u003cbr/\u003e      access_scope = object({\u003cbr/\u003e        type       = string\u003cbr/\u003e        namespaces = optional(list(string))\u003cbr/\u003e      })\u003cbr/\u003e    })), {})\u003cbr/\u003e\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_initial_node_desired_size\"\u003e\u003c/a\u003e [initial\\_node\\_desired\\_size](#input\\_initial\\_node\\_desired\\_size) | desired size of the initial managed node group | `number` | `3` | no |\n| \u003ca name=\"input_initial_node_labels\"\u003e\u003c/a\u003e [initial\\_node\\_labels](#input\\_initial\\_node\\_labels) | labels for the initial managed node group | `map(string)` | \u003cpre\u003e{\u003cbr/\u003e  \"kube-ovn/role\": \"master\"\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_initial_node_max_size\"\u003e\u003c/a\u003e [initial\\_node\\_max\\_size](#input\\_initial\\_node\\_max\\_size) | max size of the initial managed node group | `number` | `6` | no |\n| \u003ca name=\"input_initial_node_min_size\"\u003e\u003c/a\u003e [initial\\_node\\_min\\_size](#input\\_initial\\_node\\_min\\_size) | minimum size of the initial managed node group | `number` | `2` | no |\n| \u003ca name=\"input_initial_node_taints\"\u003e\u003c/a\u003e [initial\\_node\\_taints](#input\\_initial\\_node\\_taints) | taints for the initial managed node group | `map(object({ key = string, value = string, effect = string }))` | \u003cpre\u003e{\u003cbr/\u003e  \"criticalAddonsOnly\": {\u003cbr/\u003e    \"effect\": \"NO_SCHEDULE\",\u003cbr/\u003e    \"key\": \"CriticalAddonsOnly\",\u003cbr/\u003e    \"value\": \"true\"\u003cbr/\u003e  },\u003cbr/\u003e  \"nidhogg\": {\u003cbr/\u003e    \"effect\": \"NO_SCHEDULE\",\u003cbr/\u003e    \"key\": \"nidhogg.uswitch.com/kube-system.kube-multus-ds\",\u003cbr/\u003e    \"value\": \"true\"\u003cbr/\u003e  }\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_permissions_boundary\"\u003e\u003c/a\u003e [permissions\\_boundary](#input\\_permissions\\_boundary) | IAM permissions boundary policy name applied to all IAM roles. When set, constructs full ARN from the current account and partition. | `string` | `\"\"` | no |\n| \u003ca name=\"input_s3_csi_driver_bucket_arns\"\u003e\u003c/a\u003e [s3\\_csi\\_driver\\_bucket\\_arns](#input\\_s3\\_csi\\_driver\\_bucket\\_arns) | existing buckets the s3 CSI driver should have access to | `list(string)` | `[]` | no |\n| \u003ca name=\"input_s3_csi_driver_create_bucket\"\u003e\u003c/a\u003e [s3\\_csi\\_driver\\_create\\_bucket](#input\\_s3\\_csi\\_driver\\_create\\_bucket) | create a new bucket for use with the s3 CSI driver | `bool` | `true` | no |\n| \u003ca name=\"input_stack_admin_arns\"\u003e\u003c/a\u003e [stack\\_admin\\_arns](#input\\_stack\\_admin\\_arns) | arn to the roles for the cluster admins role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_stack_create\"\u003e\u003c/a\u003e [stack\\_create](#input\\_stack\\_create) | should resources be created | `bool` | `true` | no |\n| \u003ca name=\"input_stack_create_pelotech_nat_eip\"\u003e\u003c/a\u003e [stack\\_create\\_pelotech\\_nat\\_eip](#input\\_stack\\_create\\_pelotech\\_nat\\_eip) | should create pelotech nat eip even if NAT isn't enabled - nice for getting ips created for allow lists | `bool` | `false` | no |\n| \u003ca name=\"input_stack_enable_cluster_kms\"\u003e\u003c/a\u003e [stack\\_enable\\_cluster\\_kms](#input\\_stack\\_enable\\_cluster\\_kms) | Should secrets be encrypted by kms in the cluster | `bool` | `true` | no |\n| \u003ca name=\"input_stack_enable_default_eks_managed_node_group\"\u003e\u003c/a\u003e [stack\\_enable\\_default\\_eks\\_managed\\_node\\_group](#input\\_stack\\_enable\\_default\\_eks\\_managed\\_node\\_group) | Ability to disable default node group | `bool` | `true` | no |\n| \u003ca name=\"input_stack_existing_vpc_config\"\u003e\u003c/a\u003e [stack\\_existing\\_vpc\\_config](#input\\_stack\\_existing\\_vpc\\_config) | Setting the VPC | \u003cpre\u003eobject({\u003cbr/\u003e    vpc_id     = string\u003cbr/\u003e    subnet_ids = list(string)\u003cbr/\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_stack_name\"\u003e\u003c/a\u003e [stack\\_name](#input\\_stack\\_name) | Name of the stack | `string` | `\"foundation-stack\"` | no |\n| \u003ca name=\"input_stack_pelotech_nat_ami_name_filter\"\u003e\u003c/a\u003e [stack\\_pelotech\\_nat\\_ami\\_name\\_filter](#input\\_stack\\_pelotech\\_nat\\_ami\\_name\\_filter) | ami name filter to find the correct ami | `string` | `\"fck-nat-al2023-hvm-*\"` | no |\n| \u003ca name=\"input_stack_pelotech_nat_ami_owner_id\"\u003e\u003c/a\u003e [stack\\_pelotech\\_nat\\_ami\\_owner\\_id](#input\\_stack\\_pelotech\\_nat\\_ami\\_owner\\_id) | Owner ID to search of ami | `string` | `\"568608671756\"` | no |\n| \u003ca name=\"input_stack_pelotech_nat_enabled\"\u003e\u003c/a\u003e [stack\\_pelotech\\_nat\\_enabled](#input\\_stack\\_pelotech\\_nat\\_enabled) | Use pelotech-nat as NAT instances instead of NAT gateway | `bool` | `false` | no |\n| \u003ca name=\"input_stack_pelotech_nat_instance_type\"\u003e\u003c/a\u003e [stack\\_pelotech\\_nat\\_instance\\_type](#input\\_stack\\_pelotech\\_nat\\_instance\\_type) | choose instance based on bandwitch requirements | `string` | `\"t4g.micro\"` | no |\n| \u003ca name=\"input_stack_ro_arns\"\u003e\u003c/a\u003e [stack\\_ro\\_arns](#input\\_stack\\_ro\\_arns) | arn to the roles for the cluster read only role, these will also have KMS readonly access for CI plan purposes, more limited access should use the extra entries | `list(string)` | `[]` | no |\n| \u003ca name=\"input_stack_tags\"\u003e\u003c/a\u003e [stack\\_tags](#input\\_stack\\_tags) | tags to be added to the stack, should at least have Owner and Environment | `map(string)` | \u003cpre\u003e{\u003cbr/\u003e  \"Environment\": \"prod\",\u003cbr/\u003e  \"Owner\": \"pelotech\"\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_stack_use_vpc_cni_max_pods\"\u003e\u003c/a\u003e [stack\\_use\\_vpc\\_cni\\_max\\_pods](#input\\_stack\\_use\\_vpc\\_cni\\_max\\_pods) | Set to true if using the vpc cni - otherwise defaults to 110 max pods | `bool` | `false` | no |\n| \u003ca name=\"input_stack_vpc_block\"\u003e\u003c/a\u003e [stack\\_vpc\\_block](#input\\_stack\\_vpc\\_block) | Variables for defining the vpc for the stack | \u003cpre\u003eobject({\u003cbr/\u003e    cidr             = string\u003cbr/\u003e    azs              = list(string)\u003cbr/\u003e    private_subnets  = list(string)\u003cbr/\u003e    public_subnets   = list(string)\u003cbr/\u003e    database_subnets = list(string)\u003cbr/\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr/\u003e  \"azs\": [\u003cbr/\u003e    \"us-west-2a\",\u003cbr/\u003e    \"us-west-2b\",\u003cbr/\u003e    \"us-west-2c\"\u003cbr/\u003e  ],\u003cbr/\u003e  \"cidr\": \"172.16.0.0/16\",\u003cbr/\u003e  \"database_subnets\": [\u003cbr/\u003e    \"172.16.200.0/24\",\u003cbr/\u003e    \"172.16.201.0/24\",\u003cbr/\u003e    \"172.16.202.0/24\"\u003cbr/\u003e  ],\u003cbr/\u003e  \"private_subnets\": [\u003cbr/\u003e    \"172.16.0.0/24\",\u003cbr/\u003e    \"172.16.1.0/24\",\u003cbr/\u003e    \"172.16.2.0/24\"\u003cbr/\u003e  ],\u003cbr/\u003e  \"public_subnets\": [\u003cbr/\u003e    \"172.16.100.0/24\",\u003cbr/\u003e    \"172.16.101.0/24\",\u003cbr/\u003e    \"172.16.102.0/24\"\u003cbr/\u003e  ]\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_vpc_endpoints\"\u003e\u003c/a\u003e [vpc\\_endpoints](#input\\_vpc\\_endpoints) | vpc endpoints within the cluster vpc network, note: this only works when using the internal created VPC | `list(string)` | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n| ---- | ----------- |\n| \u003ca name=\"output_cert_manager_role_arn\"\u003e\u003c/a\u003e [cert\\_manager\\_role\\_arn](#output\\_cert\\_manager\\_role\\_arn) | ARN of the Cert Manager IRSA role |\n| \u003ca name=\"output_cluster_security_group_id\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_id](#output\\_cluster\\_security\\_group\\_id) | Cluster security group that was created by Amazon EKS for the cluster |\n| \u003ca name=\"output_ebs_csi_driver_role_arn\"\u003e\u003c/a\u003e [ebs\\_csi\\_driver\\_role\\_arn](#output\\_ebs\\_csi\\_driver\\_role\\_arn) | ARN of the EBS CSI driver IRSA role |\n| \u003ca name=\"output_eks_cluster_certificate_authority_data\"\u003e\u003c/a\u003e [eks\\_cluster\\_certificate\\_authority\\_data](#output\\_eks\\_cluster\\_certificate\\_authority\\_data) | Base64 encoded certificate data for the cluster |\n| \u003ca name=\"output_eks_cluster_endpoint\"\u003e\u003c/a\u003e [eks\\_cluster\\_endpoint](#output\\_eks\\_cluster\\_endpoint) | The endpoint for the EKS cluster API server |\n| \u003ca name=\"output_eks_cluster_iam_role_name\"\u003e\u003c/a\u003e [eks\\_cluster\\_iam\\_role\\_name](#output\\_eks\\_cluster\\_iam\\_role\\_name) | The name of the EKS cluster IAM role |\n| \u003ca name=\"output_eks_cluster_name\"\u003e\u003c/a\u003e [eks\\_cluster\\_name](#output\\_eks\\_cluster\\_name) | The name of the EKS cluster |\n| \u003ca name=\"output_eks_cluster_tls_certificate_sha1_fingerprint\"\u003e\u003c/a\u003e [eks\\_cluster\\_tls\\_certificate\\_sha1\\_fingerprint](#output\\_eks\\_cluster\\_tls\\_certificate\\_sha1\\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |\n| \u003ca name=\"output_eks_managed_node_groups\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_groups](#output\\_eks\\_managed\\_node\\_groups) | Map of attribute maps for all EKS managed node groups created |\n| \u003ca name=\"output_eks_managed_node_groups_autoscaling_group_names\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names](#output\\_eks\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names) | List of the autoscaling group names created by EKS managed node groups |\n| \u003ca name=\"output_eks_oidc_provider\"\u003e\u003c/a\u003e [eks\\_oidc\\_provider](#output\\_eks\\_oidc\\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) |\n| \u003ca name=\"output_eks_oidc_provider_arn\"\u003e\u003c/a\u003e [eks\\_oidc\\_provider\\_arn](#output\\_eks\\_oidc\\_provider\\_arn) | EKS OIDC provider ARN to be able to add IRSA roles to the cluster out of band |\n| \u003ca name=\"output_external_dns_role_arn\"\u003e\u003c/a\u003e [external\\_dns\\_role\\_arn](#output\\_external\\_dns\\_role\\_arn) | ARN of the External DNS IRSA role |\n| \u003ca name=\"output_karpenter_node_iam_role_name\"\u003e\u003c/a\u003e [karpenter\\_node\\_iam\\_role\\_name](#output\\_karpenter\\_node\\_iam\\_role\\_name) | The name of the Karpenter node IAM role |\n| \u003ca name=\"output_karpenter_queue_name\"\u003e\u003c/a\u003e [karpenter\\_queue\\_name](#output\\_karpenter\\_queue\\_name) | The name of the Karpenter SQS queue |\n| \u003ca name=\"output_karpenter_role_arn\"\u003e\u003c/a\u003e [karpenter\\_role\\_arn](#output\\_karpenter\\_role\\_arn) | ARN of the Karpenter IRSA role |\n| \u003ca name=\"output_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#output\\_kms\\_key\\_arn) | The Amazon Resource Name (ARN) of the KMS key |\n| \u003ca name=\"output_load_balancer_controller_role_arn\"\u003e\u003c/a\u003e [load\\_balancer\\_controller\\_role\\_arn](#output\\_load\\_balancer\\_controller\\_role\\_arn) | ARN of the ALB controller IRSA role |\n| \u003ca name=\"output_node_security_group_id\"\u003e\u003c/a\u003e [node\\_security\\_group\\_id](#output\\_node\\_security\\_group\\_id) | ID of the node shared security group |\n| \u003ca name=\"output_s3_csi_driver_role_arn\"\u003e\u003c/a\u003e [s3\\_csi\\_driver\\_role\\_arn](#output\\_s3\\_csi\\_driver\\_role\\_arn) | ARN of the S3 CSI driver IRSA role |\n| \u003ca name=\"output_vpc\"\u003e\u003c/a\u003e [vpc](#output\\_vpc) | The vpc object when it's created |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpelotech%2Fterraform-foundation-aws-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpelotech%2Fterraform-foundation-aws-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpelotech%2Fterraform-foundation-aws-stack/lists"}