{"id":29943278,"url":"https://github.com/sourcefuse/terraform-aws-arc-eks-addon","last_synced_at":"2026-02-24T08:31:54.161Z","repository":{"id":189051275,"uuid":"656131879","full_name":"sourcefuse/terraform-aws-arc-eks-addon","owner":"sourcefuse","description":null,"archived":false,"fork":false,"pushed_at":"2023-10-02T20:58:33.000Z","size":412,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-29T14:42:19.387Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcefuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-20T10:08:23.000Z","updated_at":"2023-10-02T14:25:37.000Z","dependencies_parsed_at":"2023-10-02T21:44:20.581Z","dependency_job_id":"7b09c0b6-645d-4a20-913a-7a579c55379c","html_url":"https://github.com/sourcefuse/terraform-aws-arc-eks-addon","commit_stats":null,"previous_names":["sourcefuse/terraform-aws-ref-arch-eks-addon","sourcefuse/terraform-aws-arc-eks-addon"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/sourcefuse/terraform-aws-arc-eks-addon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-eks-addon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-eks-addon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-eks-addon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-eks-addon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcefuse","download_url":"https://codeload.github.com/sourcefuse/terraform-aws-arc-eks-addon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-eks-addon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29776637,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T04:54:30.205Z","status":"ssl_error","status_checked_at":"2026-02-24T04:53:58.628Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-03T02:14:49.082Z","updated_at":"2026-02-24T08:31:54.141Z","avatar_url":"https://github.com/sourcefuse.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [terraform-aws-arc-eks-addon](https://github.com/sourcefuse/terraform-aws-arc-eks-addon)\n\n[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-arc-eks-addon/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-arc-eks-addon/actions/workflows/snyk.yaml)\n\n## Overview\n\nEKS Blueprints helps you compose complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads. With EKS Blueprints, you describe the configuration for the desired state of your EKS environment, such as the control plane, worker nodes, and Kubernetes add-ons, as an IaC blueprint. Once a blueprint is configured, you can use it to stamp out consistent environments across multiple AWS accounts and Regions using continuous deployment automation.\n\nYou can use EKS Blueprints to easily bootstrap an EKS cluster with Amazon EKS add-ons as well as a wide range of popular open-source add-ons, including Prometheus, Karpenter, Nginx, Traefik, AWS Load Balancer Controller, Fluent Bit, Keda, ArgoCD, and more. EKS Blueprints also helps you implement relevant security controls needed to operate workloads from multiple teams in the same cluster.\n\n\n## Architecture\n\n![Architecture](./static/arch.png)\n\nThe module assumes that upstream dependencies, namely networking dependencies, are created upstream and the values are passed into this module via mechanisms such as Terraform data source queries. Similarly bations and related load balancers are shown as per best practices and has to be deployed separately from upstream module. The shown addons are example addons and may and may not be a fit for your architecture please enable them accordingly.\n\n## Usage\n\n**Note**: the example below is does not have a pinned version. Be sure to pin your version. Refer to the `example` folder for a working example version.\n\nTo checkout the Full example Please visit [example](https://github.com/sourcefuse/terraform-aws-arc-eks-addon/blob/main/examples/complete/main.tf)\n\n```hcl\nmodule \"eks\" {\n  source                             = \"git::https://github.com/sourcefuse/terraform-aws-arc-eks-addon?ref=v1.0.0\"\n  tags                               = module.tags.tags\n  vpc_id                             = data.aws_vpc.vpc.id\n  private_subnet_ids                 = data.aws_subnets.private.ids\n  public_subnet_ids                  = data.aws_subnets.public.ids\n  control_plane_subnet_ids           = concat(data.aws_subnets.private.ids, data.aws_subnets.public.ids)\n  create_eks                         = var.create_eks\n  cluster_timeouts                   = var.cluster_timeouts\n  cluster_name                       = var.cluster_name\n  cluster_version                    = var.cluster_version\n  create_cluster_security_group      = var.create_cluster_security_group\n  cluster_security_group_name        = var.cluster_security_group_name\n  cluster_kms_key_arn                = var.cluster_kms_key_arn\n\n  .............................................................\n}\n```\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.47 |\n| \u003ca name=\"requirement_bcrypt\"\u003e\u003c/a\u003e [bcrypt](#requirement\\_bcrypt) | \u003e= 0.1.2 |\n| \u003ca name=\"requirement_helm\"\u003e\u003c/a\u003e [helm](#requirement\\_helm) | \u003e= 2.8 |\n| \u003ca name=\"requirement_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#requirement\\_kubernetes) | \u003e= 2.17 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | 3.3.2 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.4.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_eks\"\u003e\u003c/a\u003e [eks](#module\\_eks) | ./modules/eks | n/a |\n| \u003ca name=\"module_eks_blueprints_addons\"\u003e\u003c/a\u003e [eks\\_blueprints\\_addons](#module\\_eks\\_blueprints\\_addons) | ./modules/eks-addons | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |\n| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_argo_rollouts\"\u003e\u003c/a\u003e [argo\\_rollouts](#input\\_argo\\_rollouts) | Argo Rollouts addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_argo_workflows\"\u003e\u003c/a\u003e [argo\\_workflows](#input\\_argo\\_workflows) | Argo Workflows addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_argocd\"\u003e\u003c/a\u003e [argocd](#input\\_argocd) | ArgoCD addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_cloudwatch_metrics\"\u003e\u003c/a\u003e [aws\\_cloudwatch\\_metrics](#input\\_aws\\_cloudwatch\\_metrics) | Cloudwatch Metrics addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_efs_csi_driver\"\u003e\u003c/a\u003e [aws\\_efs\\_csi\\_driver](#input\\_aws\\_efs\\_csi\\_driver) | EFS CSI Driver addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_for_fluentbit\"\u003e\u003c/a\u003e [aws\\_for\\_fluentbit](#input\\_aws\\_for\\_fluentbit) | AWS Fluentbit add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_aws_for_fluentbit_cw_log_group\"\u003e\u003c/a\u003e [aws\\_for\\_fluentbit\\_cw\\_log\\_group](#input\\_aws\\_for\\_fluentbit\\_cw\\_log\\_group) | AWS Fluentbit CloudWatch Log Group configurations | `any` | `{}` | no |\n| \u003ca name=\"input_aws_fsx_csi_driver\"\u003e\u003c/a\u003e [aws\\_fsx\\_csi\\_driver](#input\\_aws\\_fsx\\_csi\\_driver) | FSX CSI Driver addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_load_balancer_controller\"\u003e\u003c/a\u003e [aws\\_load\\_balancer\\_controller](#input\\_aws\\_load\\_balancer\\_controller) | AWS Load Balancer Controller addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_node_termination_handler\"\u003e\u003c/a\u003e [aws\\_node\\_termination\\_handler](#input\\_aws\\_node\\_termination\\_handler) | AWS Node Termination Handler addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_node_termination_handler_asg_arns\"\u003e\u003c/a\u003e [aws\\_node\\_termination\\_handler\\_asg\\_arns](#input\\_aws\\_node\\_termination\\_handler\\_asg\\_arns) | List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events | `list(string)` | `[]` | no |\n| \u003ca name=\"input_aws_node_termination_handler_sqs\"\u003e\u003c/a\u003e [aws\\_node\\_termination\\_handler\\_sqs](#input\\_aws\\_node\\_termination\\_handler\\_sqs) | AWS Node Termination Handler SQS queue configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_aws_privateca_issuer\"\u003e\u003c/a\u003e [aws\\_privateca\\_issuer](#input\\_aws\\_privateca\\_issuer) | AWS PCA Issuer add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_cert_manager\"\u003e\u003c/a\u003e [cert\\_manager](#input\\_cert\\_manager) | cert-manager addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_cert_manager_route53_hosted_zone_arns\"\u003e\u003c/a\u003e [cert\\_manager\\_route53\\_hosted\\_zone\\_arns](#input\\_cert\\_manager\\_route53\\_hosted\\_zone\\_arns) | List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"arn:aws:route53:::hostedzone/*\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cloudwatch_log_group_kms_key_id\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_kms\\_key\\_id](#input\\_cloudwatch\\_log\\_group\\_kms\\_key\\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | Number of days to retain log events. Default retention - 90 days | `number` | `90` | no |\n| \u003ca name=\"input_cluster_additional_security_group_ids\"\u003e\u003c/a\u003e [cluster\\_additional\\_security\\_group\\_ids](#input\\_cluster\\_additional\\_security\\_group\\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cluster_autoscaler\"\u003e\u003c/a\u003e [cluster\\_autoscaler](#input\\_cluster\\_autoscaler) | Cluster Autoscaler addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_enabled_log_types\"\u003e\u003c/a\u003e [cluster\\_enabled\\_log\\_types](#input\\_cluster\\_enabled\\_log\\_types) | A list of the desired control plane logging to enable | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"api\",\u003cbr\u003e  \"audit\",\u003cbr\u003e  \"authenticator\",\u003cbr\u003e  \"controllerManager\",\u003cbr\u003e  \"scheduler\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cluster_encryption_config\"\u003e\u003c/a\u003e [cluster\\_encryption\\_config](#input\\_cluster\\_encryption\\_config) | Configuration block with encryption configuration for the cluster | \u003cpre\u003elist(object({\u003cbr\u003e    provider_key_arn = string\u003cbr\u003e    resources        = list(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_cluster_endpoint_private_access\"\u003e\u003c/a\u003e [cluster\\_endpoint\\_private\\_access](#input\\_cluster\\_endpoint\\_private\\_access) | Indicates whether or not the EKS private API server endpoint is enabled. Default to EKS resource and it is false | `bool` | `false` | no |\n| \u003ca name=\"input_cluster_endpoint_public_access\"\u003e\u003c/a\u003e [cluster\\_endpoint\\_public\\_access](#input\\_cluster\\_endpoint\\_public\\_access) | Indicates whether or not the EKS public API server endpoint is enabled. Default to EKS resource and it is true | `bool` | `true` | no |\n| \u003ca name=\"input_cluster_endpoint_public_access_cidrs\"\u003e\u003c/a\u003e [cluster\\_endpoint\\_public\\_access\\_cidrs](#input\\_cluster\\_endpoint\\_public\\_access\\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"0.0.0.0/0\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cluster_identity_providers\"\u003e\u003c/a\u003e [cluster\\_identity\\_providers](#input\\_cluster\\_identity\\_providers) | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_ip_family\"\u003e\u003c/a\u003e [cluster\\_ip\\_family](#input\\_cluster\\_ip\\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | `string` | `\"ipv4\"` | no |\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | EKS Cluster Name | `string` | `\"\"` | no |\n| \u003ca name=\"input_cluster_proportional_autoscaler\"\u003e\u003c/a\u003e [cluster\\_proportional\\_autoscaler](#input\\_cluster\\_proportional\\_autoscaler) | Cluster Proportional Autoscaler add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_security_group_additional_rules\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_additional\\_rules](#input\\_cluster\\_security\\_group\\_additional\\_rules) | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_security_group_description\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_description](#input\\_cluster\\_security\\_group\\_description) | Description of the cluster security group created | `string` | `\"EKS cluster security group\"` | no |\n| \u003ca name=\"input_cluster_security_group_id\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_id](#input\\_cluster\\_security\\_group\\_id) | Security group to be used if creation of cluster security group is turned off | `string` | `\"\"` | no |\n| \u003ca name=\"input_cluster_security_group_name\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_name](#input\\_cluster\\_security\\_group\\_name) | Name to use on cluster security group created | `string` | `null` | no |\n| \u003ca name=\"input_cluster_security_group_tags\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_tags](#input\\_cluster\\_security\\_group\\_tags) | A map of additional tags to add to the cluster security group created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_security_group_use_name_prefix\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_use\\_name\\_prefix](#input\\_cluster\\_security\\_group\\_use\\_name\\_prefix) | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_cluster_service_ipv4_cidr\"\u003e\u003c/a\u003e [cluster\\_service\\_ipv4\\_cidr](#input\\_cluster\\_service\\_ipv4\\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |\n| \u003ca name=\"input_cluster_timeouts\"\u003e\u003c/a\u003e [cluster\\_timeouts](#input\\_cluster\\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#input\\_cluster\\_version) | Kubernetes `\u003cmajor\u003e.\u003cminor\u003e` version to use for the EKS cluster (i.e.: `1.24`) | `string` | `\"1.24\"` | no |\n| \u003ca name=\"input_control_plane_subnet_ids\"\u003e\u003c/a\u003e [control\\_plane\\_subnet\\_ids](#input\\_control\\_plane\\_subnet\\_ids) | A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane | `list(string)` | `[]` | no |\n| \u003ca name=\"input_create_cloudwatch_log_group\"\u003e\u003c/a\u003e [create\\_cloudwatch\\_log\\_group](#input\\_create\\_cloudwatch\\_log\\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `false` | no |\n| \u003ca name=\"input_create_cluster_primary_security_group_tags\"\u003e\u003c/a\u003e [create\\_cluster\\_primary\\_security\\_group\\_tags](#input\\_create\\_cluster\\_primary\\_security\\_group\\_tags) | Indicates whether or not to tag the cluster's primary security group. This security group is created by the EKS service, not the module, and therefore tagging is handled after cluster creation | `bool` | `true` | no |\n| \u003ca name=\"input_create_cluster_security_group\"\u003e\u003c/a\u003e [create\\_cluster\\_security\\_group](#input\\_create\\_cluster\\_security\\_group) | Toggle to create or assign cluster security group | `bool` | `true` | no |\n| \u003ca name=\"input_create_eks\"\u003e\u003c/a\u003e [create\\_eks](#input\\_create\\_eks) | Create EKS cluster | `bool` | `true` | no |\n| \u003ca name=\"input_create_iam_role\"\u003e\u003c/a\u003e [create\\_iam\\_role](#input\\_create\\_iam\\_role) | Determines whether a an IAM role is created or to use an existing IAM role | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_security_group\"\u003e\u003c/a\u003e [create\\_node\\_security\\_group](#input\\_create\\_node\\_security\\_group) | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | `bool` | `true` | no |\n| \u003ca name=\"input_custom_oidc_thumbprints\"\u003e\u003c/a\u003e [custom\\_oidc\\_thumbprints](#input\\_custom\\_oidc\\_thumbprints) | Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_eks_addons_timeouts\"\u003e\u003c/a\u003e [eks\\_addons\\_timeouts](#input\\_eks\\_addons\\_timeouts) | Create, update, and delete timeout configurations for the EKS addons | `map(string)` | `{}` | no |\n| \u003ca name=\"input_enable_argo_rollouts\"\u003e\u003c/a\u003e [enable\\_argo\\_rollouts](#input\\_enable\\_argo\\_rollouts) | Enable Argo Rollouts add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_argo_workflows\"\u003e\u003c/a\u003e [enable\\_argo\\_workflows](#input\\_enable\\_argo\\_workflows) | Enable Argo workflows add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_argocd\"\u003e\u003c/a\u003e [enable\\_argocd](#input\\_enable\\_argocd) | Enable Argo CD Kubernetes add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_cloudwatch_metrics\"\u003e\u003c/a\u003e [enable\\_aws\\_cloudwatch\\_metrics](#input\\_enable\\_aws\\_cloudwatch\\_metrics) | Enable AWS Cloudwatch Metrics add-on for Container Insights | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_efs_csi_driver\"\u003e\u003c/a\u003e [enable\\_aws\\_efs\\_csi\\_driver](#input\\_enable\\_aws\\_efs\\_csi\\_driver) | Enable AWS EFS CSI Driver add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_for_fluentbit\"\u003e\u003c/a\u003e [enable\\_aws\\_for\\_fluentbit](#input\\_enable\\_aws\\_for\\_fluentbit) | Enable AWS for FluentBit add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_fsx_csi_driver\"\u003e\u003c/a\u003e [enable\\_aws\\_fsx\\_csi\\_driver](#input\\_enable\\_aws\\_fsx\\_csi\\_driver) | Enable AWS FSX CSI Driver add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_load_balancer_controller\"\u003e\u003c/a\u003e [enable\\_aws\\_load\\_balancer\\_controller](#input\\_enable\\_aws\\_load\\_balancer\\_controller) | Enable AWS Load Balancer Controller add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_node_termination_handler\"\u003e\u003c/a\u003e [enable\\_aws\\_node\\_termination\\_handler](#input\\_enable\\_aws\\_node\\_termination\\_handler) | Enable AWS Node Termination Handler add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_privateca_issuer\"\u003e\u003c/a\u003e [enable\\_aws\\_privateca\\_issuer](#input\\_enable\\_aws\\_privateca\\_issuer) | Enable AWS PCA Issuer | `bool` | `false` | no |\n| \u003ca name=\"input_enable_cert_manager\"\u003e\u003c/a\u003e [enable\\_cert\\_manager](#input\\_enable\\_cert\\_manager) | Enable cert-manager add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_cluster_autoscaler\"\u003e\u003c/a\u003e [enable\\_cluster\\_autoscaler](#input\\_enable\\_cluster\\_autoscaler) | Enable Cluster autoscaler add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_cluster_encryption\"\u003e\u003c/a\u003e [enable\\_cluster\\_encryption](#input\\_enable\\_cluster\\_encryption) | Determines whether cluster encryption is enabled | `bool` | `true` | no |\n| \u003ca name=\"input_enable_cluster_proportional_autoscaler\"\u003e\u003c/a\u003e [enable\\_cluster\\_proportional\\_autoscaler](#input\\_enable\\_cluster\\_proportional\\_autoscaler) | Enable Cluster Proportional Autoscaler | `bool` | `false` | no |\n| \u003ca name=\"input_enable_external_dns\"\u003e\u003c/a\u003e [enable\\_external\\_dns](#input\\_enable\\_external\\_dns) | Enable external-dns operator add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_external_secrets\"\u003e\u003c/a\u003e [enable\\_external\\_secrets](#input\\_enable\\_external\\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_fargate_fluentbit\"\u003e\u003c/a\u003e [enable\\_fargate\\_fluentbit](#input\\_enable\\_fargate\\_fluentbit) | Enable Fargate FluentBit add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_gatekeeper\"\u003e\u003c/a\u003e [enable\\_gatekeeper](#input\\_enable\\_gatekeeper) | Enable Gatekeeper add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_ingress_nginx\"\u003e\u003c/a\u003e [enable\\_ingress\\_nginx](#input\\_enable\\_ingress\\_nginx) | Enable Ingress Nginx | `bool` | `false` | no |\n| \u003ca name=\"input_enable_irsa\"\u003e\u003c/a\u003e [enable\\_irsa](#input\\_enable\\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |\n| \u003ca name=\"input_enable_karpenter\"\u003e\u003c/a\u003e [enable\\_karpenter](#input\\_enable\\_karpenter) | Enable Karpenter controller add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_kube_prometheus_stack\"\u003e\u003c/a\u003e [enable\\_kube\\_prometheus\\_stack](#input\\_enable\\_kube\\_prometheus\\_stack) | Enable Kube Prometheus Stack | `bool` | `false` | no |\n| \u003ca name=\"input_enable_metrics_server\"\u003e\u003c/a\u003e [enable\\_metrics\\_server](#input\\_enable\\_metrics\\_server) | Enable metrics server add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_secrets_store_csi_driver\"\u003e\u003c/a\u003e [enable\\_secrets\\_store\\_csi\\_driver](#input\\_enable\\_secrets\\_store\\_csi\\_driver) | Enable CSI Secrets Store Provider | `bool` | `false` | no |\n| \u003ca name=\"input_enable_secrets_store_csi_driver_provider_aws\"\u003e\u003c/a\u003e [enable\\_secrets\\_store\\_csi\\_driver\\_provider\\_aws](#input\\_enable\\_secrets\\_store\\_csi\\_driver\\_provider\\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |\n| \u003ca name=\"input_enable_velero\"\u003e\u003c/a\u003e [enable\\_velero](#input\\_enable\\_velero) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |\n| \u003ca name=\"input_enable_vpa\"\u003e\u003c/a\u003e [enable\\_vpa](#input\\_enable\\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |\n| \u003ca name=\"input_external_dns\"\u003e\u003c/a\u003e [external\\_dns](#input\\_external\\_dns) | external-dns addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_external_dns_route53_zone_arns\"\u003e\u003c/a\u003e [external\\_dns\\_route53\\_zone\\_arns](#input\\_external\\_dns\\_route53\\_zone\\_arns) | List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_external_secrets\"\u003e\u003c/a\u003e [external\\_secrets](#input\\_external\\_secrets) | External Secrets addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_external_secrets_kms_key_arns\"\u003e\u003c/a\u003e [external\\_secrets\\_kms\\_key\\_arns](#input\\_external\\_secrets\\_kms\\_key\\_arns) | List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"arn:aws:kms:*:*:key/*\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_external_secrets_secrets_manager_arns\"\u003e\u003c/a\u003e [external\\_secrets\\_secrets\\_manager\\_arns](#input\\_external\\_secrets\\_secrets\\_manager\\_arns) | List of Secrets Manager ARNs that contain secrets to mount using External Secrets | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"arn:aws:secretsmanager:*:*:secret:*\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_external_secrets_ssm_parameter_arns\"\u003e\u003c/a\u003e [external\\_secrets\\_ssm\\_parameter\\_arns](#input\\_external\\_secrets\\_ssm\\_parameter\\_arns) | List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"arn:aws:ssm:*:*:parameter/*\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_fargate_fluentbit\"\u003e\u003c/a\u003e [fargate\\_fluentbit](#input\\_fargate\\_fluentbit) | Fargate fluentbit add-on config | `any` | `{}` | no |\n| \u003ca name=\"input_fargate_fluentbit_cw_log_group\"\u003e\u003c/a\u003e [fargate\\_fluentbit\\_cw\\_log\\_group](#input\\_fargate\\_fluentbit\\_cw\\_log\\_group) | AWS Fargate Fluentbit CloudWatch Log Group configurations | `any` | `{}` | no |\n| \u003ca name=\"input_fargate_profiles\"\u003e\u003c/a\u003e [fargate\\_profiles](#input\\_fargate\\_profiles) | Fargate profile configuration | `any` | `{}` | no |\n| \u003ca name=\"input_gatekeeper\"\u003e\u003c/a\u003e [gatekeeper](#input\\_gatekeeper) | Gatekeeper add-on configuration | `any` | `{}` | no |\n| \u003ca name=\"input_iam_role_additional_policies\"\u003e\u003c/a\u003e [iam\\_role\\_additional\\_policies](#input\\_iam\\_role\\_additional\\_policies) | Additional policies to be added to the IAM role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_iam_role_arn\"\u003e\u003c/a\u003e [iam\\_role\\_arn](#input\\_iam\\_role\\_arn) | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_description\"\u003e\u003c/a\u003e [iam\\_role\\_description](#input\\_iam\\_role\\_description) | Description of the role | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_name\"\u003e\u003c/a\u003e [iam\\_role\\_name](#input\\_iam\\_role\\_name) | Name to use on IAM role created | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_path\"\u003e\u003c/a\u003e [iam\\_role\\_path](#input\\_iam\\_role\\_path) | Cluster IAM role path | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [iam\\_role\\_permissions\\_boundary](#input\\_iam\\_role\\_permissions\\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |\n| \u003ca name=\"input_ingress_nginx\"\u003e\u003c/a\u003e [ingress\\_nginx](#input\\_ingress\\_nginx) | Ingress Nginx add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_karpenter\"\u003e\u003c/a\u003e [karpenter](#input\\_karpenter) | Karpenter addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_karpenter_enable_spot_termination\"\u003e\u003c/a\u003e [karpenter\\_enable\\_spot\\_termination](#input\\_karpenter\\_enable\\_spot\\_termination) | Determines whether to enable native node termination handling | `bool` | `true` | no |\n| \u003ca name=\"input_karpenter_node\"\u003e\u003c/a\u003e [karpenter\\_node](#input\\_karpenter\\_node) | Karpenter IAM role and IAM instance profile configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_karpenter_sqs\"\u003e\u003c/a\u003e [karpenter\\_sqs](#input\\_karpenter\\_sqs) | Karpenter SQS queue for native node termination handling configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_kube_prometheus_stack\"\u003e\u003c/a\u003e [kube\\_prometheus\\_stack](#input\\_kube\\_prometheus\\_stack) | Kube Prometheus Stack add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_managed_node_groups\"\u003e\u003c/a\u003e [managed\\_node\\_groups](#input\\_managed\\_node\\_groups) | Managed node groups configuration | `any` | `{}` | no |\n| \u003ca name=\"input_metrics_server\"\u003e\u003c/a\u003e [metrics\\_server](#input\\_metrics\\_server) | Metrics Server add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_node_security_group_additional_rules\"\u003e\u003c/a\u003e [node\\_security\\_group\\_additional\\_rules](#input\\_node\\_security\\_group\\_additional\\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | `any` | `{}` | no |\n| \u003ca name=\"input_node_security_group_description\"\u003e\u003c/a\u003e [node\\_security\\_group\\_description](#input\\_node\\_security\\_group\\_description) | Description of the node security group created | `string` | `\"EKS node shared security group\"` | no |\n| \u003ca name=\"input_node_security_group_name\"\u003e\u003c/a\u003e [node\\_security\\_group\\_name](#input\\_node\\_security\\_group\\_name) | Name to use on node security group created | `string` | `null` | no |\n| \u003ca name=\"input_node_security_group_tags\"\u003e\u003c/a\u003e [node\\_security\\_group\\_tags](#input\\_node\\_security\\_group\\_tags) | A map of additional tags to add to the node security group created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_security_group_use_name_prefix\"\u003e\u003c/a\u003e [node\\_security\\_group\\_use\\_name\\_prefix](#input\\_node\\_security\\_group\\_use\\_name\\_prefix) | Determines whether node security group name (`node_security_group_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_openid_connect_audiences\"\u003e\u003c/a\u003e [openid\\_connect\\_audiences](#input\\_openid\\_connect\\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider | `list(string)` | `[]` | no |\n| \u003ca name=\"input_private_subnet_ids\"\u003e\u003c/a\u003e [private\\_subnet\\_ids](#input\\_private\\_subnet\\_ids) | List of private subnets Ids for the cluster and worker nodes | `list(string)` | `[]` | no |\n| \u003ca name=\"input_secrets_store_csi_driver\"\u003e\u003c/a\u003e [secrets\\_store\\_csi\\_driver](#input\\_secrets\\_store\\_csi\\_driver) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_secrets_store_csi_driver_provider_aws\"\u003e\u003c/a\u003e [secrets\\_store\\_csi\\_driver\\_provider\\_aws](#input\\_secrets\\_store\\_csi\\_driver\\_provider\\_aws) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |\n| \u003ca name=\"input_self_managed_node_groups\"\u003e\u003c/a\u003e [self\\_managed\\_node\\_groups](#input\\_self\\_managed\\_node\\_groups) | Self-managed node groups configuration | `any` | `{}` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |\n| \u003ca name=\"input_velero\"\u003e\u003c/a\u003e [velero](#input\\_velero) | Velero addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_vpa\"\u003e\u003c/a\u003e [vpa](#input\\_vpa) | Vertical Pod Autoscaler addon configuration values | `any` | `{}` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | VPC Id | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cluster_endpoint\"\u003e\u003c/a\u003e [cluster\\_endpoint](#output\\_cluster\\_endpoint) | The endpoint of the EKS cluster |\n| \u003ca name=\"output_cluster_id\"\u003e\u003c/a\u003e [cluster\\_id](#output\\_cluster\\_id) | The name/id of the EKS cluster |\n| \u003ca name=\"output_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#output\\_cluster\\_version) | The version of the EKS cluster |\n| \u003ca name=\"output_oidc_provider_arn\"\u003e\u003c/a\u003e [oidc\\_provider\\_arn](#output\\_oidc\\_provider\\_arn) | The oidc arn the EKS cluster |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Versioning\n\nThis project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.\n\nWhen you intend to commit to `main`, you will need to increment this version. Once the project is merged,\nthe pipeline will kick off and tag the latest git commit.\n\n## Development\n\n### Prerequisites\n\n- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)\n- [terraform-docs](https://github.com/segmentio/terraform-docs)\n- [pre-commit](https://pre-commit.com/#install)\n\n### Configurations\n\n- Configure pre-commit hooks\n```sh\npre-commit install\n```\n\n## Authors\n\nThis project is authored by below people\n\n- SourceFuse ARC Team\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-eks-addon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-eks-addon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-eks-addon/lists"}