{"id":22096863,"url":"https://github.com/streamnative/terraform-aws-cloud","last_synced_at":"2025-06-14T15:33:38.333Z","repository":{"id":36965708,"uuid":"383920774","full_name":"streamnative/terraform-aws-cloud","owner":"streamnative","description":"Terraform modules for provisioning StreamNative Cloud on AWS","archived":false,"fork":false,"pushed_at":"2025-05-07T08:50:41.000Z","size":613,"stargazers_count":7,"open_issues_count":2,"forks_count":11,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-05-07T09:44:34.601Z","etag":null,"topics":["aws","cloud","streamnative","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/streamnative.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-07T20:46:05.000Z","updated_at":"2025-05-07T08:50:33.000Z","dependencies_parsed_at":"2024-02-18T06:27:54.681Z","dependency_job_id":"6788152f-8268-4f08-a68d-b1ad22aa9163","html_url":"https://github.com/streamnative/terraform-aws-cloud","commit_stats":null,"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"purl":"pkg:github/streamnative/terraform-aws-cloud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamnative%2Fterraform-aws-cloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamnative%2Fterraform-aws-cloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamnative%2Fterraform-aws-cloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamnative%2Fterraform-aws-cloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/streamnative","download_url":"https://codeload.github.com/streamnative/terraform-aws-cloud/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamnative%2Fterraform-aws-cloud/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259838178,"owners_count":22919536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloud","streamnative","terraform"],"created_at":"2024-12-01T04:12:57.015Z","updated_at":"2025-06-14T15:33:38.317Z","avatar_url":"https://github.com/streamnative.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n  ~ Copyright 2023 StreamNative, Inc.\n  ~\n  ~ Licensed under the Apache License, Version 2.0 (the \"License\");\n  ~ you may not use this file except in compliance with the License.\n  ~ You may obtain a copy of the License at\n  ~\n  ~     http://www.apache.org/licenses/LICENSE-2.0\n  ~\n  ~ Unless required by applicable law or agreed to in writing, software\n  ~ distributed under the License is distributed on an \"AS IS\" BASIS,\n  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  ~ See the License for the specific language governing permissions and\n  ~ limitations under the License.\n--\u003e\n\n# terraform-aws-cloud\n\nThis repository contains opinionated Terraform modules used to deploy and configure an AWS EKS cluster for the StreamNative Platform. It is currently underpinned by the [`terraform-aws-eks`](https://github.com/terraform-aws-modules/terraform-aws-eks) module.\n\nThe working result is a Kubernetes cluster sized to your specifications, bootstrapped with StreamNative's Platform configuration, ready to receive a deployment of Apache Pulsar.\n\nFor more information on StreamNative Platform, head on over to our [official documentation](https://docs.streamnative.io/platform).\n## Prerequisites\nThe [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) command line tool is required and must be installed. It's what we're using to manage the creation of a Kubernetes cluster and its bootstrap configuration, along with the necessary cloud provider infrastructure.\n\nWe use [Helm](https://helm.sh/docs/intro/install/) for deploying the [StreamNative Platform charts](https://github.com/streamnative/charts) on the cluster, and while not necessary, it's recommended to have it installed for debugging purposes.\n\nYour caller identity must also have the necessary AWS IAM permissions to create and work with EC2 (EKS, VPCs, etc.) and Route53.\n\n### Other Recommendations\n- [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) command-line tool\n- [`aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) command line tool\n\n## Networking\nEKS has multiple modes of network configuration for how you access the EKS cluster endpoint, as well as how the node groups communicate with the EKS control plane.\n\nThis Terraform module supports the following:\n\n- **Public (EKS) / Private (Node Groups)**: The EKS cluster API server is accessible from the internet, and node groups use a private VPC endpoint to communicate with the cluster's controle plane **_(default configuration)_**\n- **Public (EKS) / Public (Node Groups)**: The EKS cluster API server is accessible from the internet, and node groups use a public EKS endpoint to communicate with the cluster's control plane. This mode can be enabled by setting the input `enable_node_group_private_networking = false` in the module.\n\n**Note:** _Currently we do not support fully private EKS clusters with this module (i.e. all network traffic remains internal to the AWS VPC)_\n\nFor your VPC configuration we require sets of public and private subnets (minimum of two each, one per AWS AZ). Both groups of subnets must have an outbound configuration to the internet. We also recommend using a seperate VPC reserved for the EKS cluster, with a minimum CIDR block per subnet of `/24`.\n\nA Terraform [sub-module](https://github.com/streamnative/terraform-aws-cloud/tree/master/modules/vpc) is available that manages the VPC configuration to our specifications. It can be used in composition to the root module in this repo _(see this [example](https://github.com/streamnative/terraform-aws-cloud/blob/master/examples/example-with-vpc/main.tf))_.\n\nFor more information on how EKS networking can be configured, refer to the following AWS guides:\n- [Networking in EKS](https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/)\n- [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)\n- [De-mystifying cluster networking for Amazon EKS worker nodes](https://aws.amazon.com/blogs/containers/de-mystifying-cluster-networking-for-amazon-eks-worker-nodes/)\n\n## Getting Started\nA bare minimum configuration to execute the module:\n\n```hcl\ndata \"aws_eks_cluster\" \"cluster\" {\n  name = module.eks_cluster.eks_cluster_name\n}\n\ndata \"aws_eks_cluster_auth\" \"cluster\" {\n  name = module.eks_cluster.eks_cluster_name\n}\n\nprovider \"aws\" {\n  region = var.region\n}\n\nprovider \"helm\" {\n  kubernetes {\n    host                   = data.aws_eks_cluster.cluster.endpoint\n    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)\n    token                  = data.aws_eks_cluster_auth.cluster.token\n  }\n}\n\nprovider \"kubernetes\" {\n  host                   = data.aws_eks_cluster.cluster.endpoint\n  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)\n  token                  = data.aws_eks_cluster_auth.cluster.token\n  insecure               = false\n}\n\nvariable \"region\" {\n  default = \"us-east-1\"\n}\n\nmodule \"sn_cluster\" {\n  source = \"streamnative/cloud/aws\"\n\n  cluster_name                   = \"sn-cluster-${var.region}\"\n  cluster_version                = \"1.21\"\n  hosted_zone_id                 = \"Z04554535IN8Z31SKDVQ2\" # Change this to your hosted zone ID\n  node_pool_max_size             = 3\n\n  ## Note: EKS requires two subnets, each in their own availability zone\n  public_subnet_ids  = [\"subnet-abcde012\", \"subnet-bcde012a\"]\n  private_subnet_ids = [\"subnet-vwxyz123\", \"subnet-efgh242a\"]\n  region             = var.region\n  vpc_id             = \"vpc-1234556abcdef\"\n}\n```\n\nIn the example `main.tf` above, a StreamNative Platform EKS cluster is created using Kubernetes version `1.21`. \n\nBy default, the cluster will come provisioned with 8 node groups (_reference node topology[^1]_), six of which have a desired capacity set to `0`, and only the \"xlarge\" node group has a default desired capacity of `1`. All \n\nIn addition, the EKS cluster will be configured to support the following add-ons:\n\n- [AWS CSI Driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver)\n- [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller)\n- [AWS Node Terminiation Handler](https://github.com/aws/aws-node-termination-handler)\n- [cert-manager](https://github.com/jetstack/cert-manager)\n- [cluster-autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler)\n- [external-dns](https://github.com/kubernetes-sigs/external-dns)\n- [Istio](https://istio.io/)\n- [metrics-server](https://github.com/kubernetes-sigs/metrics-server) \n- [Velero](https://velero.io/) (for backup and restore)\n\n## Creating a StreamNative Platform EKS Cluster\nWhen deploying StreamNative Platform, there are additional resources to be created alongside (and inside!) the EKS cluster:\n\n- StreamNative operators for Pulsar\n- Vault Configuration \u0026 Resources\n\nWe have made this easy by creating additional Terraform modules that can be included alongside your EKS module composition. Consider adding the following to the example `main.tf` file above:\n\n```hcl\n#######\n### This module installs the necessary operators for StreamNative Platform\n### See: https://registry.terraform.io/modules/streamnative/charts/helm/latest\n#######\nmodule \"sn_bootstrap\" {\n  source = \"streamnative/charts/helm\"\n\n  enable_function_mesh_operator = true\n  enable_vault_operator         = true\n  enable_pulsar_operator        = true\n\n  depends_on = [\n    module.sn_cluster,\n  ]\n}\n```\n\nTo apply the configuration initialize the Terraform module in the directory containing **your own version** of the `main.tf` from the examples above:\n\n```shell\nterraform init\n```\n\nValidate and apply the configuration:\n```shell\nterraform apply\n```\n\n## Deploy a StreamNative Platform Workload (an Apache Pulsar Cluster)\nWe use a [Helm chart](https://github.com/streamnative/charts/tree/master/charts/sn-platform) to deploy StreamNative Platform on the receiving Kubernetes cluster. Refer to our [official documentation](https://docs.streamnative.io/platform/v1.0.0/overview/) for more info.\n\n_Note: Since this module manages all of the Kubernetes addon dependencies required by StreamNative Platform, it is not necessary to perform all of the [steps outlined in the Helm chart's README.](https://github.com/streamnative/charts/tree/master/charts/sn-platform#steps). Please [reach out](https://support.streamnative.io) to your customer representative if you have questions._\n\n\n[^1]: When running Apache Pulsar in Kubernetes, we make use of EBS backed Kubernetes Persistent Volume Claims (PVC). EBS volumes themselves are zonal, which means [an EC2 instance can only mount a volume that exists in its same AWS Availability Zone](https://aws.amazon.com/blogs/containers/amazon-eks-cluster-multi-zone-auto-scaling-groups/). For this reason we have added node group \"zone affinity\" functionality into our module, where **an EKS node group is created per AWS Availability Zone**. This is controlled by the number of subnets you pass to the EKS module, creating one node group per subnet. In addition, we also create node groups based on instance classes, which allows us to perform more fine tuned control around scheduling and resource utilization. To illustrate, if a cluster is being created across 3 availability zones and the default 4 instance classes are being used, then 12 total node groups will be created, all except the nodes belonging to the `xlarge` (which has a default capicty of `1` for initial scheduling of workloads) group will remain empty until a corresponding Pulsar or addon workload is deployed.\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3.2 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5.75 |\n| \u003ca name=\"requirement_helm\"\u003e\u003c/a\u003e [helm](#requirement\\_helm) | \u003e= 2.16 |\n| \u003ca name=\"requirement_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#requirement\\_kubernetes) | \u003e= 2.32 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.75.0 |\n| \u003ca name=\"provider_helm\"\u003e\u003c/a\u003e [helm](#provider\\_helm) | 2.16.1 |\n| \u003ca name=\"provider_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#provider\\_kubernetes) | 2.33.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_eks\"\u003e\u003c/a\u003e [eks](#module\\_eks) | terraform-aws-modules/eks/aws | 20.29.0 |\n| \u003ca name=\"module_eks_auth\"\u003e\u003c/a\u003e [eks\\_auth](#module\\_eks\\_auth) | terraform-aws-modules/eks/aws//modules/aws-auth | 20.29.0 |\n| \u003ca name=\"module_istio\"\u003e\u003c/a\u003e [istio](#module\\_istio) | github.com/streamnative/terraform-helm-charts//modules/istio-operator | v0.8.6 |\n| \u003ca name=\"module_vpc_tags\"\u003e\u003c/a\u003e [vpc\\_tags](#module\\_vpc\\_tags) | ./modules/eks-vpc-tags | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_ec2_tag.cluster_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |\n| [aws_iam_policy.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.csi_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ng_AmazonEKSServicePolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ng_AmazonEKSVPCResourceControllerPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ng_AmazonEKSWorkerNodePolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_s3_bucket.tiered_storage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |\n| [aws_s3_bucket.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |\n| [aws_s3_bucket_server_side_encryption_configuration.tiered_storage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |\n| [aws_s3_bucket_server_side_encryption_configuration.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |\n| [helm_release.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.cert_issuer](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.cilium](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.csi](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.node_termination_handler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [kubernetes_namespace.sn_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |\n| [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |\n| [kubernetes_storage_class.sn_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |\n| [kubernetes_storage_class.sn_ssd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.aws_load_balancer_controller_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cert_manager_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cluster_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cluster_autoscaler_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.csi_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.external_dns_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.ng_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.velero_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_kms_key.ebs_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |\n| [aws_kms_key.s3_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_subnet.private_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |\n| [aws_subnet.public_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_add_vpc_tags\"\u003e\u003c/a\u003e [add\\_vpc\\_tags](#input\\_add\\_vpc\\_tags) | Adds tags to VPC resources necessary for ingress resources within EKS to perform auto-discovery of subnets. Defaults to \"true\". Note that this may cause resource cycling (delete and recreate) if you are using Terraform to manage your VPC resources without having a `lifecycle { ignore_changes = [ tags ] }` block defined within them, since the VPC resources will want to manage the tags themselves and remove the ones added by this module. | `bool` | `true` | no |\n| \u003ca name=\"input_additional_tags\"\u003e\u003c/a\u003e [additional\\_tags](#input\\_additional\\_tags) | Additional tags to be added to the resources created by this module. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_allowed_public_cidrs\"\u003e\u003c/a\u003e [allowed\\_public\\_cidrs](#input\\_allowed\\_public\\_cidrs) | List of CIDR blocks that are allowed to access the EKS cluster's public endpoint. Defaults to \"0.0.0.0/0\" (any). | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"0.0.0.0/0\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_asm_secret_arns\"\u003e\u003c/a\u003e [asm\\_secret\\_arns](#input\\_asm\\_secret\\_arns) | The a list of ARNs for secrets stored in ASM. This grants the kubernetes-external-secrets controller select access to secrets used by resources within the EKS cluster. If no arns are provided via this input, the IAM policy will allow read access to all secrets created in the provided region. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_aws_load_balancer_controller_helm_chart_name\"\u003e\u003c/a\u003e [aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_name](#input\\_aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_name) | The name of the Helm chart to use for the AWS Load Balancer Controller. | `string` | `\"aws-load-balancer-controller\"` | no |\n| \u003ca name=\"input_aws_load_balancer_controller_helm_chart_repository\"\u003e\u003c/a\u003e [aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_repository](#input\\_aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_repository) | The repository containing the Helm chart to use for the AWS Load Balancer Controller. | `string` | `\"https://aws.github.io/eks-charts\"` | no |\n| \u003ca name=\"input_aws_load_balancer_controller_helm_chart_version\"\u003e\u003c/a\u003e [aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_version](#input\\_aws\\_load\\_balancer\\_controller\\_helm\\_chart\\_version) | The version of the Helm chart to use for the AWS Load Balancer Controller. The current version can be found in github: https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/Chart.yaml. | `string` | `\"1.4.2\"` | no |\n| \u003ca name=\"input_aws_load_balancer_controller_settings\"\u003e\u003c/a\u003e [aws\\_load\\_balancer\\_controller\\_settings](#input\\_aws\\_load\\_balancer\\_controller\\_settings) | Additional settings which will be passed to the Helm chart values for the AWS Load Balancer Controller. See https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller for available options. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_bootstrap_self_managed_addons\"\u003e\u003c/a\u003e [bootstrap\\_self\\_managed\\_addons](#input\\_bootstrap\\_self\\_managed\\_addons) | Indicates whether or not to bootstrap self-managed addons after the cluster has been created | `bool` | `null` | no |\n| \u003ca name=\"input_cert_issuer_support_email\"\u003e\u003c/a\u003e [cert\\_issuer\\_support\\_email](#input\\_cert\\_issuer\\_support\\_email) | The email address to receive notifications from the cert issuer. | `string` | `\"certs-support@streamnative.io\"` | no |\n| \u003ca name=\"input_cert_manager_helm_chart_name\"\u003e\u003c/a\u003e [cert\\_manager\\_helm\\_chart\\_name](#input\\_cert\\_manager\\_helm\\_chart\\_name) | The name of the Helm chart in the repository for cert-manager. | `string` | `\"cert-manager\"` | no |\n| \u003ca name=\"input_cert_manager_helm_chart_repository\"\u003e\u003c/a\u003e [cert\\_manager\\_helm\\_chart\\_repository](#input\\_cert\\_manager\\_helm\\_chart\\_repository) | The repository containing the cert-manager helm chart. | `string` | `\"https://charts.bitnami.com/bitnami\"` | no |\n| \u003ca name=\"input_cert_manager_helm_chart_version\"\u003e\u003c/a\u003e [cert\\_manager\\_helm\\_chart\\_version](#input\\_cert\\_manager\\_helm\\_chart\\_version) | Helm chart version for the cert-manager. See https://github.com/bitnami/charts/tree/master/bitnami/cert-manager for version releases. | `string` | `\"0.6.2\"` | no |\n| \u003ca name=\"input_cert_manager_settings\"\u003e\u003c/a\u003e [cert\\_manager\\_settings](#input\\_cert\\_manager\\_settings) | Additional settings which will be passed to the Helm chart values. See https://github.com/bitnami/charts/tree/master/bitnami/cert-manager for available options. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_cilium_helm_chart_name\"\u003e\u003c/a\u003e [cilium\\_helm\\_chart\\_name](#input\\_cilium\\_helm\\_chart\\_name) | The name of the Helm chart in the repository for Cilium. | `string` | `\"cilium\"` | no |\n| \u003ca name=\"input_cilium_helm_chart_repository\"\u003e\u003c/a\u003e [cilium\\_helm\\_chart\\_repository](#input\\_cilium\\_helm\\_chart\\_repository) | The repository containing the Cilium helm chart. | `string` | `\"https://helm.cilium.io\"` | no |\n| \u003ca name=\"input_cilium_helm_chart_version\"\u003e\u003c/a\u003e [cilium\\_helm\\_chart\\_version](#input\\_cilium\\_helm\\_chart\\_version) | Helm chart version for Cilium. See https://artifacthub.io/packages/helm/cilium/cilium for updates. | `string` | `\"1.13.2\"` | no |\n| \u003ca name=\"input_cluster_autoscaler_helm_chart_name\"\u003e\u003c/a\u003e [cluster\\_autoscaler\\_helm\\_chart\\_name](#input\\_cluster\\_autoscaler\\_helm\\_chart\\_name) | The name of the Helm chart in the repository for cluster-autoscaler. | `string` | `\"cluster-autoscaler\"` | no |\n| \u003ca name=\"input_cluster_autoscaler_helm_chart_repository\"\u003e\u003c/a\u003e [cluster\\_autoscaler\\_helm\\_chart\\_repository](#input\\_cluster\\_autoscaler\\_helm\\_chart\\_repository) | The repository containing the cluster-autoscaler helm chart. | `string` | `\"https://kubernetes.github.io/autoscaler\"` | no |\n| \u003ca name=\"input_cluster_autoscaler_helm_chart_version\"\u003e\u003c/a\u003e [cluster\\_autoscaler\\_helm\\_chart\\_version](#input\\_cluster\\_autoscaler\\_helm\\_chart\\_version) | Helm chart version for the cluster-autoscaler. Defaults to \"9.10.4\". See https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler for more details. | `string` | `\"9.21.0\"` | no |\n| \u003ca name=\"input_cluster_autoscaler_settings\"\u003e\u003c/a\u003e [cluster\\_autoscaler\\_settings](#input\\_cluster\\_autoscaler\\_settings) | Additional settings which will be passed to the Helm chart values for cluster-autoscaler, see https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler for options. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_cluster_enabled_log_types\"\u003e\u003c/a\u003e [cluster\\_enabled\\_log\\_types](#input\\_cluster\\_enabled\\_log\\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"api\",\u003cbr/\u003e  \"audit\",\u003cbr/\u003e  \"authenticator\",\u003cbr/\u003e  \"controllerManager\",\u003cbr/\u003e  \"scheduler\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cluster_encryption_config\"\u003e\u003c/a\u003e [cluster\\_encryption\\_config](#input\\_cluster\\_encryption\\_config) | Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to `{}` | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_iam\"\u003e\u003c/a\u003e [cluster\\_iam](#input\\_cluster\\_iam) | Cluster IAM settings | `any` | `null` | no |\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | The name of your EKS cluster and associated resources. Must be 16 characters or less. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cluster_networking\"\u003e\u003c/a\u003e [cluster\\_networking](#input\\_cluster\\_networking) | Cluster Networking settings | `any` | `null` | no |\n| \u003ca name=\"input_cluster_security_group_additional_rules\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_additional\\_rules](#input\\_cluster\\_security\\_group\\_additional\\_rules) | Additional rules to add to the cluster security group. Set source\\_node\\_security\\_group = true inside rules to set the node\\_security\\_group as source. | `any` | `{}` | no |\n| \u003ca name=\"input_cluster_security_group_id\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_id](#input\\_cluster\\_security\\_group\\_id) | The ID of an existing security group to use for the EKS cluster. If not provided, a new security group will be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cluster_service_ipv4_cidr\"\u003e\u003c/a\u003e [cluster\\_service\\_ipv4\\_cidr](#input\\_cluster\\_service\\_ipv4\\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |\n| \u003ca name=\"input_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#input\\_cluster\\_version) | The version of Kubernetes to be installed. | `string` | `\"1.20\"` | no |\n| \u003ca name=\"input_create_cluster_security_group\"\u003e\u003c/a\u003e [create\\_cluster\\_security\\_group](#input\\_create\\_cluster\\_security\\_group) | Whether to create a new security group for the EKS cluster. If set to false, you must provide an existing security group via the cluster\\_security\\_group\\_id variable. | `bool` | `true` | no |\n| \u003ca name=\"input_create_iam_policies\"\u003e\u003c/a\u003e [create\\_iam\\_policies](#input\\_create\\_iam\\_policies) | Whether to create IAM policies for the IAM roles. If set to false, the module will default to using existing policy ARNs that must be present in the AWS account | `bool` | `false` | no |\n| \u003ca name=\"input_create_node_security_group\"\u003e\u003c/a\u003e [create\\_node\\_security\\_group](#input\\_create\\_node\\_security\\_group) | Whether to create a new security group for the EKS nodes. If set to false, you must provide an existing security group via the node\\_security\\_group\\_id variable. | `bool` | `true` | no |\n| \u003ca name=\"input_csi_helm_chart_name\"\u003e\u003c/a\u003e [csi\\_helm\\_chart\\_name](#input\\_csi\\_helm\\_chart\\_name) | The name of the Helm chart in the repository for CSI. | `string` | `\"aws-ebs-csi-driver\"` | no |\n| \u003ca name=\"input_csi_helm_chart_repository\"\u003e\u003c/a\u003e [csi\\_helm\\_chart\\_repository](#input\\_csi\\_helm\\_chart\\_repository) | The repository containing the CSI helm chart | `string` | `\"https://kubernetes-sigs.github.io/aws-ebs-csi-driver/\"` | no |\n| \u003ca name=\"input_csi_helm_chart_version\"\u003e\u003c/a\u003e [csi\\_helm\\_chart\\_version](#input\\_csi\\_helm\\_chart\\_version) | Helm chart version for CSI | `string` | `\"2.8.0\"` | no |\n| \u003ca name=\"input_csi_settings\"\u003e\u003c/a\u003e [csi\\_settings](#input\\_csi\\_settings) | Additional settings which will be passed to the Helm chart values, see https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/charts/aws-ebs-csi-driver/values.yaml for available options. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_disable_public_eks_endpoint\"\u003e\u003c/a\u003e [disable\\_public\\_eks\\_endpoint](#input\\_disable\\_public\\_eks\\_endpoint) | Whether to disable public access to the EKS control plane endpoint. If set to \"true\", additional configuration is required in order for the cluster to function properly, such as AWS PrivateLink for EC2, ECR, and S3, along with a VPN to access the EKS control plane. It is recommended to keep this setting to \"false\" unless you are familiar with this type of configuration. | `bool` | `false` | no |\n| \u003ca name=\"input_disable_public_pulsar_endpoint\"\u003e\u003c/a\u003e [disable\\_public\\_pulsar\\_endpoint](#input\\_disable\\_public\\_pulsar\\_endpoint) | Whether or not to make the Istio Gateway use a public facing or internal network load balancer. If set to \"true\", additional configuration is required in order to manage the cluster from the StreamNative console | `bool` | `false` | no |\n| \u003ca name=\"input_disk_encryption_kms_key_arn\"\u003e\u003c/a\u003e [disk\\_encryption\\_kms\\_key\\_arn](#input\\_disk\\_encryption\\_kms\\_key\\_arn) | The KMS Key ARN to use for EBS disk encryption. If not set, the default EBS encryption key will be used. | `string` | `\"\"` | no |\n| \u003ca name=\"input_enable_bootstrap\"\u003e\u003c/a\u003e [enable\\_bootstrap](#input\\_enable\\_bootstrap) | Enables bootstrapping of add-ons within the cluster. | `bool` | `true` | no |\n| \u003ca name=\"input_enable_cilium\"\u003e\u003c/a\u003e [enable\\_cilium](#input\\_enable\\_cilium) | Enables Cilium on the cluster. Set to \"false\" by default. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_cilium_taint\"\u003e\u003c/a\u003e [enable\\_cilium\\_taint](#input\\_enable\\_cilium\\_taint) | Adds the cillium taint to nodes. Is \"true\" by default. Should set to \"false\" if adding cillium to existing pool | `bool` | `true` | no |\n| \u003ca name=\"input_enable_istio\"\u003e\u003c/a\u003e [enable\\_istio](#input\\_enable\\_istio) | Allows for enabling the bootstrap of Istio explicity in scenarios where the input \"var.enable\\_bootstrap\" is set to \"false\". | `bool` | `true` | no |\n| \u003ca name=\"input_enable_node_group_private_networking\"\u003e\u003c/a\u003e [enable\\_node\\_group\\_private\\_networking](#input\\_enable\\_node\\_group\\_private\\_networking) | Enables private networking for the EKS node groups (not the EKS cluster endpoint, which remains public), meaning Kubernetes API requests that originate within the cluster's VPC use a private VPC endpoint for EKS. Defaults to \"true\". | `bool` | `true` | no |\n| \u003ca name=\"input_enable_node_pool_monitoring\"\u003e\u003c/a\u003e [enable\\_node\\_pool\\_monitoring](#input\\_enable\\_node\\_pool\\_monitoring) | Enable CloudWatch monitoring for the default pool(s). | `bool` | `false` | no |\n| \u003ca name=\"input_enable_nodes_use_public_subnet\"\u003e\u003c/a\u003e [enable\\_nodes\\_use\\_public\\_subnet](#input\\_enable\\_nodes\\_use\\_public\\_subnet) | When set to true, the node groups will use public subnet rather private subnet, and the public subnet must enable auto-assing public ip so that nodes can have public ip to access internet. Default is false. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_resource_creation\"\u003e\u003c/a\u003e [enable\\_resource\\_creation](#input\\_enable\\_resource\\_creation) | When enabled, all dependencies, like roles, buckets, etc will be created. When disabled, they will note. Use in combination with `enable_bootstrap` to manage these outside this module | `bool` | `true` | no |\n| \u003ca name=\"input_enable_sncloud_control_plane_access\"\u003e\u003c/a\u003e [enable\\_sncloud\\_control\\_plane\\_access](#input\\_enable\\_sncloud\\_control\\_plane\\_access) | Whether to enable access to the EKS control plane endpoint. If set to \"false\", additional configuration is required in order for the cluster to function properly, such as AWS PrivateLink for EC2, ECR, and S3, along with a VPN to access the EKS control plane. It is recommended to keep this setting to \"true\" unless you are familiar with this type of configuration. | `bool` | `true` | no |\n| \u003ca name=\"input_enable_v3_node_groups\"\u003e\u003c/a\u003e [enable\\_v3\\_node\\_groups](#input\\_enable\\_v3\\_node\\_groups) | Enable v3 node groups, which uses a single ASG and all other node groups enabled elsewhere | `bool` | `false` | no |\n| \u003ca name=\"input_enable_v3_node_migration\"\u003e\u003c/a\u003e [enable\\_v3\\_node\\_migration](#input\\_enable\\_v3\\_node\\_migration) | Enable v3 node and v2 node groups at the same time. Intended for use with migration to v3 nodes. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_v3_node_taints\"\u003e\u003c/a\u003e [enable\\_v3\\_node\\_taints](#input\\_enable\\_v3\\_node\\_taints) | When v3 node groups are enabled, use the node taints. Defaults to true | `bool` | `true` | no |\n| \u003ca name=\"input_enable_vpc_cni_prefix_delegation\"\u003e\u003c/a\u003e [enable\\_vpc\\_cni\\_prefix\\_delegation](#input\\_enable\\_vpc\\_cni\\_prefix\\_delegation) | Whether set ENABLE\\_PREFIX\\_DELEGATION for vpc-cni addon | `bool` | `true` | no |\n| \u003ca name=\"input_external_dns_helm_chart_name\"\u003e\u003c/a\u003e [external\\_dns\\_helm\\_chart\\_name](#input\\_external\\_dns\\_helm\\_chart\\_name) | The name of the Helm chart in the repository for ExternalDNS. | `string` | `\"external-dns\"` | no |\n| \u003ca name=\"input_external_dns_helm_chart_repository\"\u003e\u003c/a\u003e [external\\_dns\\_helm\\_chart\\_repository](#input\\_external\\_dns\\_helm\\_chart\\_repository) | The repository containing the ExternalDNS helm chart. | `string` | `\"https://charts.bitnami.com/bitnami\"` | no |\n| \u003ca name=\"input_external_dns_helm_chart_version\"\u003e\u003c/a\u003e [external\\_dns\\_helm\\_chart\\_version](#input\\_external\\_dns\\_helm\\_chart\\_version) | Helm chart version for ExternalDNS. See https://hub.helm.sh/charts/bitnami/external-dns for updates. | `string` | `\"6.10.2\"` | no |\n| \u003ca name=\"input_external_dns_settings\"\u003e\u003c/a\u003e [external\\_dns\\_settings](#input\\_external\\_dns\\_settings) | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_hosted_zone_domain_name_filters\"\u003e\u003c/a\u003e [hosted\\_zone\\_domain\\_name\\_filters](#input\\_hosted\\_zone\\_domain\\_name\\_filters) | A list domain names of the Route53 hosted zones, used by the cluster's External DNS configuration for domain filtering. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_hosted_zone_id\"\u003e\u003c/a\u003e [hosted\\_zone\\_id](#input\\_hosted\\_zone\\_id) | The ID of the Route53 hosted zone used by the cluster's External DNS configuration. | `string` | `\"*\"` | no |\n| \u003ca name=\"input_iam_path\"\u003e\u003c/a\u003e [iam\\_path](#input\\_iam\\_path) | An IAM Path to be used for all IAM resources created by this module. Changing this from the default will cause issues with StreamNative's Vendor access, if applicable. | `string` | `\"/StreamNative/\"` | no |\n| \u003ca name=\"input_istio_mesh_id\"\u003e\u003c/a\u003e [istio\\_mesh\\_id](#input\\_istio\\_mesh\\_id) | The ID used by the Istio mesh. This is also the ID of the StreamNative Cloud Pool used for the workload environments. This is required when \"enable\\_istio\\_operator\" is set to \"true\". | `string` | `null` | no |\n| \u003ca name=\"input_istio_network\"\u003e\u003c/a\u003e [istio\\_network](#input\\_istio\\_network) | The name of network used for the Istio deployment. This is required when \"enable\\_istio\\_operator\" is set to \"true\". | `string` | `\"default\"` | no |\n| \u003ca name=\"input_istio_profile\"\u003e\u003c/a\u003e [istio\\_profile](#input\\_istio\\_profile) | The path or name for an Istio profile to load. Set to the profile \"default\" if not specified. | `string` | `\"default\"` | no |\n| \u003ca name=\"input_istio_revision_tag\"\u003e\u003c/a\u003e [istio\\_revision\\_tag](#input\\_istio\\_revision\\_tag) | The revision tag value use for the Istio label \"istio.io/rev\". | `string` | `\"sn-stable\"` | no |\n| \u003ca name=\"input_istio_settings\"\u003e\u003c/a\u003e [istio\\_settings](#input\\_istio\\_settings) | Additional settings which will be passed to the Helm chart values | `map(any)` | `{}` | no |\n| \u003ca name=\"input_istio_trust_domain\"\u003e\u003c/a\u003e [istio\\_trust\\_domain](#input\\_istio\\_trust\\_domain) | The trust domain used for the Istio deployment, which corresponds to the root of a system. This is required when \"enable\\_istio\\_operator\" is set to \"true\". | `string` | `\"cluster.local\"` | no |\n| \u003ca name=\"input_kiali_operator_settings\"\u003e\u003c/a\u003e [kiali\\_operator\\_settings](#input\\_kiali\\_operator\\_settings) | Additional settings which will be passed to the Helm chart values | `map(any)` | `{}` | no |\n| \u003ca name=\"input_manage_aws_auth_configmap\"\u003e\u003c/a\u003e [manage\\_aws\\_auth\\_configmap](#input\\_manage\\_aws\\_auth\\_configmap) | Whether to manage the aws\\_auth configmap | `bool` | `true` | no |\n| \u003ca name=\"input_map_additional_iam_roles\"\u003e\u003c/a\u003e [map\\_additional\\_iam\\_roles](#input\\_map\\_additional\\_iam\\_roles) | A list of IAM role bindings to add to the aws-auth ConfigMap. | \u003cpre\u003elist(object({\u003cbr/\u003e    rolearn  = string\u003cbr/\u003e    username = string\u003cbr/\u003e    groups   = list(string)\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_metrics_server_helm_chart_name\"\u003e\u003c/a\u003e [metrics\\_server\\_helm\\_chart\\_name](#input\\_metrics\\_server\\_helm\\_chart\\_name) | The name of the helm release to install | `string` | `\"metrics-server\"` | no |\n| \u003ca name=\"input_metrics_server_helm_chart_repository\"\u003e\u003c/a\u003e [metrics\\_server\\_helm\\_chart\\_repository](#input\\_metrics\\_server\\_helm\\_chart\\_repository) | The repository containing the external-metrics helm chart. | `string` | `\"https://kubernetes-sigs.github.io/metrics-server\"` | no |\n| \u003ca name=\"input_metrics_server_helm_chart_version\"\u003e\u003c/a\u003e [metrics\\_server\\_helm\\_chart\\_version](#input\\_metrics\\_server\\_helm\\_chart\\_version) | Helm chart version for Metrics server | `string` | `\"3.8.2\"` | no |\n| \u003ca name=\"input_metrics_server_settings\"\u003e\u003c/a\u003e [metrics\\_server\\_settings](#input\\_metrics\\_server\\_settings) | Additional settings which will be passed to the Helm chart values, see https://github.com/external-secrets/kubernetes-external-secrets/tree/master/charts/kubernetes-external-secrets for available options. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_migration_mode\"\u003e\u003c/a\u003e [migration\\_mode](#input\\_migration\\_mode) | Whether to enable migration mode for the cluster. This is used to migrate details from existing security groups, which have had their names and description changed in versions v18.X of the community EKS module. | `bool` | `false` | no |\n| \u003ca name=\"input_migration_mode_node_sg_name\"\u003e\u003c/a\u003e [migration\\_mode\\_node\\_sg\\_name](#input\\_migration\\_mode\\_node\\_sg\\_name) | The name (not ID!) of the existing security group used by worker nodes. This is required when \"migration\\_mode\" is set to \"true\", otherwise the parent module will attempt to set a new security group name and destroy the existin one. | `string` | `null` | no |\n| \u003ca name=\"input_node_groups\"\u003e\u003c/a\u003e [node\\_groups](#input\\_node\\_groups) | Map of EKS managed node group definitions to create | `any` | `null` | no |\n| \u003ca name=\"input_node_pool_ami_id\"\u003e\u003c/a\u003e [node\\_pool\\_ami\\_id](#input\\_node\\_pool\\_ami\\_id) | The AMI ID to use for the EKS cluster nodes. Defaults to the latest EKS Optimized AMI provided by AWS. | `string` | `\"\"` | no |\n| \u003ca name=\"input_node_pool_azs\"\u003e\u003c/a\u003e [node\\_pool\\_azs](#input\\_node\\_pool\\_azs) | A list of availability zones to use for the EKS node group. If not set, the module will use the same availability zones with the cluster. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_node_pool_block_device_name\"\u003e\u003c/a\u003e [node\\_pool\\_block\\_device\\_name](#input\\_node\\_pool\\_block\\_device\\_name) | The name of the block device to use for the EKS cluster nodes. | `string` | `\"/dev/nvme0n1\"` | no |\n| \u003ca name=\"input_node_pool_desired_size\"\u003e\u003c/a\u003e [node\\_pool\\_desired\\_size](#input\\_node\\_pool\\_desired\\_size) | Desired number of worker nodes in the node pool. | `number` | `0` | no |\n| \u003ca name=\"input_node_pool_disk_iops\"\u003e\u003c/a\u003e [node\\_pool\\_disk\\_iops](#input\\_node\\_pool\\_disk\\_iops) | The amount of provisioned IOPS for the worker node root EBS volume. | `number` | `3000` | no |\n| \u003ca name=\"input_node_pool_disk_size\"\u003e\u003c/a\u003e [node\\_pool\\_disk\\_size](#input\\_node\\_pool\\_disk\\_size) | Disk size in GiB for worker nodes in the node pool. Defaults to 50. | `number` | `100` | no |\n| \u003ca name=\"input_node_pool_disk_type\"\u003e\u003c/a\u003e [node\\_pool\\_disk\\_type](#input\\_node\\_pool\\_disk\\_type) | Disk type for worker nodes in the node pool. Defaults to gp3. | `string` | `\"gp3\"` | no |\n| \u003ca name=\"input_node_pool_ebs_optimized\"\u003e\u003c/a\u003e [node\\_pool\\_ebs\\_optimized](#input\\_node\\_pool\\_ebs\\_optimized) | If true, the launched EC2 instance(s) will be EBS-optimized. Specify this if using a custom AMI with pre-user data. | `bool` | `true` | no |\n| \u003ca name=\"input_node_pool_instance_types\"\u003e\u003c/a\u003e [node\\_pool\\_instance\\_types](#input\\_node\\_pool\\_instance\\_types) | Set of instance types associated with the EKS Node Groups. Defaults to [\"m6i.large\", \"m6i.xlarge\", \"m6i.2xlarge\", \"m6i.4xlarge\", \"m6i.8xlarge\"], which will create empty node groups of each instance type to account for any workload configurable from StreamNative Cloud. | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"m6i.large\",\u003cbr/\u003e  \"m6i.xlarge\",\u003cbr/\u003e  \"m6i.2xlarge\",\u003cbr/\u003e  \"m6i.4xlarge\",\u003cbr/\u003e  \"m6i.8xlarge\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_node_pool_labels\"\u003e\u003c/a\u003e [node\\_pool\\_labels](#input\\_node\\_pool\\_labels) | A map of kubernetes labels to add to the node pool. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_pool_max_size\"\u003e\u003c/a\u003e [node\\_pool\\_max\\_size](#input\\_node\\_pool\\_max\\_size) | The maximum size of the node pool Autoscaling group. | `number` | n/a | yes |\n| \u003ca name=\"input_node_pool_min_size\"\u003e\u003c/a\u003e [node\\_pool\\_min\\_size](#input\\_node\\_pool\\_min\\_size) | The minimum size of the node pool AutoScaling group. | `number` | `0` | no |\n| \u003ca name=\"input_node_pool_pre_userdata\"\u003e\u003c/a\u003e [node\\_pool\\_pre\\_userdata](#input\\_node\\_pool\\_pre\\_userdata) | The user data to apply to the worker nodes in the node pool. This is applied before the bootstrap.sh script. | `string` | `\"\"` | no |\n| \u003ca name=\"input_node_pool_tags\"\u003e\u003c/a\u003e [node\\_pool\\_tags](#input\\_node\\_pool\\_tags) | A map of tags to add to the node groups and supporting resources. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_pool_taints\"\u003e\u003c/a\u003e [node\\_pool\\_taints](#input\\_node\\_pool\\_taints) | A list of taints in map format to apply to the node pool. | `any` | `{}` | no |\n| \u003ca name=\"input_node_security_group_additional_rules\"\u003e\u003c/a\u003e [node\\_security\\_group\\_additional\\_rules](#input\\_node\\_security\\_group\\_additional\\_rules) | Additional ingress rules to add to the node security group. Set source\\_cluster\\_security\\_group = true inside rules to set the cluster\\_security\\_group as source | `any` | `{}` | no |\n| \u003ca name=\"input_node_security_group_id\"\u003e\u003c/a\u003e [node\\_security\\_group\\_id](#input\\_node\\_security\\_group\\_id) | An ID of an existing security group to use for the EKS node groups. If not specified, a new security group will be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_node_termination_handler_chart_version\"\u003e\u003c/a\u003e [node\\_termination\\_handler\\_chart\\_version](#input\\_node\\_termination\\_handler\\_chart\\_version) | The version of the Helm chart to use for the AWS Node Termination Handler. | `string` | `\"0.18.5\"` | no |\n| \u003ca name=\"input_node_termination_handler_helm_chart_name\"\u003e\u003c/a\u003e [node\\_termination\\_handler\\_helm\\_chart\\_name](#input\\_node\\_termination\\_handler\\_helm\\_chart\\_name) | The name of the Helm chart to use for the AWS Node Termination Handler. | `string` | `\"aws-node-termination-handler\"` | no |\n| \u003ca name=\"input_node_termination_handler_helm_chart_repository\"\u003e\u003c/a\u003e [node\\_termination\\_handler\\_helm\\_chart\\_repository](#input\\_node\\_termination\\_handler\\_helm\\_chart\\_repository) | The repository containing the Helm chart to use for the AWS Node Termination Handler. | `string` | `\"https://aws.github.io/eks-charts\"` | no |\n| \u003ca name=\"input_node_termination_handler_settings\"\u003e\u003c/a\u003e [node\\_termination\\_handler\\_settings](#input\\_node\\_termination\\_handler\\_settings) | Additional settings which will be passed to the Helm chart values for the AWS Node Termination Handler. See https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller for available options. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_permissions_boundary_arn\"\u003e\u003c/a\u003e [permissions\\_boundary\\_arn](#input\\_permissions\\_boundary\\_arn) | If required, provide the ARN of the IAM permissions boundary to use for restricting StreamNative's vendor access. | `string` | `null` | no |\n| \u003ca name=\"input_private_subnet_ids\"\u003e\u003c/a\u003e [private\\_subnet\\_ids](#input\\_private\\_subnet\\_ids) | The ids of existing private subnets. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_public_subnet_ids\"\u003e\u003c/a\u003e [public\\_subnet\\_ids](#input\\_public\\_subnet\\_ids) | The ids of existing public subnets. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | The AWS region. | `string` | `null` | no |\n| \u003ca name=\"input_s3_encryption_kms_key_arn\"\u003e\u003c/a\u003e [s3\\_encryption\\_kms\\_key\\_arn](#input\\_s3\\_encryption\\_kms\\_key\\_arn) | KMS key ARN to use for S3 encryption. If not set, the default AWS S3 key will be used. | `string` | `\"\"` | no |\n| \u003ca name=\"input_service_domain\"\u003e\u003c/a\u003e [service\\_domain](#input\\_service\\_domain) | When Istio is enabled, the FQDN needed specifically for Istio's authorization policies. | `string` | `\"\"` | no |\n| \u003ca name=\"input_sncloud_services_iam_policy_arn\"\u003e\u003c/a\u003e [sncloud\\_services\\_iam\\_policy\\_arn](#input\\_sncloud\\_services\\_iam\\_policy\\_arn) | The IAM policy ARN to be used for all StreamNative Cloud Services that need to interact with AWS services external to EKS. This policy is typically created by StreamNative's \"terraform-managed-cloud\" module, as a seperate customer driven process for managing StreamNative's Vendor Access into AWS. If no policy ARN is provided, the module will default to the expected named policy of \"StreamNativeCloudRuntimePolicy\". This variable allows for flexibility in the event that the policy name changes, or if a custom policy provided by the customer is preferred. | `string` | `\"\"` | no |\n| \u003ca name=\"input_sncloud_services_lb_policy_arn\"\u003e\u003c/a\u003e [sncloud\\_services\\_lb\\_policy\\_arn](#input\\_sncloud\\_services\\_lb\\_policy\\_arn) | A custom IAM policy ARN for LB load balancer controller. This policy is typically created by StreamNative's \"terraform-managed-cloud\" module, as a seperate customer driven process for managing StreamNative's Vendor Access into AWS. If no policy ARN is provided, the module will default to the expected named policy of \"StreamNativeCloudLBPolicy\". This variable allows for flexibility in the event that the policy name changes, or if a custom policy provided by the customer is preferred. | `string` | `\"\"` | no |\n| \u003ca name=\"input_use_runtime_policy\"\u003e\u003c/a\u003e [use\\_runtime\\_policy](#input\\_use\\_runtime\\_policy) | Legacy variable, will be deprecated in future versions. The preference of this module is to have the parent EKS module create and manage the IAM role. However some older configurations may have had the cluster IAM role managed seperately, and this variable allows for backwards compatibility. | `bool` | `false` | no |\n| \u003ca name=\"input_v3_node_group_core_instance_type\"\u003e\u003c/a\u003e [v3\\_node\\_group\\_core\\_instance\\_type](#input\\_v3\\_node\\_group\\_core\\_instance\\_type) | The instance to use for the core node group | `string` | `\"m6i.large\"` | no |\n| \u003ca name=\"input_velero_backup_schedule\"\u003e\u003c/a\u003e [velero\\_backup\\_schedule](#input\\_velero\\_backup\\_schedule) | The scheduled time for Velero to perform backups. Written in cron expression, defaults to \"0 5 * * *\" or \"at 5:00am every day\" | `string` | `\"0 5 * * *\"` | no |\n| \u003ca name=\"input_velero_excluded_namespaces\"\u003e\u003c/a\u003e [velero\\_excluded\\_namespaces](#input\\_velero\\_excluded\\_namespaces) | A comma-separated list of namespaces to exclude from Velero backups. Defaults are set to [\"default\", \"kube-system\", \"operators\", \"olm\"]. | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"kube-system\",\u003cbr/\u003e  \"default\",\u003cbr/\u003e  \"operators\",\u003cbr/\u003e  \"olm\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_velero_helm_chart_name\"\u003e\u003c/a\u003e [velero\\_helm\\_chart\\_name](#input\\_velero\\_helm\\_chart\\_name) | The name of the Helm chart to use for Velero | `string` | `\"velero\"` | no |\n| \u003ca name=\"input_velero_helm_chart_repository\"\u003e\u003c/a\u003e [velero\\_helm\\_chart\\_repository](#input\\_velero\\_helm\\_chart\\_repository) | The repository containing the Helm chart to use for velero | `string` | `\"https://vmware-tanzu.github.io/helm-charts\"` | no |\n| \u003ca name=\"input_velero_helm_chart_version\"\u003e\u003c/a\u003e [velero\\_helm\\_chart\\_version](#input\\_velero\\_helm\\_chart\\_version) | The version of the Helm chart to use for Velero. The current version can be found in github: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero | `string` | `\"2.31.8\"` | no |\n| \u003ca name=\"input_velero_namespace\"\u003e\u003c/a\u003e [velero\\_namespace](#input\\_velero\\_namespace) | The kubernetes namespace where Velero should be deployed. | `string` | `\"velero\"` | no |\n| \u003ca name=\"input_velero_plugin_version\"\u003e\u003c/a\u003e [velero\\_plugin\\_version](#input\\_velero\\_plugin\\_version) | Which version of the velero-plugin-for-aws to use. | `string` | `\"v1.5.1\"` | no |\n| \u003ca name=\"input_velero_policy_arn\"\u003e\u003c/a\u003e [velero\\_policy\\_arn](#input\\_velero\\_policy\\_arn) | The arn for the IAM policy used by the Velero backup addon service. For enhanced security, we allow for IAM policies used by cluster addon services to be created seperately from this module. This is only required if the input \"create\\_iam\\_policy\\_for\\_velero\" is set to \"false\". If created elsewhere, the expected name of the policy is \"StreamNativeCloudVeleroBackupPolicy\". | `string` | `null` | no |\n| \u003ca name=\"input_velero_settings\"\u003e\u003c/a\u003e [velero\\_settings](#input\\_velero\\_settings) | Additional settings which will be passed to the Helm chart values for Velero. See https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero for available options | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | The ID of the AWS VPC to use. | `string` | `\"\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_aws_loadbalancer_arn\"\u003e\u003c/a\u003e [aws\\_loadbalancer\\_arn](#output\\_aws\\_loadbalancer\\_arn) | ARN for loadbalancer |\n| \u003ca name=\"output_cert_manager_arn\"\u003e\u003c/a\u003e [cert\\_manager\\_arn](#output\\_cert\\_manager\\_arn) | The ARN for Cert Manager |\n| \u003ca name=\"output_cluster_autoscaler_arn\"\u003e\u003c/a\u003e [cluster\\_autoscaler\\_arn](#output\\_cluster\\_autoscaler\\_arn) | ARN for Cluster Autoscaler |\n| \u003ca name=\"output_csi_arn\"\u003e\u003c/a\u003e [csi\\_arn](#output\\_csi\\_arn) | ARN for csi |\n| \u003ca name=\"output_eks\"\u003e\u003c/a\u003e [eks](#output\\_eks) | All outputs of module.eks for provide convenient approach to access child module's outputs. |\n| \u003ca name=\"output_eks_cluster_arn\"\u003e\u003c/a\u003e [eks\\_cluster\\_arn](#output\\_eks\\_cluster\\_arn) | The ARN for the EKS cluster created by this module |\n| \u003ca name=\"output_eks_cluster_certificate_authority_data\"\u003e\u003c/a\u003e [eks\\_cluster\\_certificate\\_authority\\_data](#output\\_eks\\_cluster\\_certificate\\_authority\\_data) | Base64 encoded certificate data required to communicate with the cluster |\n| \u003ca name=\"output_eks_cluster_endpoint\"\u003e\u003c/a\u003e [eks\\_cluster\\_endpoint](#output\\_eks\\_cluster\\_endpoint) | The endpoint for the EKS cluster created by this module |\n| \u003ca name=\"output_eks_cluster_identity_oidc_issuer_arn\"\u003e\u003c/a\u003e [eks\\_cluster\\_identity\\_oidc\\_issuer\\_arn](#output\\_eks\\_cluster\\_identity\\_oidc\\_issuer\\_arn) | The ARN for the OIDC issuer created by this module |\n| \u003ca name=\"output_eks_cluster_identity_oidc_issuer_string\"\u003e\u003c/a\u003e [eks\\_cluster\\_identity\\_oidc\\_issuer\\_string](#output\\_eks\\_cluster\\_identity\\_oidc\\_issuer\\_string) | A formatted string containing the prefix for the OIDC issuer created by this module. Same as \"cluster\\_oidc\\_issuer\\_url\", but with \"https://\" stripped from the name. This output is typically used in other StreamNative modules that request the \"oidc\\_issuer\" input. |\n| \u003ca name=\"output_eks_cluster_identity_oidc_issuer_url\"\u003e\u003c/a\u003e [eks\\_cluster\\_identity\\_oidc\\_issuer\\_url](#output\\_eks\\_cluster\\_identity\\_oidc\\_issuer\\_url) | The URL for the OIDC issuer created by this module |\n| \u003ca name=\"output_eks_cluster_name\"\u003e\u003c/a\u003e [eks\\_cluster\\_name](#output\\_eks\\_cluster\\_name) | The name of the EKS cluster created by this module |\n| \u003ca name=\"output_eks_cluster_platform_version\"\u003e\u003c/a\u003e [eks\\_cluster\\_platform\\_version](#output\\_eks\\_cluster\\_platform\\_version) | The platform version for the EKS cluster created by this module |\n| \u003ca name=\"output_eks_cluster_primary_security_group_id\"\u003e\u003c/a\u003e [eks\\_cluster\\_primary\\_security\\_group\\_id](#output\\_eks\\_cluster\\_primary\\_security\\_group\\_id) | The id of the primary security group created by the EKS service itself, not by this module. This is labeled \"Cluster Security Group\" in the EKS console. |\n| \u003ca name=\"output_eks_cluster_secondary_security_group_id\"\u003e\u003c/a\u003e [eks\\_cluster\\_secondary\\_security\\_group\\_id](#output\\_eks\\_cluster\\_secondary\\_security\\_group\\_id) | The id of the secondary security group created by this module. This is labled \"Additional Security Groups\" in the EKS console. |\n| \u003ca name=\"output_eks_node_group_iam_role_arn\"\u003e\u003c/a\u003e [eks\\_node\\_group\\_iam\\_role\\_arn](#output\\_eks\\_node\\_group\\_iam\\_role\\_arn) | The IAM Role ARN used by the Worker configuration |\n| \u003ca name=\"output_eks_node_group_security_group_id\"\u003e\u003c/a\u003e [eks\\_node\\_group\\_security\\_group\\_id](#output\\_eks\\_node\\_group\\_security\\_group\\_id) | Security group ID attached to the EKS node groups |\n| \u003ca name=\"output_eks_node_groups\"\u003e\u003c/a\u003e [eks\\_node\\_groups](#output\\_eks\\_node\\_groups) | Map of all attributes of the EKS node groups created by this module |\n| \u003ca name=\"output_external_dns_arn\"\u003e\u003c/a\u003e [external\\_dns\\_arn](#output\\_external\\_dns\\_arn) | The ARN for External DNS |\n| \u003ca name=\"output_inuse_azs\"\u003e\u003c/a\u003e [inuse\\_azs](#output\\_inuse\\_azs) | The availability zones in which the EKS nodes is deployed |\n| \u003ca name=\"output_tiered_storage_s3_bucket_arn\"\u003e\u003c/a\u003e [tiered\\_storage\\_s3\\_bucket\\_arn](#output\\_tiered\\_storage\\_s3\\_bucket\\_arn) | The ARN for the tiered storage S3 bucket created by this module |\n| \u003ca name=\"output_velero_arn\"\u003e\u003c/a\u003e [velero\\_arn](#output\\_velero\\_arn) | ARN for Velero |\n| \u003ca name=\"output_velero_s3_bucket_arn\"\u003e\u003c/a\u003e [velero\\_s3\\_bucket\\_arn](#output\\_velero\\_s3\\_bucket\\_arn) | The ARN for the Velero S3 bucket created by this module |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstreamnative%2Fterraform-aws-cloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstreamnative%2Fterraform-aws-cloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstreamnative%2Fterraform-aws-cloud/lists"}