{"id":13481925,"url":"https://github.com/terraform-aws-modules/terraform-aws-eks","last_synced_at":"2026-01-20T18:51:43.476Z","repository":{"id":37359243,"uuid":"136401408","full_name":"terraform-aws-modules/terraform-aws-eks","owner":"terraform-aws-modules","description":"Terraform module to create Amazon Elastic Kubernetes (EKS) resources πŸ‡ΊπŸ‡¦","archived":false,"fork":false,"pushed_at":"2025-04-23T13:09:43.000Z","size":3878,"stargazers_count":4672,"open_issues_count":15,"forks_count":4197,"subscribers_count":96,"default_branch":"master","last_synced_at":"2025-05-11T03:45:38.949Z","etag":null,"topics":["aws","aws-eks","aws-eks-cluster","eks","elastic-kubernetes-service","kubernetes","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/terraform-aws-modules/eks/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-aws-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["antonbabenko"],"custom":"https://www.paypal.me/antonbabenko"}},"created_at":"2018-06-07T00:43:18.000Z","updated_at":"2025-05-10T03:41:14.000Z","dependencies_parsed_at":"2024-01-03T02:26:43.952Z","dependency_job_id":"76c3d803-5ab8-4898-923c-c4e2c750a9b4","html_url":"https://github.com/terraform-aws-modules/terraform-aws-eks","commit_stats":{"total_commits":1032,"total_committers":376,"mean_commits":2.74468085106383,"dds":0.8391472868217054,"last_synced_commit":"7f219a678ee5712d4d7bed8881749e497130d549"},"previous_names":[],"tags_count":266,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-eks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-eks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-eks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-eks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-aws-modules","download_url":"https://codeload.github.com/terraform-aws-modules/terraform-aws-eks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253514555,"owners_count":21920334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-eks","aws-eks-cluster","eks","elastic-kubernetes-service","kubernetes","terraform","terraform-module"],"created_at":"2024-07-31T17:00:57.506Z","updated_at":"2026-01-20T18:51:43.435Z","avatar_url":"https://github.com/terraform-aws-modules.png","language":"HCL","funding_links":["https://github.com/sponsors/antonbabenko","https://www.paypal.me/antonbabenko"],"categories":["Community Modules","HCL","HarmonyOS","Repos","aws"],"sub_categories":["Miscellaneous","Windows Manager"],"readme":"# AWS EKS Terraform module\n\nTerraform module which creates Amazon EKS (Kubernetes) resources\n\n[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)\n\n## [Documentation](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs)\n\n- [Frequently Asked Questions](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/faq.md)\n- [Compute Resources](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/compute_resources.md)\n- [User Data](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/user_data.md)\n- [Network Connectivity](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/network_connectivity.md)\n- Upgrade Guides\n - [Upgrade to v17.x](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-17.0.md)\n - [Upgrade to v18.x](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-18.0.md)\n - [Upgrade to v19.x](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-19.0.md)\n - [Upgrade to v20.x](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-20.0.md)\n - [Upgrade to v21.x](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-21.0.md)\n\n\u003c!-- markdownlint-disable no-inline-html --\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://aws-experience.com/emea/smb/events/series/get-hands-on-with-amazon-eks?trk=b70b2d1a-56d6-4834-9913-2e70f5c3ae3c\u0026sc_channel=el\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-eks/master/docs/assets/aws-eks-workshop-830.png\" alt=\"Register for an AWS hosted workshop: Click to view the full schedule of free workshops, from core concepts to advanced use cases\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n### External Documentation\n\nPlease note that we strive to provide a comprehensive suite of documentation for __*configuring and utilizing the module(s)*__ defined here, and that documentation regarding EKS (including EKS managed node group, self managed node group, and Fargate profile) and/or Kubernetes features, usage, etc. are better left up to their respective sources:\n\n- [AWS EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html)\n- [Kubernetes Documentation](https://kubernetes.io/docs/home/)\n\n## Usage\n\n### EKS Auto Mode\n\n\u003e [!CAUTION]\n\u003e Due to the current EKS Auto Mode API, to disable EKS Auto Mode you will have to explicity set:\n\u003e\n\u003e```hcl\n\u003ecompute_config = {\n\u003e enabled = false\n\u003e }\n\u003e```\n\u003e\n\u003e If you try to disable by simply removing the `compute_config` block, this will fail to disable EKS Auto Mode. Only after applying with `enabled = false` can you then remove the `compute_config` block from your configurations.\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n name = \"example\"\n kubernetes_version = \"1.33\"\n\n # Optional\n endpoint_public_access = true\n\n # Optional: Adds the current caller identity as an administrator via cluster access entry\n enable_cluster_creator_admin_permissions = true\n\n compute_config = {\n enabled = true\n node_pools = [\"general-purpose\"]\n }\n\n vpc_id = \"vpc-1234556abcdef\"\n subnet_ids = [\"subnet-abcde012\", \"subnet-bcde012a\", \"subnet-fghi345a\"]\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n```\n\n### EKS Auto Mode - Custom Node Pools Only\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n name = \"example\"\n kubernetes_version = \"1.33\"\n\n # Optional\n endpoint_public_access = true\n\n # Optional: Adds the current caller identity as an administrator via cluster access entry\n enable_cluster_creator_admin_permissions = true\n\n # Create just the IAM resources for EKS Auto Mode for use with custom node pools\n create_auto_mode_iam_resources = true\n compute_config = {\n enabled = true\n }\n\n vpc_id = \"vpc-1234556abcdef\"\n subnet_ids = [\"subnet-abcde012\", \"subnet-bcde012a\", \"subnet-fghi345a\"]\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n```\n\n### EKS Provisioned Control Plane\n\nEKS Provisioned Control Plane allows you to provision a control plane with increased capacity for larger workloads. Valid tier values are `standard`, `tier-xl`, `tier-2xl`, and `tier-4xl`.\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n name = \"my-cluster\"\n kubernetes_version = \"1.33\"\n\n # Optional\n endpoint_public_access = true\n\n # Optional: Adds the current caller identity as an administrator via cluster access entry\n enable_cluster_creator_admin_permissions = true\n\n # EKS Provisioned Control Plane configuration\n control_plane_scaling_config = {\n tier = \"tier-xl\"\n }\n\n vpc_id = \"vpc-1234556abcdef\"\n subnet_ids = [\"subnet-abcde012\", \"subnet-bcde012a\", \"subnet-fghi345a\"]\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n```\n\n### EKS Managed Node Group\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n name = \"my-cluster\"\n kubernetes_version = \"1.33\"\n\n addons = {\n coredns = {}\n eks-pod-identity-agent = {\n before_compute = true\n }\n kube-proxy = {}\n vpc-cni = {\n before_compute = true\n }\n }\n\n # Optional\n endpoint_public_access = true\n\n # Optional: Adds the current caller identity as an administrator via cluster access entry\n enable_cluster_creator_admin_permissions = true\n\n vpc_id = \"vpc-1234556abcdef\"\n subnet_ids = [\"subnet-abcde012\", \"subnet-bcde012a\", \"subnet-fghi345a\"]\n control_plane_subnet_ids = [\"subnet-xyzde987\", \"subnet-slkjf456\", \"subnet-qeiru789\"]\n\n # EKS Managed Node Group(s)\n eks_managed_node_groups = {\n example = {\n # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups\n ami_type = \"AL2023_x86_64_STANDARD\"\n instance_types = [\"m5.xlarge\"]\n\n min_size = 2\n max_size = 10\n desired_size = 2\n }\n }\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n```\n\n### Cluster Access Entry\n\nWhen enabling `authentication_mode = \"API_AND_CONFIG_MAP\"`, EKS will automatically create an access entry for the IAM role(s) used by managed node group(s) and Fargate profile(s). There are no additional actions required by users. For self-managed node groups and the Karpenter sub-module, this project automatically adds the access entry on behalf of users so there are no additional actions required by users.\n\nOn clusters that were created prior to cluster access management (CAM) support, there will be an existing access entry for the cluster creator. This was previously not visible when using `aws-auth` ConfigMap, but will become visible when access entry is enabled.\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n # Truncated for brevity ...\n\n access_entries = {\n # One access entry with a policy associated\n example = {\n principal_arn = \"arn:aws:iam::123456789012:role/something\"\n\n policy_associations = {\n example = {\n policy_arn = \"arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy\"\n access_scope = {\n namespaces = [\"default\"]\n type = \"namespace\"\n }\n }\n }\n }\n }\n}\n```\n\n### EKS Hybrid Nodes\n\n```hcl\nlocals {\n # RFC 1918 IP ranges supported\n remote_network_cidr = \"172.16.0.0/16\"\n remote_node_cidr = cidrsubnet(local.remote_network_cidr, 2, 0)\n remote_pod_cidr = cidrsubnet(local.remote_network_cidr, 2, 1)\n}\n\n# SSM and IAM Roles Anywhere supported - SSM is default\nmodule \"eks_hybrid_node_role\" {\n source = \"terraform-aws-modules/eks/aws//modules/hybrid-node-role\"\n version = \"~\u003e 21.0\"\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n name = \"example\"\n kubernetes_version = \"1.33\"\n\n addons = {\n coredns = {}\n eks-pod-identity-agent = {}\n kube-proxy = {}\n }\n\n # Optional\n endpoint_public_access = true\n\n # Optional: Adds the current caller identity as an administrator via cluster access entry\n enable_cluster_creator_admin_permissions = true\n\n create_node_security_group = false\n security_group_additional_rules = {\n hybrid-all = {\n cidr_blocks = [local.remote_network_cidr]\n description = \"Allow all traffic from remote node/pod network\"\n from_port = 0\n to_port = 0\n protocol = \"all\"\n type = \"ingress\"\n }\n }\n\n # Optional\n compute_config = {\n enabled = true\n node_pools = [\"system\"]\n }\n\n access_entries = {\n hybrid-node-role = {\n principal_arn = module.eks_hybrid_node_role.arn\n type = \"HYBRID_LINUX\"\n }\n }\n\n vpc_id = \"vpc-1234556abcdef\"\n subnet_ids = [\"subnet-abcde012\", \"subnet-bcde012a\", \"subnet-fghi345a\"]\n\n remote_network_config = {\n remote_node_networks = {\n cidrs = [local.remote_node_cidr]\n }\n # Required if running webhooks on Hybrid nodes\n remote_pod_networks = {\n cidrs = [local.remote_pod_cidr]\n }\n }\n\n tags = {\n Environment = \"dev\"\n Terraform = \"true\"\n }\n}\n```\n\n### Bootstrap Cluster Creator Admin Permissions\n\nSetting the `bootstrap_cluster_creator_admin_permissions` is a one time operation when the cluster is created; it cannot be modified later through the EKS API. In this project we are hardcoding this to `false`. If users wish to achieve the same functionality, we will do that through an access entry which can be enabled or disabled at any time of their choosing using the variable `enable_cluster_creator_admin_permissions`\n\n### Enabling EFA Support\n\nWhen enabling EFA support via `enable_efa_support = true`, there are two locations this can be specified - one at the cluster level, and one at the node group level. Enabling at the cluster level will add the EFA required ingress/egress rules to the shared security group created for the node group(s). Enabling at the node group level will do the following (per node group where enabled):\n\n1. All EFA interfaces supported by the instance will be exposed on the launch template used by the node group\n2. A placement group with `strategy = \"clustered\"` per EFA requirements is created and passed to the launch template used by the node group\n3. Data sources will reverse lookup the availability zones that support the instance type selected based on the subnets provided, ensuring that only the associated subnets are passed to the launch template and therefore used by the placement group. This avoids the placement group being created in an availability zone that does not support the instance type selected.\n\n\u003e [!TIP]\n\u003e Use the [aws-efa-k8s-device-plugin](https://github.com/aws/eks-charts/tree/master/stable/aws-efa-k8s-device-plugin) Helm chart to expose the EFA interfaces on the nodes as an extended resource, and allow pods to request the interfaces be mounted to their containers.\n\u003e\n\u003e The EKS AL2 GPU AMI comes with the necessary EFA components pre-installed - you just need to expose the EFA devices on the nodes via their launch templates, ensure the required EFA security group rules are in place, and deploy the `aws-efa-k8s-device-plugin` in order to start utilizing EFA within your cluster. Your application container will need to have the necessary libraries and runtime in order to utilize communication over the EFA interfaces (NCCL, aws-ofi-nccl, hwloc, libfabric, aws-neuornx-collectives, CUDA, etc.).\n\nIf you disable the creation and use of the managed node group custom launch template (`create_launch_template = false` and/or `use_custom_launch_template = false`), this will interfere with the EFA functionality provided. In addition, if you do not supply an `instance_type` for self-managed node group(s), or `instance_types` for the managed node group(s), this will also interfere with the functionality. In order to support the EFA functionality provided by `enable_efa_support = true`, you must utilize the custom launch template created/provided by this module, and supply an `instance_type`/`instance_types` for the respective node group.\n\nThe logic behind supporting EFA uses a data source to lookup the instance type to retrieve the number of interfaces that the instance supports in order to enumerate and expose those interfaces on the launch template created. For managed node groups where a list of instance types are supported, the first instance type in the list is used to calculate the number of EFA interfaces supported. Mixing instance types with varying number of interfaces is not recommended for EFA (or in some cases, mixing instance types is not supported - i.e. - p5.48xlarge and p4d.24xlarge). In addition to exposing the EFA interfaces and updating the security group rules, a placement group is created per the EFA requirements and only the availability zones that support the instance type selected are used in the subnets provided to the node group.\n\nIn order to enable EFA support, you will have to specify `enable_efa_support = true` on both the cluster and each node group that you wish to enable EFA support for:\n\n```hcl\nmodule \"eks\" {\n source = \"terraform-aws-modules/eks/aws\"\n version = \"~\u003e 21.0\"\n\n # Truncated for brevity ...\n\n # Adds the EFA required security group rules to the shared\n # security group created for the node group(s)\n enable_efa_support = true\n\n eks_managed_node_groups = {\n example = {\n # The EKS AL2023 NVIDIA AMI provides all of the necessary components\n # for accelerated workloads w/ EFA\n ami_type = \"AL2023_x86_64_NVIDIA\"\n instance_types = [\"p5.48xlarge\"]\n\n # Exposes all EFA interfaces on the launch template created by the node group(s)\n # This would expose all 32 EFA interfaces for the p5.48xlarge instance type\n enable_efa_support = true\n\n # Mount instance store volumes in RAID-0 for kubelet and containerd\n # https://github.com/awslabs/amazon-eks-ami/blob/master/doc/USER_GUIDE.md#raid-0-for-kubelet-and-containerd-raid0\n cloudinit_pre_nodeadm = [\n {\n content_type = \"application/node.eks.aws\"\n content = \u003c\u003c-EOT\n ---\n apiVersion: node.eks.aws/v1alpha1\n kind: NodeConfig\n spec:\n instance:\n localStorage:\n strategy: RAID0\n EOT\n }\n ]\n\n # EFA should only be enabled when connecting 2 or more nodes\n # Do not use EFA on a single node workload\n min_size = 2\n max_size = 10\n desired_size = 2\n }\n }\n}\n```\n\n## Examples\n\n- [EKS Auto Mode](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-auto-mode): EKS Cluster with EKS Auto Mode\n- [EKS Capabilities](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-capabilities): EKS Cluster with EKS Capabilities\n- [EKS Hybrid Nodes](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-hybrid-nodes): EKS Cluster with EKS Hybrid nodes\n- [EKS Managed Node Group](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-managed-node-group): EKS Cluster with EKS managed node group(s)\n- [Karpenter](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/karpenter): EKS Cluster with [Karpenter](https://karpenter.sh/) provisioned for intelligent data plane management\n- [Self Managed Node Group](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/self-managed-node-group): EKS Cluster with self-managed node group(s)\n\n## Contributing\n\nWe are grateful to the community for contributing bugfixes and improvements! Please see below to learn how you can take part.\n\n- [Code of Conduct](https://github.com/terraform-aws-modules/.github/blob/master/CODE_OF_CONDUCT.md)\n- [Contributing Guide](https://github.com/terraform-aws-modules/.github/blob/master/CONTRIBUTING.md)\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5.7 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 6.28 |\n| \u003ca name=\"requirement_time\"\u003e\u003c/a\u003e [time](#requirement\\_time) | \u003e= 0.9 |\n| \u003ca name=\"requirement_tls\"\u003e\u003c/a\u003e [tls](#requirement\\_tls) | \u003e= 4.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 6.28 |\n| \u003ca name=\"provider_time\"\u003e\u003c/a\u003e [time](#provider\\_time) | \u003e= 0.9 |\n| \u003ca name=\"provider_tls\"\u003e\u003c/a\u003e [tls](#provider\\_tls) | \u003e= 4.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_eks_managed_node_group\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_group](#module\\_eks\\_managed\\_node\\_group) | ./modules/eks-managed-node-group | n/a |\n| \u003ca name=\"module_fargate_profile\"\u003e\u003c/a\u003e [fargate\\_profile](#module\\_fargate\\_profile) | ./modules/fargate-profile | n/a |\n| \u003ca name=\"module_kms\"\u003e\u003c/a\u003e [kms](#module\\_kms) | terraform-aws-modules/kms/aws | 4.0.0 |\n| \u003ca name=\"module_self_managed_node_group\"\u003e\u003c/a\u003e [self\\_managed\\_node\\_group](#module\\_self\\_managed\\_node\\_group) | ./modules/self-managed-node-group | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_ec2_tag.cluster_primary_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |\n| [aws_eks_access_entry.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_entry) | resource |\n| [aws_eks_access_policy_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_policy_association) | resource |\n| [aws_eks_addon.before_compute](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_eks_addon.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource |\n| [aws_eks_identity_provider_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_identity_provider_config) | resource |\n| [aws_iam_openid_connect_provider.oidc_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |\n| [aws_iam_policy.cluster_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.eks_auto](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.cluster_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.eks_auto](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.eks_auto_additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_security_group.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group.node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |\n| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.node_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [tls_certificate.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_access_entries\"\u003e\u003c/a\u003e [access\\_entries](#input\\_access\\_entries) | Map of access entries to add to the cluster | \u003cpre\u003emap(object({\u003cbr/\u003e # Access entry\u003cbr/\u003e kubernetes_groups = optional(list(string))\u003cbr/\u003e principal_arn = string\u003cbr/\u003e type = optional(string, \"STANDARD\")\u003cbr/\u003e user_name = optional(string)\u003cbr/\u003e tags = optional(map(string), {})\u003cbr/\u003e # Access policy association\u003cbr/\u003e policy_associations = optional(map(object({\u003cbr/\u003e policy_arn = string\u003cbr/\u003e access_scope = object({\u003cbr/\u003e namespaces = optional(list(string))\u003cbr/\u003e type = string\u003cbr/\u003e })\u003cbr/\u003e })), {})\u003cbr/\u003e }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_additional_security_group_ids\"\u003e\u003c/a\u003e [additional\\_security\\_group\\_ids](#input\\_additional\\_security\\_group\\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |\n| \u003ca name=\"input_addons\"\u003e\u003c/a\u003e [addons](#input\\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | \u003cpre\u003emap(object({\u003cbr/\u003e name = optional(string) # will fall back to map key\u003cbr/\u003e before_compute = optional(bool, false)\u003cbr/\u003e most_recent = optional(bool, true)\u003cbr/\u003e addon_version = optional(string)\u003cbr/\u003e configuration_values = optional(string)\u003cbr/\u003e pod_identity_association = optional(list(object({\u003cbr/\u003e role_arn = string\u003cbr/\u003e service_account = string\u003cbr/\u003e })))\u003cbr/\u003e preserve = optional(bool, true)\u003cbr/\u003e resolve_conflicts_on_create = optional(string, \"NONE\")\u003cbr/\u003e resolve_conflicts_on_update = optional(string, \"OVERWRITE\")\u003cbr/\u003e service_account_role_arn = optional(string)\u003cbr/\u003e timeouts = optional(object({\u003cbr/\u003e create = optional(string)\u003cbr/\u003e update = optional(string)\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e }), {})\u003cbr/\u003e tags = optional(map(string), {})\u003cbr/\u003e }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_addons_timeouts\"\u003e\u003c/a\u003e [addons\\_timeouts](#input\\_addons\\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | \u003cpre\u003eobject({\u003cbr/\u003e create = optional(string)\u003cbr/\u003e update = optional(string)\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e })\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_attach_encryption_policy\"\u003e\u003c/a\u003e [attach\\_encryption\\_policy](#input\\_attach\\_encryption\\_policy) | Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | `bool` | `true` | no |\n| \u003ca name=\"input_authentication_mode\"\u003e\u003c/a\u003e [authentication\\_mode](#input\\_authentication\\_mode) | The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP` | `string` | `\"API_AND_CONFIG_MAP\"` | no |\n| \u003ca name=\"input_cloudwatch_log_group_class\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_class](#input\\_cloudwatch\\_log\\_group\\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_log_group_kms_key_id\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_kms\\_key\\_id](#input\\_cloudwatch\\_log\\_group\\_kms\\_key\\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | Number of days to retain log events. Default retention - 90 days | `number` | `90` | no |\n| \u003ca name=\"input_cloudwatch_log_group_tags\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_tags](#input\\_cloudwatch\\_log\\_group\\_tags) | A map of additional tags to add to the cloudwatch log group created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_tags\"\u003e\u003c/a\u003e [cluster\\_tags](#input\\_cluster\\_tags) | A map of additional tags to add to the cluster | `map(string)` | `{}` | no |\n| \u003ca name=\"input_compute_config\"\u003e\u003c/a\u003e [compute\\_config](#input\\_compute\\_config) | Configuration block for the cluster compute configuration | \u003cpre\u003eobject({\u003cbr/\u003e enabled = optional(bool, false)\u003cbr/\u003e node_pools = optional(list(string))\u003cbr/\u003e node_role_arn = optional(string)\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_control_plane_scaling_config\"\u003e\u003c/a\u003e [control\\_plane\\_scaling\\_config](#input\\_control\\_plane\\_scaling\\_config) | Configuration block for the EKS Provisioned Control Plane scaling tier. Valid values for tier are `standard`, `tier-xl`, `tier-2xl`, and `tier-4xl` | \u003cpre\u003eobject({\u003cbr/\u003e tier = string\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_control_plane_subnet_ids\"\u003e\u003c/a\u003e [control\\_plane\\_subnet\\_ids](#input\\_control\\_plane\\_subnet\\_ids) | A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane | `list(string)` | `[]` | no |\n| \u003ca name=\"input_create\"\u003e\u003c/a\u003e [create](#input\\_create) | Controls if resources should be created (affects nearly all resources) | `bool` | `true` | no |\n| \u003ca name=\"input_create_auto_mode_iam_resources\"\u003e\u003c/a\u003e [create\\_auto\\_mode\\_iam\\_resources](#input\\_create\\_auto\\_mode\\_iam\\_resources) | Determines whether to create/attach IAM resources for EKS Auto Mode. Useful for when using only custom node pools and not built-in EKS Auto Mode node pools | `bool` | `false` | no |\n| \u003ca name=\"input_create_cloudwatch_log_group\"\u003e\u003c/a\u003e [create\\_cloudwatch\\_log\\_group](#input\\_create\\_cloudwatch\\_log\\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |\n| \u003ca name=\"input_create_cni_ipv6_iam_policy\"\u003e\u003c/a\u003e [create\\_cni\\_ipv6\\_iam\\_policy](#input\\_create\\_cni\\_ipv6\\_iam\\_policy) | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | `bool` | `false` | no |\n| \u003ca name=\"input_create_iam_role\"\u003e\u003c/a\u003e [create\\_iam\\_role](#input\\_create\\_iam\\_role) | Determines whether an IAM role is created for the cluster | `bool` | `true` | no |\n| \u003ca name=\"input_create_kms_key\"\u003e\u003c/a\u003e [create\\_kms\\_key](#input\\_create\\_kms\\_key) | Controls if a KMS key for cluster encryption should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_iam_role\"\u003e\u003c/a\u003e [create\\_node\\_iam\\_role](#input\\_create\\_node\\_iam\\_role) | Determines whether an EKS Auto node IAM role is created | `bool` | `true` | no |\n| \u003ca name=\"input_create_node_security_group\"\u003e\u003c/a\u003e [create\\_node\\_security\\_group](#input\\_create\\_node\\_security\\_group) | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | `bool` | `true` | no |\n| \u003ca name=\"input_create_primary_security_group_tags\"\u003e\u003c/a\u003e [create\\_primary\\_security\\_group\\_tags](#input\\_create\\_primary\\_security\\_group\\_tags) | Indicates whether or not to tag the cluster's primary security group. This security group is created by the EKS service, not the module, and therefore tagging is handled after cluster creation | `bool` | `true` | no |\n| \u003ca name=\"input_create_security_group\"\u003e\u003c/a\u003e [create\\_security\\_group](#input\\_create\\_security\\_group) | Determines if a security group is created for the cluster. Note: the EKS service creates a primary security group for the cluster by default | `bool` | `true` | no |\n| \u003ca name=\"input_custom_oidc_thumbprints\"\u003e\u003c/a\u003e [custom\\_oidc\\_thumbprints](#input\\_custom\\_oidc\\_thumbprints) | Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_dataplane_wait_duration\"\u003e\u003c/a\u003e [dataplane\\_wait\\_duration](#input\\_dataplane\\_wait\\_duration) | Duration to wait after the EKS cluster has become active before creating the dataplane components (EKS managed node group(s), self-managed node group(s), Fargate profile(s)) | `string` | `\"30s\"` | no |\n| \u003ca name=\"input_deletion_protection\"\u003e\u003c/a\u003e [deletion\\_protection](#input\\_deletion\\_protection) | Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled | `bool` | `null` | no |\n| \u003ca name=\"input_eks_managed_node_groups\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_groups](#input\\_eks\\_managed\\_node\\_groups) | Map of EKS managed node group definitions to create | \u003cpre\u003emap(object({\u003cbr/\u003e create = optional(bool)\u003cbr/\u003e kubernetes_version = optional(string)\u003cbr/\u003e\u003cbr/\u003e # EKS Managed Node Group\u003cbr/\u003e name = optional(string) # Will fall back to map key\u003cbr/\u003e use_name_prefix = optional(bool)\u003cbr/\u003e subnet_ids = optional(list(string))\u003cbr/\u003e min_size = optional(number)\u003cbr/\u003e max_size = optional(number)\u003cbr/\u003e desired_size = optional(number)\u003cbr/\u003e ami_id = optional(string)\u003cbr/\u003e ami_type = optional(string)\u003cbr/\u003e ami_release_version = optional(string)\u003cbr/\u003e use_latest_ami_release_version = optional(bool)\u003cbr/\u003e capacity_type = optional(string)\u003cbr/\u003e disk_size = optional(number)\u003cbr/\u003e force_update_version = optional(bool)\u003cbr/\u003e instance_types = optional(list(string))\u003cbr/\u003e labels = optional(map(string))\u003cbr/\u003e node_repair_config = optional(object({\u003cbr/\u003e enabled = optional(bool)\u003cbr/\u003e max_parallel_nodes_repaired_count = optional(number)\u003cbr/\u003e max_parallel_nodes_repaired_percentage = optional(number)\u003cbr/\u003e max_unhealthy_node_threshold_count = optional(number)\u003cbr/\u003e max_unhealthy_node_threshold_percentage = optional(number)\u003cbr/\u003e node_repair_config_overrides = optional(list(object({\u003cbr/\u003e min_repair_wait_time_mins = number\u003cbr/\u003e node_monitoring_condition = string\u003cbr/\u003e node_unhealthy_reason = string\u003cbr/\u003e repair_action = string\u003cbr/\u003e })))\u003cbr/\u003e }))\u003cbr/\u003e remote_access = optional(object({\u003cbr/\u003e ec2_ssh_key = optional(string)\u003cbr/\u003e source_security_group_ids = optional(list(string))\u003cbr/\u003e }))\u003cbr/\u003e taints = optional(map(object({\u003cbr/\u003e key = string\u003cbr/\u003e value = optional(string)\u003cbr/\u003e effect = string\u003cbr/\u003e })))\u003cbr/\u003e update_config = optional(object({\u003cbr/\u003e max_unavailable = optional(number)\u003cbr/\u003e max_unavailable_percentage = optional(number)\u003cbr/\u003e update_strategy = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e timeouts = optional(object({\u003cbr/\u003e create = optional(string)\u003cbr/\u003e update = optional(string)\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e # User data\u003cbr/\u003e enable_bootstrap_user_data = optional(bool)\u003cbr/\u003e pre_bootstrap_user_data = optional(string)\u003cbr/\u003e post_bootstrap_user_data = optional(string)\u003cbr/\u003e bootstrap_extra_args = optional(string)\u003cbr/\u003e user_data_template_path = optional(string)\u003cbr/\u003e cloudinit_pre_nodeadm = optional(list(object({\u003cbr/\u003e content = string\u003cbr/\u003e content_type = optional(string)\u003cbr/\u003e filename = optional(string)\u003cbr/\u003e merge_type = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e cloudinit_post_nodeadm = optional(list(object({\u003cbr/\u003e content = string\u003cbr/\u003e content_type = optional(string)\u003cbr/\u003e filename = optional(string)\u003cbr/\u003e merge_type = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e # Launch Template\u003cbr/\u003e create_launch_template = optional(bool)\u003cbr/\u003e use_custom_launch_template = optional(bool)\u003cbr/\u003e launch_template_id = optional(string)\u003cbr/\u003e launch_template_name = optional(string) # Will fall back to map key\u003cbr/\u003e launch_template_use_name_prefix = optional(bool)\u003cbr/\u003e launch_template_version = optional(string)\u003cbr/\u003e launch_template_default_version = optional(string)\u003cbr/\u003e update_launch_template_default_version = optional(bool)\u003cbr/\u003e launch_template_description = optional(string)\u003cbr/\u003e launch_template_tags = optional(map(string))\u003cbr/\u003e tag_specifications = optional(list(string))\u003cbr/\u003e ebs_optimized = optional(bool)\u003cbr/\u003e key_name = optional(string)\u003cbr/\u003e disable_api_termination = optional(bool)\u003cbr/\u003e kernel_id = optional(string)\u003cbr/\u003e ram_disk_id = optional(string)\u003cbr/\u003e block_device_mappings = optional(map(object({\u003cbr/\u003e device_name = optional(string)\u003cbr/\u003e ebs = optional(object({\u003cbr/\u003e delete_on_termination = optional(bool)\u003cbr/\u003e encrypted = optional(bool)\u003cbr/\u003e iops = optional(number)\u003cbr/\u003e kms_key_id = optional(string)\u003cbr/\u003e snapshot_id = optional(string)\u003cbr/\u003e throughput = optional(number)\u003cbr/\u003e volume_initialization_rate = optional(number)\u003cbr/\u003e volume_size = optional(number)\u003cbr/\u003e volume_type = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e no_device = optional(string)\u003cbr/\u003e virtual_name = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e capacity_reservation_specification = optional(object({\u003cbr/\u003e capacity_reservation_preference = optional(string)\u003cbr/\u003e capacity_reservation_target = optional(object({\u003cbr/\u003e capacity_reservation_id = optional(string)\u003cbr/\u003e capacity_reservation_resource_group_arn = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e cpu_options = optional(object({\u003cbr/\u003e amd_sev_snp = optional(string)\u003cbr/\u003e core_count = optional(number)\u003cbr/\u003e threads_per_core = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e credit_specification = optional(object({\u003cbr/\u003e cpu_credits = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e enclave_options = optional(object({\u003cbr/\u003e enabled = optional(bool)\u003cbr/\u003e }))\u003cbr/\u003e instance_market_options = optional(object({\u003cbr/\u003e market_type = optional(string)\u003cbr/\u003e spot_options = optional(object({\u003cbr/\u003e block_duration_minutes = optional(number)\u003cbr/\u003e instance_interruption_behavior = optional(string)\u003cbr/\u003e max_price = optional(string)\u003cbr/\u003e spot_instance_type = optional(string)\u003cbr/\u003e valid_until = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e license_specifications = optional(list(object({\u003cbr/\u003e license_configuration_arn = string\u003cbr/\u003e })))\u003cbr/\u003e metadata_options = optional(object({\u003cbr/\u003e http_endpoint = optional(string)\u003cbr/\u003e http_protocol_ipv6 = optional(string)\u003cbr/\u003e http_put_response_hop_limit = optional(number)\u003cbr/\u003e http_tokens = optional(string)\u003cbr/\u003e instance_metadata_tags = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e enable_monitoring = optional(bool)\u003cbr/\u003e enable_efa_support = optional(bool)\u003cbr/\u003e enable_efa_only = optional(bool)\u003cbr/\u003e efa_indices = optional(list(string))\u003cbr/\u003e create_placement_group = optional(bool)\u003cbr/\u003e placement = optional(object({\u003cbr/\u003e affinity = optional(string)\u003cbr/\u003e availability_zone = optional(string)\u003cbr/\u003e group_name = optional(string)\u003cbr/\u003e host_id = optional(string)\u003cbr/\u003e host_resource_group_arn = optional(string)\u003cbr/\u003e partition_number = optional(number)\u003cbr/\u003e spread_domain = optional(string)\u003cbr/\u003e tenancy = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e network_interfaces = optional(list(object({\u003cbr/\u003e associate_carrier_ip_address = optional(bool)\u003cbr/\u003e associate_public_ip_address = optional(bool)\u003cbr/\u003e connection_tracking_specification = optional(object({\u003cbr/\u003e tcp_established_timeout = optional(number)\u003cbr/\u003e udp_stream_timeout = optional(number)\u003cbr/\u003e udp_timeout = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e delete_on_termination = optional(bool)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e device_index = optional(number)\u003cbr/\u003e ena_srd_specification = optional(object({\u003cbr/\u003e ena_srd_enabled = optional(bool)\u003cbr/\u003e ena_srd_udp_specification = optional(object({\u003cbr/\u003e ena_srd_udp_enabled = optional(bool)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e interface_type = optional(string)\u003cbr/\u003e ipv4_address_count = optional(number)\u003cbr/\u003e ipv4_addresses = optional(list(string))\u003cbr/\u003e ipv4_prefix_count = optional(number)\u003cbr/\u003e ipv4_prefixes = optional(list(string))\u003cbr/\u003e ipv6_address_count = optional(number)\u003cbr/\u003e ipv6_addresses = optional(list(string))\u003cbr/\u003e ipv6_prefix_count = optional(number)\u003cbr/\u003e ipv6_prefixes = optional(list(string))\u003cbr/\u003e network_card_index = optional(number)\u003cbr/\u003e network_interface_id = optional(string)\u003cbr/\u003e primary_ipv6 = optional(bool)\u003cbr/\u003e private_ip_address = optional(string)\u003cbr/\u003e security_groups = optional(list(string), [])\u003cbr/\u003e subnet_id = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e maintenance_options = optional(object({\u003cbr/\u003e auto_recovery = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e private_dns_name_options = optional(object({\u003cbr/\u003e enable_resource_name_dns_aaaa_record = optional(bool)\u003cbr/\u003e enable_resource_name_dns_a_record = optional(bool)\u003cbr/\u003e hostname_type = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e # IAM role\u003cbr/\u003e create_iam_role = optional(bool)\u003cbr/\u003e iam_role_arn = optional(string)\u003cbr/\u003e iam_role_name = optional(string)\u003cbr/\u003e iam_role_use_name_prefix = optional(bool)\u003cbr/\u003e iam_role_path = optional(string)\u003cbr/\u003e iam_role_description = optional(string)\u003cbr/\u003e iam_role_permissions_boundary = optional(string)\u003cbr/\u003e iam_role_tags = optional(map(string))\u003cbr/\u003e iam_role_attach_cni_policy = optional(bool)\u003cbr/\u003e iam_role_additional_policies = optional(map(string))\u003cbr/\u003e create_iam_role_policy = optional(bool)\u003cbr/\u003e iam_role_policy_statements = optional(list(object({\u003cbr/\u003e sid = optional(string)\u003cbr/\u003e actions = optional(list(string))\u003cbr/\u003e not_actions = optional(list(string))\u003cbr/\u003e effect = optional(string)\u003cbr/\u003e resources = optional(list(string))\u003cbr/\u003e not_resources = optional(list(string))\u003cbr/\u003e principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e not_principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e condition = optional(list(object({\u003cbr/\u003e test = string\u003cbr/\u003e values = list(string)\u003cbr/\u003e variable = string\u003cbr/\u003e })))\u003cbr/\u003e })))\u003cbr/\u003e # Security group\u003cbr/\u003e vpc_security_group_ids = optional(list(string), [])\u003cbr/\u003e attach_cluster_primary_security_group = optional(bool, false)\u003cbr/\u003e cluster_primary_security_group_id = optional(string)\u003cbr/\u003e create_security_group = optional(bool)\u003cbr/\u003e security_group_name = optional(string)\u003cbr/\u003e security_group_use_name_prefix = optional(bool)\u003cbr/\u003e security_group_description = optional(string)\u003cbr/\u003e security_group_ingress_rules = optional(map(object({\u003cbr/\u003e name = optional(string)\u003cbr/\u003e cidr_ipv4 = optional(string)\u003cbr/\u003e cidr_ipv6 = optional(string)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e from_port = optional(string)\u003cbr/\u003e ip_protocol = optional(string)\u003cbr/\u003e prefix_list_id = optional(string)\u003cbr/\u003e referenced_security_group_id = optional(string)\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e to_port = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e security_group_egress_rules = optional(map(object({\u003cbr/\u003e name = optional(string)\u003cbr/\u003e cidr_ipv4 = optional(string)\u003cbr/\u003e cidr_ipv6 = optional(string)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e from_port = optional(string)\u003cbr/\u003e ip_protocol = optional(string)\u003cbr/\u003e prefix_list_id = optional(string)\u003cbr/\u003e referenced_security_group_id = optional(string)\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e to_port = optional(string)\u003cbr/\u003e })), {})\u003cbr/\u003e security_group_tags = optional(map(string))\u003cbr/\u003e\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_enable_auto_mode_custom_tags\"\u003e\u003c/a\u003e [enable\\_auto\\_mode\\_custom\\_tags](#input\\_enable\\_auto\\_mode\\_custom\\_tags) | Determines whether to enable permissions for custom tags resources created by EKS Auto Mode | `bool` | `true` | no |\n| \u003ca name=\"input_enable_cluster_creator_admin_permissions\"\u003e\u003c/a\u003e [enable\\_cluster\\_creator\\_admin\\_permissions](#input\\_enable\\_cluster\\_creator\\_admin\\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no |\n| \u003ca name=\"input_enable_irsa\"\u003e\u003c/a\u003e [enable\\_irsa](#input\\_enable\\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |\n| \u003ca name=\"input_enable_kms_key_rotation\"\u003e\u003c/a\u003e [enable\\_kms\\_key\\_rotation](#input\\_enable\\_kms\\_key\\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no |\n| \u003ca name=\"input_enabled_log_types\"\u003e\u003c/a\u003e [enabled\\_log\\_types](#input\\_enabled\\_log\\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e \"audit\",\u003cbr/\u003e \"api\",\u003cbr/\u003e \"authenticator\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_encryption_config\"\u003e\u003c/a\u003e [encryption\\_config](#input\\_encryption\\_config) | Configuration block with encryption configuration for the cluster | \u003cpre\u003eobject({\u003cbr/\u003e provider_key_arn = optional(string)\u003cbr/\u003e resources = optional(list(string), [\"secrets\"])\u003cbr/\u003e })\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_encryption_policy_description\"\u003e\u003c/a\u003e [encryption\\_policy\\_description](#input\\_encryption\\_policy\\_description) | Description of the cluster encryption policy created | `string` | `\"Cluster encryption policy to allow cluster role to utilize CMK provided\"` | no |\n| \u003ca name=\"input_encryption_policy_name\"\u003e\u003c/a\u003e [encryption\\_policy\\_name](#input\\_encryption\\_policy\\_name) | Name to use on cluster encryption policy created | `string` | `null` | no |\n| \u003ca name=\"input_encryption_policy_path\"\u003e\u003c/a\u003e [encryption\\_policy\\_path](#input\\_encryption\\_policy\\_path) | Cluster encryption policy path | `string` | `null` | no |\n| \u003ca name=\"input_encryption_policy_tags\"\u003e\u003c/a\u003e [encryption\\_policy\\_tags](#input\\_encryption\\_policy\\_tags) | A map of additional tags to add to the cluster encryption policy created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_encryption_policy_use_name_prefix\"\u003e\u003c/a\u003e [encryption\\_policy\\_use\\_name\\_prefix](#input\\_encryption\\_policy\\_use\\_name\\_prefix) | Determines whether cluster encryption policy name (`cluster_encryption_policy_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_endpoint_private_access\"\u003e\u003c/a\u003e [endpoint\\_private\\_access](#input\\_endpoint\\_private\\_access) | Indicates whether or not the Amazon EKS private API server endpoint is enabled | `bool` | `true` | no |\n| \u003ca name=\"input_endpoint_public_access\"\u003e\u003c/a\u003e [endpoint\\_public\\_access](#input\\_endpoint\\_public\\_access) | Indicates whether or not the Amazon EKS public API server endpoint is enabled | `bool` | `false` | no |\n| \u003ca name=\"input_endpoint_public_access_cidrs\"\u003e\u003c/a\u003e [endpoint\\_public\\_access\\_cidrs](#input\\_endpoint\\_public\\_access\\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e \"0.0.0.0/0\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_fargate_profiles\"\u003e\u003c/a\u003e [fargate\\_profiles](#input\\_fargate\\_profiles) | Map of Fargate Profile definitions to create | \u003cpre\u003emap(object({\u003cbr/\u003e create = optional(bool)\u003cbr/\u003e\u003cbr/\u003e # Fargate profile\u003cbr/\u003e name = optional(string) # Will fall back to map key\u003cbr/\u003e subnet_ids = optional(list(string))\u003cbr/\u003e selectors = optional(list(object({\u003cbr/\u003e labels = optional(map(string))\u003cbr/\u003e namespace = string\u003cbr/\u003e })))\u003cbr/\u003e timeouts = optional(object({\u003cbr/\u003e create = optional(string)\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e\u003cbr/\u003e # IAM role\u003cbr/\u003e create_iam_role = optional(bool)\u003cbr/\u003e iam_role_arn = optional(string)\u003cbr/\u003e iam_role_name = optional(string)\u003cbr/\u003e iam_role_use_name_prefix = optional(bool)\u003cbr/\u003e iam_role_path = optional(string)\u003cbr/\u003e iam_role_description = optional(string)\u003cbr/\u003e iam_role_permissions_boundary = optional(string)\u003cbr/\u003e iam_role_tags = optional(map(string))\u003cbr/\u003e iam_role_attach_cni_policy = optional(bool)\u003cbr/\u003e iam_role_additional_policies = optional(map(string))\u003cbr/\u003e create_iam_role_policy = optional(bool)\u003cbr/\u003e iam_role_policy_statements = optional(list(object({\u003cbr/\u003e sid = optional(string)\u003cbr/\u003e actions = optional(list(string))\u003cbr/\u003e not_actions = optional(list(string))\u003cbr/\u003e effect = optional(string)\u003cbr/\u003e resources = optional(list(string))\u003cbr/\u003e not_resources = optional(list(string))\u003cbr/\u003e principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e not_principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e condition = optional(list(object({\u003cbr/\u003e test = string\u003cbr/\u003e values = list(string)\u003cbr/\u003e variable = string\u003cbr/\u003e })))\u003cbr/\u003e })))\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_force_update_version\"\u003e\u003c/a\u003e [force\\_update\\_version](#input\\_force\\_update\\_version) | Force version update by overriding upgrade-blocking readiness checks when updating a cluster | `bool` | `null` | no |\n| \u003ca name=\"input_iam_role_additional_policies\"\u003e\u003c/a\u003e [iam\\_role\\_additional\\_policies](#input\\_iam\\_role\\_additional\\_policies) | Additional policies to be added to the IAM role | `map(string)` | `{}` | no |\n| \u003ca name=\"input_iam_role_arn\"\u003e\u003c/a\u003e [iam\\_role\\_arn](#input\\_iam\\_role\\_arn) | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_description\"\u003e\u003c/a\u003e [iam\\_role\\_description](#input\\_iam\\_role\\_description) | Description of the role | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_name\"\u003e\u003c/a\u003e [iam\\_role\\_name](#input\\_iam\\_role\\_name) | Name to use on IAM role created | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_path\"\u003e\u003c/a\u003e [iam\\_role\\_path](#input\\_iam\\_role\\_path) | The IAM role path | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [iam\\_role\\_permissions\\_boundary](#input\\_iam\\_role\\_permissions\\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_tags\"\u003e\u003c/a\u003e [iam\\_role\\_tags](#input\\_iam\\_role\\_tags) | A map of additional tags to add to the IAM role created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_iam_role_use_name_prefix\"\u003e\u003c/a\u003e [iam\\_role\\_use\\_name\\_prefix](#input\\_iam\\_role\\_use\\_name\\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_identity_providers\"\u003e\u003c/a\u003e [identity\\_providers](#input\\_identity\\_providers) | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | \u003cpre\u003emap(object({\u003cbr/\u003e client_id = string\u003cbr/\u003e groups_claim = optional(string)\u003cbr/\u003e groups_prefix = optional(string)\u003cbr/\u003e identity_provider_config_name = optional(string) # will fall back to map key\u003cbr/\u003e issuer_url = string\u003cbr/\u003e required_claims = optional(map(string))\u003cbr/\u003e username_claim = optional(string)\u003cbr/\u003e username_prefix = optional(string)\u003cbr/\u003e tags = optional(map(string), {})\u003cbr/\u003e }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_include_oidc_root_ca_thumbprint\"\u003e\u003c/a\u003e [include\\_oidc\\_root\\_ca\\_thumbprint](#input\\_include\\_oidc\\_root\\_ca\\_thumbprint) | Determines whether to include the root CA thumbprint in the OpenID Connect (OIDC) identity provider's server certificate(s) | `bool` | `true` | no |\n| \u003ca name=\"input_ip_family\"\u003e\u003c/a\u003e [ip\\_family](#input\\_ip\\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | `string` | `\"ipv4\"` | no |\n| \u003ca name=\"input_kms_key_administrators\"\u003e\u003c/a\u003e [kms\\_key\\_administrators](#input\\_kms\\_key\\_administrators) | A list of IAM ARNs for [key administrators](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-administrators). If no value is provided, the current caller identity is used to ensure at least one key admin is available | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_aliases\"\u003e\u003c/a\u003e [kms\\_key\\_aliases](#input\\_kms\\_key\\_aliases) | A list of aliases to create. Note - due to the use of `toset()`, values must be static strings and not computed values | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_deletion_window_in_days\"\u003e\u003c/a\u003e [kms\\_key\\_deletion\\_window\\_in\\_days](#input\\_kms\\_key\\_deletion\\_window\\_in\\_days) | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30` | `number` | `null` | no |\n| \u003ca name=\"input_kms_key_description\"\u003e\u003c/a\u003e [kms\\_key\\_description](#input\\_kms\\_key\\_description) | The description of the key as viewed in AWS console | `string` | `null` | no |\n| \u003ca name=\"input_kms_key_enable_default_policy\"\u003e\u003c/a\u003e [kms\\_key\\_enable\\_default\\_policy](#input\\_kms\\_key\\_enable\\_default\\_policy) | Specifies whether to enable the default key policy | `bool` | `true` | no |\n| \u003ca name=\"input_kms_key_override_policy_documents\"\u003e\u003c/a\u003e [kms\\_key\\_override\\_policy\\_documents](#input\\_kms\\_key\\_override\\_policy\\_documents) | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_owners\"\u003e\u003c/a\u003e [kms\\_key\\_owners](#input\\_kms\\_key\\_owners) | A list of IAM ARNs for those who will have full key permissions (`kms:*`) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_rotation_period_in_days\"\u003e\u003c/a\u003e [kms\\_key\\_rotation\\_period\\_in\\_days](#input\\_kms\\_key\\_rotation\\_period\\_in\\_days) | Custom period of time between each key rotation date. If you specify a value, it must be between `90` and `2560`, inclusive. If you do not specify a value, it defaults to `365` | `number` | `null` | no |\n| \u003ca name=\"input_kms_key_service_users\"\u003e\u003c/a\u003e [kms\\_key\\_service\\_users](#input\\_kms\\_key\\_service\\_users) | A list of IAM ARNs for [key service users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-service-integration) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_source_policy_documents\"\u003e\u003c/a\u003e [kms\\_key\\_source\\_policy\\_documents](#input\\_kms\\_key\\_source\\_policy\\_documents) | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kms_key_users\"\u003e\u003c/a\u003e [kms\\_key\\_users](#input\\_kms\\_key\\_users) | A list of IAM ARNs for [key users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-users) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_kubernetes_version\"\u003e\u003c/a\u003e [kubernetes\\_version](#input\\_kubernetes\\_version) | Kubernetes `\u003cmajor\u003e.\u003cminor\u003e` version to use for the EKS cluster (i.e.: `1.33`) | `string` | `null` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name of the EKS cluster | `string` | `\"\"` | no |\n| \u003ca name=\"input_node_iam_role_additional_policies\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_additional\\_policies](#input\\_node\\_iam\\_role\\_additional\\_policies) | Additional policies to be added to the EKS Auto node IAM role | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_iam_role_description\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_description](#input\\_node\\_iam\\_role\\_description) | Description of the EKS Auto node IAM role | `string` | `null` | no |\n| \u003ca name=\"input_node_iam_role_name\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_name](#input\\_node\\_iam\\_role\\_name) | Name to use on the EKS Auto node IAM role created | `string` | `null` | no |\n| \u003ca name=\"input_node_iam_role_path\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_path](#input\\_node\\_iam\\_role\\_path) | The EKS Auto node IAM role path | `string` | `null` | no |\n| \u003ca name=\"input_node_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_permissions\\_boundary](#input\\_node\\_iam\\_role\\_permissions\\_boundary) | ARN of the policy that is used to set the permissions boundary for the EKS Auto node IAM role | `string` | `null` | no |\n| \u003ca name=\"input_node_iam_role_tags\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_tags](#input\\_node\\_iam\\_role\\_tags) | A map of additional tags to add to the EKS Auto node IAM role created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_iam_role_use_name_prefix\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_use\\_name\\_prefix](#input\\_node\\_iam\\_role\\_use\\_name\\_prefix) | Determines whether the EKS Auto node IAM role name (`node_iam_role_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_node_security_group_additional_rules\"\u003e\u003c/a\u003e [node\\_security\\_group\\_additional\\_rules](#input\\_node\\_security\\_group\\_additional\\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | \u003cpre\u003emap(object({\u003cbr/\u003e protocol = optional(string, \"tcp\")\u003cbr/\u003e from_port = number\u003cbr/\u003e to_port = number\u003cbr/\u003e type = optional(string, \"ingress\")\u003cbr/\u003e description = optional(string)\u003cbr/\u003e cidr_blocks = optional(list(string))\u003cbr/\u003e ipv6_cidr_blocks = optional(list(string))\u003cbr/\u003e prefix_list_ids = optional(list(string))\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e source_cluster_security_group = optional(bool, false)\u003cbr/\u003e source_security_group_id = optional(string)\u003cbr/\u003e }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_node_security_group_description\"\u003e\u003c/a\u003e [node\\_security\\_group\\_description](#input\\_node\\_security\\_group\\_description) | Description of the node security group created | `string` | `\"EKS node shared security group\"` | no |\n| \u003ca name=\"input_node_security_group_enable_recommended_rules\"\u003e\u003c/a\u003e [node\\_security\\_group\\_enable\\_recommended\\_rules](#input\\_node\\_security\\_group\\_enable\\_recommended\\_rules) | Determines whether to enable recommended security group rules for the node security group created. This includes node-to-node TCP ingress on ephemeral ports and allows all egress traffic | `bool` | `true` | no |\n| \u003ca name=\"input_node_security_group_id\"\u003e\u003c/a\u003e [node\\_security\\_group\\_id](#input\\_node\\_security\\_group\\_id) | ID of an existing security group to attach to the node groups created | `string` | `\"\"` | no |\n| \u003ca name=\"input_node_security_group_name\"\u003e\u003c/a\u003e [node\\_security\\_group\\_name](#input\\_node\\_security\\_group\\_name) | Name to use on node security group created | `string` | `null` | no |\n| \u003ca name=\"input_node_security_group_tags\"\u003e\u003c/a\u003e [node\\_security\\_group\\_tags](#input\\_node\\_security\\_group\\_tags) | A map of additional tags to add to the node security group created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_node_security_group_use_name_prefix\"\u003e\u003c/a\u003e [node\\_security\\_group\\_use\\_name\\_prefix](#input\\_node\\_security\\_group\\_use\\_name\\_prefix) | Determines whether node security group name (`node_security_group_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_openid_connect_audiences\"\u003e\u003c/a\u003e [openid\\_connect\\_audiences](#input\\_openid\\_connect\\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider | `list(string)` | `[]` | no |\n| \u003ca name=\"input_outpost_config\"\u003e\u003c/a\u003e [outpost\\_config](#input\\_outpost\\_config) | Configuration for the AWS Outpost to provision the cluster on | \u003cpre\u003eobject({\u003cbr/\u003e control_plane_instance_type = optional(string)\u003cbr/\u003e control_plane_placement = optional(object({\u003cbr/\u003e group_name = string\u003cbr/\u003e }))\u003cbr/\u003e outpost_arns = list(string)\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_prefix_separator\"\u003e\u003c/a\u003e [prefix\\_separator](#input\\_prefix\\_separator) | The separator to use between the prefix and the generated timestamp for resource names | `string` | `\"-\"` | no |\n| \u003ca name=\"input_putin_khuylo\"\u003e\u003c/a\u003e [putin\\_khuylo](#input\\_putin\\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |\n| \u003ca name=\"input_remote_network_config\"\u003e\u003c/a\u003e [remote\\_network\\_config](#input\\_remote\\_network\\_config) | Configuration block for the cluster remote network configuration | \u003cpre\u003eobject({\u003cbr/\u003e remote_node_networks = object({\u003cbr/\u003e cidrs = optional(list(string))\u003cbr/\u003e })\u003cbr/\u003e remote_pod_networks = optional(object({\u003cbr/\u003e cidrs = optional(list(string))\u003cbr/\u003e }))\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_security_group_additional_rules\"\u003e\u003c/a\u003e [security\\_group\\_additional\\_rules](#input\\_security\\_group\\_additional\\_rules) | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | \u003cpre\u003emap(object({\u003cbr/\u003e protocol = optional(string, \"tcp\")\u003cbr/\u003e from_port = number\u003cbr/\u003e to_port = number\u003cbr/\u003e type = optional(string, \"ingress\")\u003cbr/\u003e description = optional(string)\u003cbr/\u003e cidr_blocks = optional(list(string))\u003cbr/\u003e ipv6_cidr_blocks = optional(list(string))\u003cbr/\u003e prefix_list_ids = optional(list(string))\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e source_node_security_group = optional(bool, false)\u003cbr/\u003e source_security_group_id = optional(string)\u003cbr/\u003e }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_security_group_description\"\u003e\u003c/a\u003e [security\\_group\\_description](#input\\_security\\_group\\_description) | Description of the cluster security group created | `string` | `\"EKS cluster security group\"` | no |\n| \u003ca name=\"input_security_group_id\"\u003e\u003c/a\u003e [security\\_group\\_id](#input\\_security\\_group\\_id) | Existing security group ID to be attached to the cluster | `string` | `\"\"` | no |\n| \u003ca name=\"input_security_group_name\"\u003e\u003c/a\u003e [security\\_group\\_name](#input\\_security\\_group\\_name) | Name to use on cluster security group created | `string` | `null` | no |\n| \u003ca name=\"input_security_group_tags\"\u003e\u003c/a\u003e [security\\_group\\_tags](#input\\_security\\_group\\_tags) | A map of additional tags to add to the cluster security group created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_security_group_use_name_prefix\"\u003e\u003c/a\u003e [security\\_group\\_use\\_name\\_prefix](#input\\_security\\_group\\_use\\_name\\_prefix) | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_self_managed_node_groups\"\u003e\u003c/a\u003e [self\\_managed\\_node\\_groups](#input\\_self\\_managed\\_node\\_groups) | Map of self-managed node group definitions to create | \u003cpre\u003emap(object({\u003cbr/\u003e create = optional(bool)\u003cbr/\u003e kubernetes_version = optional(string)\u003cbr/\u003e\u003cbr/\u003e # Autoscaling Group\u003cbr/\u003e create_autoscaling_group = optional(bool)\u003cbr/\u003e name = optional(string) # Will fall back to map key\u003cbr/\u003e use_name_prefix = optional(bool)\u003cbr/\u003e availability_zones = optional(list(string))\u003cbr/\u003e subnet_ids = optional(list(string))\u003cbr/\u003e min_size = optional(number)\u003cbr/\u003e max_size = optional(number)\u003cbr/\u003e desired_size = optional(number)\u003cbr/\u003e desired_size_type = optional(string)\u003cbr/\u003e capacity_rebalance = optional(bool)\u003cbr/\u003e default_instance_warmup = optional(number)\u003cbr/\u003e protect_from_scale_in = optional(bool)\u003cbr/\u003e context = optional(string)\u003cbr/\u003e create_placement_group = optional(bool)\u003cbr/\u003e placement_group = optional(string)\u003cbr/\u003e health_check_type = optional(string)\u003cbr/\u003e health_check_grace_period = optional(number)\u003cbr/\u003e ignore_failed_scaling_activities = optional(bool)\u003cbr/\u003e force_delete = optional(bool)\u003cbr/\u003e termination_policies = optional(list(string))\u003cbr/\u003e suspended_processes = optional(list(string))\u003cbr/\u003e max_instance_lifetime = optional(number)\u003cbr/\u003e enabled_metrics = optional(list(string))\u003cbr/\u003e metrics_granularity = optional(string)\u003cbr/\u003e initial_lifecycle_hooks = optional(list(object({\u003cbr/\u003e default_result = optional(string)\u003cbr/\u003e heartbeat_timeout = optional(number)\u003cbr/\u003e lifecycle_transition = string\u003cbr/\u003e name = string\u003cbr/\u003e notification_metadata = optional(string)\u003cbr/\u003e notification_target_arn = optional(string)\u003cbr/\u003e role_arn = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e instance_maintenance_policy = optional(object({\u003cbr/\u003e max_healthy_percentage = number\u003cbr/\u003e min_healthy_percentage = number\u003cbr/\u003e }))\u003cbr/\u003e instance_refresh = optional(object({\u003cbr/\u003e preferences = optional(object({\u003cbr/\u003e alarm_specification = optional(object({\u003cbr/\u003e alarms = optional(list(string))\u003cbr/\u003e }))\u003cbr/\u003e auto_rollback = optional(bool)\u003cbr/\u003e checkpoint_delay = optional(number)\u003cbr/\u003e checkpoint_percentages = optional(list(number))\u003cbr/\u003e instance_warmup = optional(number)\u003cbr/\u003e max_healthy_percentage = optional(number)\u003cbr/\u003e min_healthy_percentage = optional(number)\u003cbr/\u003e scale_in_protected_instances = optional(string)\u003cbr/\u003e skip_matching = optional(bool)\u003cbr/\u003e standby_instances = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e strategy = optional(string)\u003cbr/\u003e triggers = optional(list(string))\u003cbr/\u003e })\u003cbr/\u003e )\u003cbr/\u003e use_mixed_instances_policy = optional(bool)\u003cbr/\u003e mixed_instances_policy = optional(object({\u003cbr/\u003e instances_distribution = optional(object({\u003cbr/\u003e on_demand_allocation_strategy = optional(string)\u003cbr/\u003e on_demand_base_capacity = optional(number)\u003cbr/\u003e on_demand_percentage_above_base_capacity = optional(number)\u003cbr/\u003e spot_allocation_strategy = optional(string)\u003cbr/\u003e spot_instance_pools = optional(number)\u003cbr/\u003e spot_max_price = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e launch_template = object({\u003cbr/\u003e override = optional(list(object({\u003cbr/\u003e instance_requirements = optional(object({\u003cbr/\u003e accelerator_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e accelerator_manufacturers = optional(list(string))\u003cbr/\u003e accelerator_names = optional(list(string))\u003cbr/\u003e accelerator_total_memory_mib = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e accelerator_types = optional(list(string))\u003cbr/\u003e allowed_instance_types = optional(list(string))\u003cbr/\u003e bare_metal = optional(string)\u003cbr/\u003e baseline_ebs_bandwidth_mbps = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e burstable_performance = optional(string)\u003cbr/\u003e cpu_manufacturers = optional(list(string))\u003cbr/\u003e excluded_instance_types = optional(list(string))\u003cbr/\u003e instance_generations = optional(list(string))\u003cbr/\u003e local_storage = optional(string)\u003cbr/\u003e local_storage_types = optional(list(string))\u003cbr/\u003e max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)\u003cbr/\u003e memory_gib_per_vcpu = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e memory_mib = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e network_bandwidth_gbps = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e network_interface_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e on_demand_max_price_percentage_over_lowest_price = optional(number)\u003cbr/\u003e require_hibernate_support = optional(bool)\u003cbr/\u003e spot_max_price_percentage_over_lowest_price = optional(number)\u003cbr/\u003e total_local_storage_gb = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e vcpu_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e instance_type = optional(string)\u003cbr/\u003e launch_template_specification = optional(object({\u003cbr/\u003e launch_template_id = optional(string)\u003cbr/\u003e launch_template_name = optional(string)\u003cbr/\u003e version = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e weighted_capacity = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e })\u003cbr/\u003e }))\u003cbr/\u003e timeouts = optional(object({\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e autoscaling_group_tags = optional(map(string))\u003cbr/\u003e # User data\u003cbr/\u003e ami_type = optional(string)\u003cbr/\u003e additional_cluster_dns_ips = optional(list(string))\u003cbr/\u003e pre_bootstrap_user_data = optional(string)\u003cbr/\u003e post_bootstrap_user_data = optional(string)\u003cbr/\u003e bootstrap_extra_args = optional(string)\u003cbr/\u003e user_data_template_path = optional(string)\u003cbr/\u003e cloudinit_pre_nodeadm = optional(list(object({\u003cbr/\u003e content = string\u003cbr/\u003e content_type = optional(string)\u003cbr/\u003e filename = optional(string)\u003cbr/\u003e merge_type = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e cloudinit_post_nodeadm = optional(list(object({\u003cbr/\u003e content = string\u003cbr/\u003e content_type = optional(string)\u003cbr/\u003e filename = optional(string)\u003cbr/\u003e merge_type = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e # Launch Template\u003cbr/\u003e create_launch_template = optional(bool)\u003cbr/\u003e use_custom_launch_template = optional(bool)\u003cbr/\u003e launch_template_id = optional(string)\u003cbr/\u003e launch_template_name = optional(string) # Will fall back to map key\u003cbr/\u003e launch_template_use_name_prefix = optional(bool)\u003cbr/\u003e launch_template_version = optional(string)\u003cbr/\u003e launch_template_default_version = optional(string)\u003cbr/\u003e update_launch_template_default_version = optional(bool)\u003cbr/\u003e launch_template_description = optional(string)\u003cbr/\u003e launch_template_tags = optional(map(string))\u003cbr/\u003e tag_specifications = optional(list(string))\u003cbr/\u003e ebs_optimized = optional(bool)\u003cbr/\u003e ami_id = optional(string)\u003cbr/\u003e instance_type = optional(string)\u003cbr/\u003e key_name = optional(string)\u003cbr/\u003e disable_api_termination = optional(bool)\u003cbr/\u003e instance_initiated_shutdown_behavior = optional(string)\u003cbr/\u003e kernel_id = optional(string)\u003cbr/\u003e ram_disk_id = optional(string)\u003cbr/\u003e block_device_mappings = optional(map(object({\u003cbr/\u003e device_name = optional(string)\u003cbr/\u003e ebs = optional(object({\u003cbr/\u003e delete_on_termination = optional(bool)\u003cbr/\u003e encrypted = optional(bool)\u003cbr/\u003e iops = optional(number)\u003cbr/\u003e kms_key_id = optional(string)\u003cbr/\u003e snapshot_id = optional(string)\u003cbr/\u003e throughput = optional(number)\u003cbr/\u003e volume_initialization_rate = optional(number)\u003cbr/\u003e volume_size = optional(number)\u003cbr/\u003e volume_type = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e no_device = optional(string)\u003cbr/\u003e virtual_name = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e capacity_reservation_specification = optional(object({\u003cbr/\u003e capacity_reservation_preference = optional(string)\u003cbr/\u003e capacity_reservation_target = optional(object({\u003cbr/\u003e capacity_reservation_id = optional(string)\u003cbr/\u003e capacity_reservation_resource_group_arn = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e cpu_options = optional(object({\u003cbr/\u003e amd_sev_snp = optional(string)\u003cbr/\u003e core_count = optional(number)\u003cbr/\u003e threads_per_core = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e credit_specification = optional(object({\u003cbr/\u003e cpu_credits = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e enclave_options = optional(object({\u003cbr/\u003e enabled = optional(bool)\u003cbr/\u003e }))\u003cbr/\u003e instance_requirements = optional(object({\u003cbr/\u003e accelerator_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e accelerator_manufacturers = optional(list(string))\u003cbr/\u003e accelerator_names = optional(list(string))\u003cbr/\u003e accelerator_total_memory_mib = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e accelerator_types = optional(list(string))\u003cbr/\u003e allowed_instance_types = optional(list(string))\u003cbr/\u003e bare_metal = optional(string)\u003cbr/\u003e baseline_ebs_bandwidth_mbps = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e burstable_performance = optional(string)\u003cbr/\u003e cpu_manufacturers = optional(list(string))\u003cbr/\u003e excluded_instance_types = optional(list(string))\u003cbr/\u003e instance_generations = optional(list(string))\u003cbr/\u003e local_storage = optional(string)\u003cbr/\u003e local_storage_types = optional(list(string))\u003cbr/\u003e max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)\u003cbr/\u003e memory_gib_per_vcpu = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e memory_mib = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e network_bandwidth_gbps = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e network_interface_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e on_demand_max_price_percentage_over_lowest_price = optional(number)\u003cbr/\u003e require_hibernate_support = optional(bool)\u003cbr/\u003e spot_max_price_percentage_over_lowest_price = optional(number)\u003cbr/\u003e total_local_storage_gb = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e vcpu_count = optional(object({\u003cbr/\u003e max = optional(number)\u003cbr/\u003e min = string\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e instance_market_options = optional(object({\u003cbr/\u003e market_type = optional(string)\u003cbr/\u003e spot_options = optional(object({\u003cbr/\u003e block_duration_minutes = optional(number)\u003cbr/\u003e instance_interruption_behavior = optional(string)\u003cbr/\u003e max_price = optional(string)\u003cbr/\u003e spot_instance_type = optional(string)\u003cbr/\u003e valid_until = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e license_specifications = optional(list(object({\u003cbr/\u003e license_configuration_arn = string\u003cbr/\u003e })))\u003cbr/\u003e metadata_options = optional(object({\u003cbr/\u003e http_endpoint = optional(string)\u003cbr/\u003e http_protocol_ipv6 = optional(string)\u003cbr/\u003e http_put_response_hop_limit = optional(number)\u003cbr/\u003e http_tokens = optional(string)\u003cbr/\u003e instance_metadata_tags = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e enable_monitoring = optional(bool)\u003cbr/\u003e enable_efa_support = optional(bool)\u003cbr/\u003e enable_efa_only = optional(bool)\u003cbr/\u003e efa_indices = optional(list(string))\u003cbr/\u003e network_interfaces = optional(list(object({\u003cbr/\u003e associate_carrier_ip_address = optional(bool)\u003cbr/\u003e associate_public_ip_address = optional(bool)\u003cbr/\u003e connection_tracking_specification = optional(object({\u003cbr/\u003e tcp_established_timeout = optional(number)\u003cbr/\u003e udp_stream_timeout = optional(number)\u003cbr/\u003e udp_timeout = optional(number)\u003cbr/\u003e }))\u003cbr/\u003e delete_on_termination = optional(bool)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e device_index = optional(number)\u003cbr/\u003e ena_srd_specification = optional(object({\u003cbr/\u003e ena_srd_enabled = optional(bool)\u003cbr/\u003e ena_srd_udp_specification = optional(object({\u003cbr/\u003e ena_srd_udp_enabled = optional(bool)\u003cbr/\u003e }))\u003cbr/\u003e }))\u003cbr/\u003e interface_type = optional(string)\u003cbr/\u003e ipv4_address_count = optional(number)\u003cbr/\u003e ipv4_addresses = optional(list(string))\u003cbr/\u003e ipv4_prefix_count = optional(number)\u003cbr/\u003e ipv4_prefixes = optional(list(string))\u003cbr/\u003e ipv6_address_count = optional(number)\u003cbr/\u003e ipv6_addresses = optional(list(string))\u003cbr/\u003e ipv6_prefix_count = optional(number)\u003cbr/\u003e ipv6_prefixes = optional(list(string))\u003cbr/\u003e network_card_index = optional(number)\u003cbr/\u003e network_interface_id = optional(string)\u003cbr/\u003e primary_ipv6 = optional(bool)\u003cbr/\u003e private_ip_address = optional(string)\u003cbr/\u003e security_groups = optional(list(string))\u003cbr/\u003e subnet_id = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e placement = optional(object({\u003cbr/\u003e affinity = optional(string)\u003cbr/\u003e availability_zone = optional(string)\u003cbr/\u003e group_name = optional(string)\u003cbr/\u003e host_id = optional(string)\u003cbr/\u003e host_resource_group_arn = optional(string)\u003cbr/\u003e partition_number = optional(number)\u003cbr/\u003e spread_domain = optional(string)\u003cbr/\u003e tenancy = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e maintenance_options = optional(object({\u003cbr/\u003e auto_recovery = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e private_dns_name_options = optional(object({\u003cbr/\u003e enable_resource_name_dns_aaaa_record = optional(bool)\u003cbr/\u003e enable_resource_name_dns_a_record = optional(bool)\u003cbr/\u003e hostname_type = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e # IAM role\u003cbr/\u003e create_iam_instance_profile = optional(bool)\u003cbr/\u003e iam_instance_profile_arn = optional(string)\u003cbr/\u003e iam_role_name = optional(string)\u003cbr/\u003e iam_role_use_name_prefix = optional(bool)\u003cbr/\u003e iam_role_path = optional(string)\u003cbr/\u003e iam_role_description = optional(string)\u003cbr/\u003e iam_role_permissions_boundary = optional(string)\u003cbr/\u003e iam_role_tags = optional(map(string))\u003cbr/\u003e iam_role_attach_cni_policy = optional(bool)\u003cbr/\u003e iam_role_additional_policies = optional(map(string))\u003cbr/\u003e create_iam_role_policy = optional(bool)\u003cbr/\u003e iam_role_policy_statements = optional(list(object({\u003cbr/\u003e sid = optional(string)\u003cbr/\u003e actions = optional(list(string))\u003cbr/\u003e not_actions = optional(list(string))\u003cbr/\u003e effect = optional(string)\u003cbr/\u003e resources = optional(list(string))\u003cbr/\u003e not_resources = optional(list(string))\u003cbr/\u003e principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e not_principals = optional(list(object({\u003cbr/\u003e type = string\u003cbr/\u003e identifiers = list(string)\u003cbr/\u003e })))\u003cbr/\u003e condition = optional(list(object({\u003cbr/\u003e test = string\u003cbr/\u003e values = list(string)\u003cbr/\u003e variable = string\u003cbr/\u003e })))\u003cbr/\u003e })))\u003cbr/\u003e # Access entry\u003cbr/\u003e create_access_entry = optional(bool)\u003cbr/\u003e iam_role_arn = optional(string)\u003cbr/\u003e # Security group\u003cbr/\u003e vpc_security_group_ids = optional(list(string), [])\u003cbr/\u003e attach_cluster_primary_security_group = optional(bool, false)\u003cbr/\u003e create_security_group = optional(bool)\u003cbr/\u003e security_group_name = optional(string)\u003cbr/\u003e security_group_use_name_prefix = optional(bool)\u003cbr/\u003e security_group_description = optional(string)\u003cbr/\u003e security_group_ingress_rules = optional(map(object({\u003cbr/\u003e name = optional(string)\u003cbr/\u003e cidr_ipv4 = optional(string)\u003cbr/\u003e cidr_ipv6 = optional(string)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e from_port = optional(string)\u003cbr/\u003e ip_protocol = optional(string)\u003cbr/\u003e prefix_list_id = optional(string)\u003cbr/\u003e referenced_security_group_id = optional(string)\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e to_port = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e security_group_egress_rules = optional(map(object({\u003cbr/\u003e name = optional(string)\u003cbr/\u003e cidr_ipv4 = optional(string)\u003cbr/\u003e cidr_ipv6 = optional(string)\u003cbr/\u003e description = optional(string)\u003cbr/\u003e from_port = optional(string)\u003cbr/\u003e ip_protocol = optional(string)\u003cbr/\u003e prefix_list_id = optional(string)\u003cbr/\u003e referenced_security_group_id = optional(string)\u003cbr/\u003e self = optional(bool)\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e to_port = optional(string)\u003cbr/\u003e })))\u003cbr/\u003e security_group_tags = optional(map(string))\u003cbr/\u003e\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_service_ipv4_cidr\"\u003e\u003c/a\u003e [service\\_ipv4\\_cidr](#input\\_service\\_ipv4\\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |\n| \u003ca name=\"input_service_ipv6_cidr\"\u003e\u003c/a\u003e [service\\_ipv6\\_cidr](#input\\_service\\_ipv6\\_cidr) | The CIDR block to assign Kubernetes pod and service IP addresses from if `ipv6` was specified when the cluster was created. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster | `string` | `null` | no |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | A list of subnet IDs where the nodes/node groups will be provisioned. If `control_plane_subnet_ids` is not provided, the EKS cluster control plane (ENIs) will be provisioned in these subnets | `list(string)` | `[]` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_timeouts\"\u003e\u003c/a\u003e [timeouts](#input\\_timeouts) | Create, update, and delete timeout configurations for the cluster | \u003cpre\u003eobject({\u003cbr/\u003e create = optional(string)\u003cbr/\u003e update = optional(string)\u003cbr/\u003e delete = optional(string)\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_upgrade_policy\"\u003e\u003c/a\u003e [upgrade\\_policy](#input\\_upgrade\\_policy) | Configuration block for the cluster upgrade policy | \u003cpre\u003eobject({\u003cbr/\u003e support_type = optional(string)\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | ID of the VPC where the cluster security group will be provisioned | `string` | `null` | no |\n| \u003ca name=\"input_zonal_shift_config\"\u003e\u003c/a\u003e [zonal\\_shift\\_config](#input\\_zonal\\_shift\\_config) | Configuration block for the cluster zonal shift | \u003cpre\u003eobject({\u003cbr/\u003e enabled = optional(bool)\u003cbr/\u003e })\u003c/pre\u003e | `null` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_access_entries\"\u003e\u003c/a\u003e [access\\_entries](#output\\_access\\_entries) | Map of access entries created and their attributes |\n| \u003ca name=\"output_access_policy_associations\"\u003e\u003c/a\u003e [access\\_policy\\_associations](#output\\_access\\_policy\\_associations) | Map of eks cluster access policy associations created and their attributes |\n| \u003ca name=\"output_cloudwatch_log_group_arn\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_arn](#output\\_cloudwatch\\_log\\_group\\_arn) | Arn of cloudwatch log group created |\n| \u003ca name=\"output_cloudwatch_log_group_name\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_name](#output\\_cloudwatch\\_log\\_group\\_name) | Name of cloudwatch log group created |\n| \u003ca name=\"output_cluster_addons\"\u003e\u003c/a\u003e [cluster\\_addons](#output\\_cluster\\_addons) | Map of attribute maps for all EKS cluster addons enabled |\n| \u003ca name=\"output_cluster_arn\"\u003e\u003c/a\u003e [cluster\\_arn](#output\\_cluster\\_arn) | The Amazon Resource Name (ARN) of the cluster |\n| \u003ca name=\"output_cluster_certificate_authority_data\"\u003e\u003c/a\u003e [cluster\\_certificate\\_authority\\_data](#output\\_cluster\\_certificate\\_authority\\_data) | Base64 encoded certificate data required to communicate with the cluster |\n| \u003ca name=\"output_cluster_control_plane_scaling_tier\"\u003e\u003c/a\u003e [cluster\\_control\\_plane\\_scaling\\_tier](#output\\_cluster\\_control\\_plane\\_scaling\\_tier) | The EKS Provisioned Control Plane scaling tier for the cluster |\n| \u003ca name=\"output_cluster_dualstack_oidc_issuer_url\"\u003e\u003c/a\u003e [cluster\\_dualstack\\_oidc\\_issuer\\_url](#output\\_cluster\\_dualstack\\_oidc\\_issuer\\_url) | Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider |\n| \u003ca name=\"output_cluster_endpoint\"\u003e\u003c/a\u003e [cluster\\_endpoint](#output\\_cluster\\_endpoint) | Endpoint for your Kubernetes API server |\n| \u003ca name=\"output_cluster_iam_role_arn\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_arn](#output\\_cluster\\_iam\\_role\\_arn) | Cluster IAM role ARN |\n| \u003ca name=\"output_cluster_iam_role_name\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_name](#output\\_cluster\\_iam\\_role\\_name) | Cluster IAM role name |\n| \u003ca name=\"output_cluster_iam_role_unique_id\"\u003e\u003c/a\u003e [cluster\\_iam\\_role\\_unique\\_id](#output\\_cluster\\_iam\\_role\\_unique\\_id) | Stable and unique string identifying the IAM role |\n| \u003ca name=\"output_cluster_id\"\u003e\u003c/a\u003e [cluster\\_id](#output\\_cluster\\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts |\n| \u003ca name=\"output_cluster_identity_providers\"\u003e\u003c/a\u003e [cluster\\_identity\\_providers](#output\\_cluster\\_identity\\_providers) | Map of attribute maps for all EKS identity providers enabled |\n| \u003ca name=\"output_cluster_ip_family\"\u003e\u003c/a\u003e [cluster\\_ip\\_family](#output\\_cluster\\_ip\\_family) | The IP family used by the cluster (e.g. `ipv4` or `ipv6`) |\n| \u003ca name=\"output_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#output\\_cluster\\_name) | The name of the EKS cluster |\n| \u003ca name=\"output_cluster_oidc_issuer_url\"\u003e\u003c/a\u003e [cluster\\_oidc\\_issuer\\_url](#output\\_cluster\\_oidc\\_issuer\\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |\n| \u003ca name=\"output_cluster_platform_version\"\u003e\u003c/a\u003e [cluster\\_platform\\_version](#output\\_cluster\\_platform\\_version) | Platform version for the cluster |\n| \u003ca name=\"output_cluster_primary_security_group_id\"\u003e\u003c/a\u003e [cluster\\_primary\\_security\\_group\\_id](#output\\_cluster\\_primary\\_security\\_group\\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |\n| \u003ca name=\"output_cluster_security_group_arn\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_arn](#output\\_cluster\\_security\\_group\\_arn) | Amazon Resource Name (ARN) of the cluster security group |\n| \u003ca name=\"output_cluster_security_group_id\"\u003e\u003c/a\u003e [cluster\\_security\\_group\\_id](#output\\_cluster\\_security\\_group\\_id) | ID of the cluster security group |\n| \u003ca name=\"output_cluster_service_cidr\"\u003e\u003c/a\u003e [cluster\\_service\\_cidr](#output\\_cluster\\_service\\_cidr) | The CIDR block where Kubernetes pod and service IP addresses are assigned from |\n| \u003ca name=\"output_cluster_status\"\u003e\u003c/a\u003e [cluster\\_status](#output\\_cluster\\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |\n| \u003ca name=\"output_cluster_tls_certificate_sha1_fingerprint\"\u003e\u003c/a\u003e [cluster\\_tls\\_certificate\\_sha1\\_fingerprint](#output\\_cluster\\_tls\\_certificate\\_sha1\\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |\n| \u003ca name=\"output_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#output\\_cluster\\_version) | The Kubernetes version for the cluster |\n| \u003ca name=\"output_eks_managed_node_groups\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_groups](#output\\_eks\\_managed\\_node\\_groups) | Map of attribute maps for all EKS managed node groups created |\n| \u003ca name=\"output_eks_managed_node_groups_autoscaling_group_names\"\u003e\u003c/a\u003e [eks\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names](#output\\_eks\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names) | List of the autoscaling group names created by EKS managed node groups |\n| \u003ca name=\"output_fargate_profiles\"\u003e\u003c/a\u003e [fargate\\_profiles](#output\\_fargate\\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |\n| \u003ca name=\"output_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#output\\_kms\\_key\\_arn) | The Amazon Resource Name (ARN) of the key |\n| \u003ca name=\"output_kms_key_id\"\u003e\u003c/a\u003e [kms\\_key\\_id](#output\\_kms\\_key\\_id) | The globally unique identifier for the key |\n| \u003ca name=\"output_kms_key_policy\"\u003e\u003c/a\u003e [kms\\_key\\_policy](#output\\_kms\\_key\\_policy) | The IAM resource policy set on the key |\n| \u003ca name=\"output_node_iam_role_arn\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_arn](#output\\_node\\_iam\\_role\\_arn) | EKS Auto node IAM role ARN |\n| \u003ca name=\"output_node_iam_role_name\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_name](#output\\_node\\_iam\\_role\\_name) | EKS Auto node IAM role name |\n| \u003ca name=\"output_node_iam_role_unique_id\"\u003e\u003c/a\u003e [node\\_iam\\_role\\_unique\\_id](#output\\_node\\_iam\\_role\\_unique\\_id) | Stable and unique string identifying the IAM role |\n| \u003ca name=\"output_node_security_group_arn\"\u003e\u003c/a\u003e [node\\_security\\_group\\_arn](#output\\_node\\_security\\_group\\_arn) | Amazon Resource Name (ARN) of the node shared security group |\n| \u003ca name=\"output_node_security_group_id\"\u003e\u003c/a\u003e [node\\_security\\_group\\_id](#output\\_node\\_security\\_group\\_id) | ID of the node shared security group |\n| \u003ca name=\"output_oidc_provider\"\u003e\u003c/a\u003e [oidc\\_provider](#output\\_oidc\\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) |\n| \u003ca name=\"output_oidc_provider_arn\"\u003e\u003c/a\u003e [oidc\\_provider\\_arn](#output\\_oidc\\_provider\\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` |\n| \u003ca name=\"output_self_managed_node_groups\"\u003e\u003c/a\u003e [self\\_managed\\_node\\_groups](#output\\_self\\_managed\\_node\\_groups) | Map of attribute maps for all self managed node groups created |\n| \u003ca name=\"output_self_managed_node_groups_autoscaling_group_names\"\u003e\u003c/a\u003e [self\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names](#output\\_self\\_managed\\_node\\_groups\\_autoscaling\\_group\\_names) | List of the autoscaling group names created by self-managed node groups |\n\u003c!-- END_TF_DOCS --\u003e\n\n## License\n\nApache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/LICENSE) for full details.\n\n## Additional information for users from Russia and Belarus\n\n* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).\n* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.\n* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-eks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-eks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-eks/lists"}