{"id":20418575,"url":"https://github.com/tldr-devops/aws-eks-terraform","last_synced_at":"2025-09-06T16:39:28.610Z","repository":{"id":208615481,"uuid":"722061279","full_name":"tldr-devops/aws-eks-terraform","owner":"tldr-devops","description":"Ready to go EKS setup","archived":false,"fork":false,"pushed_at":"2024-09-05T14:57:24.000Z","size":320,"stargazers_count":10,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-05T04:16:32.988Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tldr-devops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-22T10:58:31.000Z","updated_at":"2024-12-23T05:50:05.000Z","dependencies_parsed_at":"2023-12-02T01:36:12.023Z","dependency_job_id":"7f90950d-6d78-4ba1-b47b-b8fcaa9965e3","html_url":"https://github.com/tldr-devops/aws-eks-terraform","commit_stats":null,"previous_names":["tldr-devops/aws-eks-terraform"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/tldr-devops/aws-eks-terraform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tldr-devops%2Faws-eks-terraform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tldr-devops%2Faws-eks-terraform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tldr-devops%2Faws-eks-terraform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tldr-devops%2Faws-eks-terraform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tldr-devops","download_url":"https://codeload.github.com/tldr-devops/aws-eks-terraform/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tldr-devops%2Faws-eks-terraform/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273932987,"owners_count":25193599,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T06:33:50.538Z","updated_at":"2025-09-06T16:39:28.540Z","avatar_url":"https://github.com/tldr-devops.png","language":"HCL","funding_links":["https://ko-fi.com/filipp_frizzy"],"categories":[],"sub_categories":[],"readme":"# aws-eks-terraform\n\n[![#StandWithBelarus](https://img.shields.io/badge/Belarus-red?label=%23%20Stand%20With\u0026labelColor=white\u0026color=red)\n\u003cimg src=\"https://upload.wikimedia.org/wikipedia/commons/thumb/e/ea/Presidential_Standard_of_Belarus_%28fictional%29.svg/240px-Presidential_Standard_of_Belarus_%28fictional%29.svg.png\" width=\"20\" height=\"20\" alt=\"Voices From Belarus\" /\u003e](https://bysol.org/en/) [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://vshymanskyy.github.io/StandWithUkraine)\n\n## Overview\n\nThis project provides a ready-to-use configuration for setting up an AWS EKS cluster with all necessary controllers, operators, and monitoring stack. By using this configuration, DevOps engineers can save 1-2 months of work.\n\n### Key Features\n\n- **Adaptation for small clusters**: Many modules, especially [Grafana monitoring stack](https://grafana.com/about/grafana-stack/), are created with the intention of being used in large clusters. I understand the pain of small projects, so I tried to create a setup that is as simple and efficient as possible. For example, [VictoriaMetrics](https://victoriametrics.com/) stack selected as best prometheus-like monitoring engine and [Uptrace](https://uptrace.dev/) with AWS S3 backend selected for long term metrics, logs and traces storage.\n- **Node Group Templates**: Templates for creating Managed Node Groups and Fargate Profile linked to each availability zone individually.\n- **Default Settings and Integration**: Reasonable default values and integration between modules for seamless setup.\n\nSimilar projects:\n- [eks blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main)\n- [tEKS](https://github.com/particuleio/teks)\n- [eks demo](https://github.com/awslabs/eksdemo)\n\n### Development Time\n\n- [Filipp Frizzy](https://github.com/Friz-zy/): 181h 30m\n\n## About the Author\n\nI'm Filipp - a Lead DevOps Engineer with 12+ years of experience, currently based in Poland (UTC+2). I am open to work and considering Senior, Lead, or Architect DevOps roles with a B2B contract from $7k/month and 100% remote. I have extensive experience as a primary or lead DevOps engineer in product teams and startups. If you are looking for a DevOps engineer for a project, contact me on [LinkedIn](https://www.linkedin.com/in/filipp-frizzy-289a0360/).\n\nFrom my side:\n- Working as Ops and DevOps engineer since 2012, with over 7 years of experience with UK \u0026 US teams.\n- Experience as Single, Main, or Lead DevOps for small teams of other Ops people.\n- Migration of services into Docker environments, including Kubernetes, Docker Swarm, and AWS Elastic Containers.\n- AWS is my primary cloud since 2015\n- Proficient with GitLab, GitHub, Jenkins, ArgoCD, and FluxCD CI \u0026 CD.\n- Writing Terraform, Terragrunt, Ansible, SaltStack, and other IaC setups.\n- Solved several production disasters with various Kubernetes setups.\n- Skilled in SQL and NoSQL HA setups, like Galera MySQL, MongoDB, Kafka, ZooKeeper, Clickhouse, Redis, etc.\n- Developed many monitoring solutions with Prometheus, VictoriaMetrics, EFK, Zabbix, etc.\n- Authored 2 open source projects with over 1k stars.\n\n## Included Components\n\n| Description | Purpose | Enabled | DNS |\n| --- | --- | --- | --- |\n|EKS cluster module based on [terraform-aws-modules/eks/aws](https://github.com/terraform-aws-modules/terraform-aws-eks) v19|Base|True||\n|Templates for Managed Node Groups and Fargate Profile to link them to each availability zone instead of all zones at once|Base|True||\n|Integration of modules with each other and reasonable default values|Base|True||\n|[CoreDNS EKS addon](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html)|Core|True||\n|[Kube-Proxy EKS addon](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html)|Core|True||\n|[VPC CNI EKS addon](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html)|Core|True||\n|[AWS EBS CSI driver EKS addon](https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html)|Core|True||\n|[Snapshot Controller EKS addon](https://docs.aws.amazon.com/eks/latest/userguide/csi-snapshot-controller.html)|Core|True||\n|[AWS EFS CSI driver](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/aws-efs-csi-driver.md)|Core|True||\n|[AWS Node Termination Handler](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/aws-node-termination-handler.md)|Core|True||\n|[Cert Manager](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/cert-manager.md)|Core|True||\n|[Cluster Autoscaler](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/cluster-autoscaler.md)|Core|True||\n|[Metrics Server](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/metrics-server.md)|Core|True||\n|[Vertical Pod Autoscaler](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/blob/main/docs/addons/vertical-pod-autoscaler.md)|Core|True||\n|[Ingress Apisix](https://github.com/apache/apisix-ingress-controller)|Ingress|True||\n|[Ingress Nginx](https://github.com/kubernetes/ingress-nginx)|Ingress|False||\n|[Victoriametrics Operator](https://github.com/VictoriaMetrics/operator)|Operator|True||\n|[Opentelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator)|Operator|False||\n|[Clickhouse Operator](https://github.com/Altinity/clickhouse-operator)|Operator|False||\n|[Grafana Operator](https://artifacthub.io/packages/helm/bitnami/grafana-operator)|Operator|True||\n|[Victoriametrics](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-k8s-stack/README.md)|Monitoring|True|vmauth.${var.ingress_domain}\u003cbr\u003evictoriametrics.${var.ingress_domain}\u003cbr\u003evmalertmanager.${var.ingress_domain}\u003cbr\u003evmagent.${var.ingress_domain}\u003cbr\u003evmalert.${var.ingress_domain}|\n|[Grafana](https://grafana.com/oss/grafana/)|Monitoring|True|grafana.${var.ingress_domain}|\n|[Uptrace](https://uptrace.dev/)|Monitoring|True|uptrace.${var.ingress_domain}|\n|[Vector](https://vector.dev/)|Monitoring|True||\n|[Qryn](https://qryn.metrico.in)|Monitoring|False|qryn.${var.ingress_domain}|\n|[Openobserve](https://openobserve.ai/)|Monitoring|False|openobserve.${var.ingress_domain}|\n|[Kubernetes Dashboard](https://github.com/kubernetes/dashboard)|Control|False|k8s-dashboard.${var.ingress_domain}|\n\n## What is not included right now\n\n- Email integration\n- DNS integration\n- Alert rules\n- Resource limits\n- CI \u0026 CD integration\n- Network policies\n- Host-based pod segregation\n\n## Dependencies\n\n- terraform\n- aws cli\n- kubectl\n- [terraform-aws-eks](https://github.com/terraform-aws-modules/terraform-aws-eks)\n- [aws-ia/eks-blueprints-addons/aws](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons)\n\nThis module contains a local-exec block with `kubectl patch` for applying `tolerations` and `nodeSelector` deployments in the `kube-system` namespace, which will only work in a Unix shell, and will fail on Windows. This patch is necessary as some EKS addons currently don't support `tolerations` and `nodeSelector` in their configurations, but it is only necessary if you use host nodes with taints to separate `management` processes from others. You can disable it by setting the `apply_kubectl_patch` variable to `false`.\n\n## Example\n\n```\ncd example\nterraform init\nterraform apply -target=module.vpc\nterraform apply\nterraform output all\n```\n\nTo destroy everything, run (you may need to run it twice):\n```\nterraform destroy -auto-approve\n```\n\nForce destroy in case of problems:\n```\nhelm ls -a --all-namespaces | awk 'NR \u003e 1 { print  \"-n \"$2, $1}' | xargs -L1 helm delete\nkubectl delete all --all --all-namespaces\nterraform destroy -auto-approve\n```\n\nAfter `terraform destroy`, check EC2 volumes for unused disks as the aws-ebs-csi-driver doesn't delete them by default after deleting helm releases.\n\n## Security\n\n`victoria-metrics-k8s-stack` is deployed without internal password protection. Multiple charts such as `apisix`, `qryn`, and `uptrace` contain explicit passwords in the values and do not use Kubernetes secrets.\n\n## Upgrading Process\n\nHelm upgrade `reset_values` flag is set to `true` for everything except databases like PostgreSQL and Clickhouse. See this [explanation](https://shipmight.com/blog/understanding-helm-upgrade-reset-reuse-values).\n\n## Outputs\n\nCheck the [./example/outputs.example](./example/outputs.example) file to get an example of the output. For setting DNS, you can describe the ingress external address with `kubectl`:\n```\nkubectl get service/apisix-ingress-controller-apisix-gateway -n ingress-apisix\n```\n\nAdditionally, a kubeconfig file `~/.kube/eks-${account_id}-${region}-${cluster_name}` will be created by the `aws eks` utility.\n\n## Support\n\nYou can support this or any other of my projects:\n- [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/filipp_frizzy)\n- [donationalerts.com/r/filipp_frizzy](https://www.donationalerts.com/r/filipp_frizzy)\n- ETH 0xCD9fC1719b9E174E911f343CA2B391060F931ff7\n- BTC bc1q8fhsj24f5ncv3995zk9v3jhwwmscecc6w0tdw3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftldr-devops%2Faws-eks-terraform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftldr-devops%2Faws-eks-terraform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftldr-devops%2Faws-eks-terraform/lists"}