Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aidanmelen/terraform-aws-eks-auth
A Terraform module to manage cluster authentication (aws-auth) for an Elastic Kubernetes (EKS) cluster on AWS.
https://github.com/aidanmelen/terraform-aws-eks-auth
Last synced: about 2 months ago
JSON representation
A Terraform module to manage cluster authentication (aws-auth) for an Elastic Kubernetes (EKS) cluster on AWS.
- Host: GitHub
- URL: https://github.com/aidanmelen/terraform-aws-eks-auth
- Owner: aidanmelen
- License: apache-2.0
- Created: 2022-02-26T04:50:59.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-11-12T23:15:21.000Z (about 1 year ago)
- Last Synced: 2024-06-19T00:35:01.625Z (7 months ago)
- Language: Go
- Homepage: https://registry.terraform.io/modules/aidanmelen/eks-auth/aws/latest
- Size: 290 KB
- Stars: 38
- Watchers: 2
- Forks: 7
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Archive Notice
The [`terraform-aws-modules/eks/aws` v.18.20.0 release](https://github.com/terraform-aws-modules/terraform-aws-eks/releases/tag/v18.20.0) has brought back support `aws-auth` configmap! For this reason, I highly encourage users to manage the `aws-auth` configmap with the EKS module.
You are welcome to open an issue here if you are having trouble with the migration steps below and will do my best to help.
# Migration:
## steps
1. Remove the `aidanmelen/eks-auth/aws` declaration for your terraform code.
2. Remove the `aidanmelen/eks-auth/aws` resources from terraform state.
- The `aws-auth` configmap should still exist on the cluster but will no longer be managed by this module.
- A plan should show that there are no infrastructure changes to the EKS cluster.
3. Upgrade the version of the EKS module: `version = ">= v18.20.0"`
4. Configure the `terraform-aws-modules/eks/aws` with `manage_aws_auth_configmap = true`. This version of the EKS module uses the new `kubernetes_config_map_v1_data` resource to patch `aws-auth` configmap data (just like the v1.0.0 version of this module).
5. Plan and Apply.
- The `aws-auth` configmap should now be managed by the EKS module.
Please see the [complete example](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest) for more information.
---
[](https://github.com/aidanmelen/terraform-aws-eks-auth/actions/workflows/pre-commit.yaml)
[](https://github.com/aidanmelen/cookiecutter-tf-module)
# terraform-aws-eks-auth
A Terraform module to manage [cluster authentication](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) for an Elastic Kubernetes (EKS) cluster on AWS.
## Assumptions
- You are using the [terraform-aws-eks](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest) module.
## Usage
Grant access to the AWS EKS cluster by adding `map_roles`, `map_user` or `map_accounts` to the `aws-auth` configmap.
```hcl
module "eks" {
source = "terraform-aws-modules/eks/aws"
# insert the 15 required variables here
}
module "eks_auth" {
source = "aidanmelen/eks-auth/aws"
eks = module.eks
map_roles = [
{
rolearn = "arn:aws:iam::66666666666:role/role1"
username = "role1"
groups = ["system:masters"]
},
]
map_users = [
{
userarn = "arn:aws:iam::66666666666:user/user1"
username = "user1"
groups = ["system:masters"]
},
{
userarn = "arn:aws:iam::66666666666:user/user2"
username = "user2"
groups = ["system:masters"]
},
]
map_accounts = [
"777777777777",
"888888888888",
]
}
```
Please see the [complete example](examples/complete) for more information.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.14.8 |
| [http](#requirement\_http) | >= 2.4.1 |
| [kubernetes](#requirement\_kubernetes) | >= 2.10.0 |
## Providers
| Name | Version |
|------|---------|
| [http](#provider\_http) | >= 2.4.1 |
| [kubernetes](#provider\_kubernetes) | >= 2.10.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [kubernetes_config_map_v1.aws_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1) | resource |
| [kubernetes_config_map_v1_data.aws_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1_data) | resource |
| [http_http.wait_for_cluster](https://registry.terraform.io/providers/terraform-aws-modules/http/latest/docs/data-sources/http) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [eks](#input\_eks) | The outputs from the `terraform-aws-modules/terraform-aws-eks` module. | `any` | n/a | yes |
| [map\_accounts](#input\_map\_accounts) | Additional AWS account numbers to add to the aws-auth configmap. | `list(string)` | `[]` | no |
| [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. |
list(object({
rolearn = string
username = string
groups = list(string)
})) | `[]` | no |
| [map\_users](#input\_map\_users) | Additional IAM users to add to the aws-auth configmap. | list(object({
userarn = string
username = string
groups = list(string)
})) | `[]` | no |
| [wait\_for\_cluster\_timeout](#input\_wait\_for\_cluster\_timeout) | A timeout (in seconds) to wait for cluster to be available. | `number` | `300` | no |
## Outputs
| Name | Description |
|------|-------------|
| [aws\_auth\_configmap\_yaml](#output\_aws\_auth\_configmap\_yaml) | Formatted yaml output for aws-auth configmap. |
| [map\_accounts](#output\_map\_accounts) | The aws-auth map accounts. |
| [map\_roles](#output\_map\_roles) | The aws-auth map roles merged with the eks managed node group, self managed node groups and fargate profile roles. |
| [map\_users](#output\_map\_users) | The aws-auth map users. |
## License
Apache 2 Licensed. See [LICENSE](https://github.com/aidanmelen/terraform-aws-eks-auth/tree/master/LICENSE) for full details.