https://github.com/rallyware/terraform-argocd-aws-eks-cluster-bootstrap
A terraform module to bootstrap apps on AWS EKS using ArgoCD
https://github.com/rallyware/terraform-argocd-aws-eks-cluster-bootstrap
argocd aws eks terraform terraform-module
Last synced: 4 months ago
JSON representation
A terraform module to bootstrap apps on AWS EKS using ArgoCD
- Host: GitHub
- URL: https://github.com/rallyware/terraform-argocd-aws-eks-cluster-bootstrap
- Owner: rallyware
- License: apache-2.0
- Created: 2021-12-01T15:45:59.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2026-02-28T00:15:33.000Z (4 months ago)
- Last Synced: 2026-03-02T01:34:39.243Z (4 months ago)
- Topics: argocd, aws, eks, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 250 KB
- Stars: 18
- Watchers: 2
- Forks: 5
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-argocd-aws-eks-cluster-bootstrap
A terraform module to bootstrap apps on AWS EKS using ArgoCD.
## Usage
```hcl
module "apps" {
source = "git::https://github.com/rallyware/terraform-argocd-aws-eks-cluster-bootstrap.git?ref=master"
argocd_iam_role_arn = "argocd-role-arn"
eks_cluster_id = "staging-cluster"
argocd_additional_projects = [
{
name = "test"
}
]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [argocd](#requirement\_argocd) | >= 7 |
| [aws](#requirement\_aws) | >= 4.2.0 |
| [kubernetes](#requirement\_kubernetes) | ~> 2 |
| [time](#requirement\_time) | >= 0.7 |
| [tls](#requirement\_tls) | >= 3.0 |
| [utils](#requirement\_utils) | >= 0.14.0 |
## Providers
| Name | Version |
|------|---------|
| [argocd](#provider\_argocd) | >= 7 |
| [aws](#provider\_aws) | >= 4.2.0 |
| [kubernetes](#provider\_kubernetes) | ~> 2 |
| [tls](#provider\_tls) | >= 3.0 |
| [utils](#provider\_utils) | >= 0.14.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [apps\_label](#module\_apps\_label) | cloudposse/label/null | 0.25.0 |
| [argo\_ecr\_auth\_eks\_iam\_role](#module\_argo\_ecr\_auth\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [argo\_ecr\_auth\_label](#module\_argo\_ecr\_auth\_label) | cloudposse/label/null | 0.25.0 |
| [aws\_lb\_controller\_eks\_iam\_role](#module\_aws\_lb\_controller\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [aws\_lb\_controller\_label](#module\_aws\_lb\_controller\_label) | cloudposse/label/null | 0.25.0 |
| [chartmuseum\_eks\_iam\_role](#module\_chartmuseum\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [chartmuseum\_label](#module\_chartmuseum\_label) | cloudposse/label/null | 0.25.0 |
| [chartmuseum\_s3\_bucket](#module\_chartmuseum\_s3\_bucket) | cloudposse/s3-bucket/aws | 4.2.0 |
| [cluster\_autoscaler\_eks\_iam\_role](#module\_cluster\_autoscaler\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [cluster\_autoscaler\_label](#module\_cluster\_autoscaler\_label) | cloudposse/label/null | 0.25.0 |
| [ebs\_csi\_eks\_iam\_role](#module\_ebs\_csi\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [ebs\_csi\_kms\_key](#module\_ebs\_csi\_kms\_key) | cloudposse/kms-key/aws | 0.12.2 |
| [ebs\_csi\_label](#module\_ebs\_csi\_label) | cloudposse/label/null | 0.25.0 |
| [efs\_csi\_eks\_iam\_role](#module\_efs\_csi\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [efs\_csi\_label](#module\_efs\_csi\_label) | cloudposse/label/null | 0.25.0 |
| [external\_secrets\_eks\_iam\_role](#module\_external\_secrets\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [external\_secrets\_injector\_role](#module\_external\_secrets\_injector\_role) | cloudposse/iam-role/aws | 0.19.0 |
| [external\_secrets\_label](#module\_external\_secrets\_label) | cloudposse/label/null | 0.25.0 |
| [karpenter\_eks\_iam\_role](#module\_karpenter\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [karpenter\_event\_label](#module\_karpenter\_event\_label) | cloudposse/label/null | 0.25.0 |
| [karpenter\_instance\_profile](#module\_karpenter\_instance\_profile) | cloudposse/iam-role/aws | 0.19.0 |
| [karpenter\_label](#module\_karpenter\_label) | cloudposse/label/null | 0.25.0 |
| [karpenter\_sqs](#module\_karpenter\_sqs) | rallyware/sqs-queue/aws | 0.2.1 |
| [keda\_eks\_iam\_role](#module\_keda\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [keda\_label](#module\_keda\_label) | cloudposse/label/null | 0.25.0 |
| [loki\_eks\_iam\_role](#module\_loki\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [loki\_label](#module\_loki\_label) | cloudposse/label/null | 0.25.0 |
| [loki\_s3\_bucket](#module\_loki\_s3\_bucket) | cloudposse/s3-bucket/aws | 4.2.0 |
| [piggy\_webhooks\_eks\_iam\_role](#module\_piggy\_webhooks\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [piggy\_webhooks\_label](#module\_piggy\_webhooks\_label) | cloudposse/label/null | 0.25.0 |
| [prometheus\_yace\_exporter\_eks\_iam\_role](#module\_prometheus\_yace\_exporter\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [prometheus\_yace\_exporter\_label](#module\_prometheus\_yace\_exporter\_label) | cloudposse/label/null | 0.25.0 |
| [tempo\_eks\_iam\_role](#module\_tempo\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [tempo\_label](#module\_tempo\_label) | cloudposse/label/null | 0.25.0 |
| [tempo\_s3\_bucket](#module\_tempo\_s3\_bucket) | cloudposse/s3-bucket/aws | 4.2.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
| [velero\_eks\_iam\_role](#module\_velero\_eks\_iam\_role) | rallyware/eks-iam-role/aws | 0.3.0 |
| [velero\_kms\_key](#module\_velero\_kms\_key) | cloudposse/kms-key/aws | 0.12.2 |
| [velero\_label](#module\_velero\_label) | cloudposse/label/null | 0.25.0 |
| [velero\_s3\_bucket](#module\_velero\_s3\_bucket) | cloudposse/s3-bucket/aws | 4.2.0 |
## Resources
| Name | Type |
|------|------|
| [argocd_application.apps](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs/resources/application) | resource |
| [argocd_cluster.default](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs/resources/cluster) | resource |
| [argocd_project.additional](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs/resources/project) | resource |
| [argocd_project.default](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs/resources/project) | resource |
| [aws_cloudwatch_event_rule.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_target.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd_jaeger](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_secret.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [kubernetes_secret.linkerd_jaeger_webhook](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [kubernetes_secret.linkerd_viz_webhook](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [kubernetes_secret.linkerd_webhook](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [tls_private_key.linkerd](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [tls_self_signed_cert.linkerd](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [aws_iam_policy_document.argo_ecr_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.aws_lb_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.chartmuseum](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.ebs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.efs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.external_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.external_secrets_injector](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.keda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.loki](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.piggy_webhooks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.tempo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.yace](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [utils_deep_merge_yaml.argocd_helm_apps](https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS cluster ID. | `string` | n/a | yes |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [argocd\_additional\_projects](#input\_argocd\_additional\_projects) | A list of additional ArgoCD projects to create. |
list(object(
{
name = string
description = optional(string, "Managed by Terraform")
}
))
| `[]` | no |
| [argocd\_app\_config](#input\_argocd\_app\_config) | A parent app configuration. Required when `argocd_cluster_default_enabled` is `false` | object(
{
name = optional(string)
namespace = optional(string, "argo")
annotations = optional(map(string))
project = optional(string)
wait = optional(bool, false)
sync_options = optional(list(string), ["CreateNamespace=true", "ApplyOutOfSyncOnly=true"])
helm = optional(
object(
{
repository = optional(string, "https://rallyware.github.io/terraform-argocd-aws-eks-cluster-bootstrap")
chart = optional(string, "argocd-app-of-apps")
version = optional(string, "0.6.2")
}
), {})
timeouts = optional(
object(
{
create = optional(string, "60m")
update = optional(string, "60m")
delete = optional(string, "60m")
}
), {})
retry = optional(
object(
{
limit = optional(number, 0)
backoff_duration = optional(string, "30s")
backoff_max_duration = optional(string, "1m")
backoff_factor = optional(number, 2)
}
), {})
destination = optional(
object(
{
name = optional(string, "in-cluster")
namespace = optional(string, "argo")
}
), {})
automated = optional(
object(
{
prune = optional(bool, true)
self_heal = optional(bool, true)
allow_empty = optional(bool, true)
}
), {})
}
)
| `{}` | no |
| [argocd\_apps](#input\_argocd\_apps) | n/a | list(object(
{
name = string
repository = string
version = string
cluster = optional(string)
project = optional(string)
namespace = optional(string, "default")
chart = optional(string, "")
path = optional(string, "")
override_values = optional(string, "")
skip_crds = optional(bool, false)
value_files = optional(list(string), [])
max_history = optional(number, 10)
sync_wave = optional(number, 50)
annotations = optional(map(string), {})
sync_options = optional(list(string), ["CreateNamespace=true", "ApplyOutOfSyncOnly=true"])
omit_finalizer = optional(bool, false)
ignore_differences = optional(
list(object(
{
group = optional(string)
kind = optional(string)
jqPathExpressions = optional(list(string))
jsonPointers = optional(list(string))
}
)), null)
retry = optional(
object(
{
limit = optional(number, 0)
backoff_duration = optional(string, "30s")
backoff_max_duration = optional(string, "1m")
backoff_factor = optional(number, 2)
}
), {})
automated = optional(
object(
{
prune = optional(bool, true)
self_heal = optional(bool, true)
allow_empty = optional(bool, true)
}
), {})
managed_namespace_metadata = optional(
object(
{
labels = optional(map(string))
annotations = optional(map(string))
}
), null)
create_default_iam_policy = optional(bool, true)
create_default_iam_role = optional(bool, true)
iam_policy_document = optional(string, "{}")
use_sts_regional_endpoints = optional(bool, true)
}
))
| [
{
"chart": "prometheus-operator-crds",
"name": "prometheus-operator-crds",
"namespace": "default",
"repository": "https://prometheus-community.github.io/helm-charts",
"sync_wave": -25,
"version": "0.1.1"
},
{
"chart": "aws-vpc-cni",
"name": "aws-vpc-cni",
"namespace": "kube-system",
"repository": "https://aws.github.io/eks-charts",
"sync_wave": -11,
"version": "1.2.2"
},
{
"chart": "tigera-operator",
"name": "calico",
"namespace": "calico-system",
"repository": "https://docs.projectcalico.org/charts",
"sync_wave": -10,
"version": "v3.20.2"
},
{
"chart": "argo-ecr-auth",
"name": "argo-ecr-auth",
"namespace": "argo",
"repository": "https://sarmad-abualkaz.github.io/my-helm-charts",
"sync_wave": -9,
"version": "0.1.5"
},
{
"chart": "argo-rollouts",
"name": "argo-rollouts",
"namespace": "argo",
"repository": "https://argoproj.github.io/argo-helm",
"version": "2.0.1"
},
{
"chart": "node-local-dns",
"name": "node-local-dns",
"namespace": "kube-system",
"repository": "https://sweetops.github.io/helm-charts",
"sync_wave": -9,
"version": "0.2.1"
},
{
"chart": "cert-manager",
"name": "cert-manager",
"namespace": "cert-manager",
"repository": "https://charts.jetstack.io",
"sync_wave": -7,
"version": "1.5.0"
},
{
"chart": "cert-manager-issuers",
"name": "cert-manager-issuers",
"namespace": "cert-manager",
"repository": "https://charts.adfinis.com",
"sync_wave": -6,
"version": "0.2.2"
},
{
"chart": "aws-load-balancer-controller",
"name": "aws-lb-controller",
"namespace": "kube-system",
"repository": "https://aws.github.io/eks-charts",
"sync_wave": -5,
"version": "1.4.6"
},
{
"chart": "cluster-autoscaler",
"name": "cluster-autoscaler",
"namespace": "kube-system",
"repository": "https://kubernetes.github.io/autoscaler",
"sync_wave": -8,
"version": "9.10.5"
},
{
"chart": "aws-ebs-csi-driver",
"name": "ebs-csi",
"namespace": "csi-drivers",
"repository": "https://kubernetes-sigs.github.io/aws-ebs-csi-driver",
"sync_wave": -5,
"version": "2.16.0"
},
{
"chart": "piggy-webhooks",
"name": "piggy-webhooks",
"namespace": "infra",
"repository": "https://piggysec.com",
"sync_wave": -4,
"version": "0.2.9"
},
{
"chart": "aws-node-termination-handler",
"name": "aws-node-termination-handler",
"namespace": "node-termination-handler",
"repository": "https://aws.github.io/eks-charts",
"version": "0.15.2"
},
{
"chart": "node-problem-detector",
"name": "node-problem-detector",
"namespace": "node-problem-detector",
"repository": "https://charts.deliveryhero.io",
"version": "2.0.5"
},
{
"chart": "ingress-nginx",
"name": "ingress-nginx",
"namespace": "infra",
"repository": "https://kubernetes.github.io/ingress-nginx",
"version": "4.0.1"
},
{
"chart": "velero",
"name": "velero",
"namespace": "velero",
"repository": "https://vmware-tanzu.github.io/helm-charts",
"version": "2.27.0"
},
{
"chart": "keda",
"name": "keda",
"namespace": "infra",
"repository": "https://kedacore.github.io/charts",
"version": "2.13.0"
},
{
"chart": "gatekeeper",
"name": "gatekeeper",
"namespace": "infra",
"repository": "https://open-policy-agent.github.io/gatekeeper/charts",
"version": "3.6.0"
},
{
"chart": "victoria-metrics-k8s-stack",
"name": "victoria-metrics",
"namespace": "monitoring",
"repository": "https://victoriametrics.github.io/helm-charts",
"sync_wave": -3,
"version": "0.5.3"
},
{
"chart": "linkerd-crds",
"ignore_differences": [
{
"group": "apiextensions.k8s.io",
"jsonPointers": [
"/spec/names"
],
"kind": "CustomResourceDefinition"
}
],
"name": "linkerd-crds",
"namespace": "linkerd",
"repository": "https://helm.linkerd.io/stable",
"sync_wave": -20,
"version": "1.4.0"
},
{
"chart": "linkerd-helpers",
"name": "linkerd-helpers",
"namespace": "linkerd",
"repository": "https://sweetops.github.io/helm-charts",
"sync_wave": 3,
"version": "0.1.1"
},
{
"chart": "linkerd-control-plane",
"name": "linkerd",
"namespace": "linkerd",
"repository": "https://helm.linkerd.io/stable",
"sync_wave": 4,
"version": "1.9.3"
},
{
"chart": "linkerd-smi",
"name": "linkerd-smi",
"namespace": "linkerd-smi",
"repository": "https://linkerd.github.io/linkerd-smi",
"version": "0.2.0"
},
{
"chart": "linkerd-viz",
"name": "linkerd-viz",
"namespace": "linkerd-viz",
"repository": "https://helm.linkerd.io/stable",
"version": "30.3.3"
},
{
"chart": "linkerd-jaeger",
"name": "linkerd-jaeger",
"namespace": "linkerd-jaeger",
"repository": "https://helm.linkerd.io/stable",
"version": "30.4.3"
},
{
"chart": "prometheus-blackbox-exporter",
"name": "prometheus-blackbox-exporter",
"namespace": "monitoring",
"repository": "https://prometheus-community.github.io/helm-charts",
"version": "5.0.3"
},
{
"chart": "karpenter",
"ignore_differences": [
{
"jsonPointers": [
"/data"
],
"kind": "Secret"
}
],
"name": "karpenter",
"namespace": "karpenter",
"repository": "public.ecr.aws/karpenter",
"version": "v0.22.1"
},
{
"chart": "loki",
"ignore_differences": [
{
"group": "apps",
"jqPathExpressions": [
".spec.persistentVolumeClaimRetentionPolicy"
],
"kind": "StatefulSet"
}
],
"name": "loki",
"namespace": "logging",
"repository": "https://grafana.github.io/helm-charts",
"version": "3.6.0"
},
{
"chart": "prometheus-yace-exporter",
"name": "prometheus-yace-exporter",
"namespace": "monitoring",
"repository": "https://mogaal.github.io/helm-charts",
"version": "0.5.0"
},
{
"chart": "tempo-distributed",
"name": "tempo",
"namespace": "tracing",
"repository": "https://grafana.github.io/helm-charts",
"version": "0.15.3"
},
{
"chart": "external-dns",
"name": "external-dns",
"namespace": "infra",
"repository": "https://kubernetes-sigs.github.io/external-dns",
"version": "1.9.0"
},
{
"chart": "actions-runner-controller",
"name": "gha-controller",
"namespace": "cicd",
"repository": "https://actions-runner-controller.github.io/actions-runner-controller",
"sync_wave": 20,
"version": "0.15.1"
},
{
"chart": "github-actions-runners",
"name": "gha-runners",
"namespace": "cicd",
"repository": "https://sweetops.github.io/helm-charts",
"sync_wave": 25,
"version": "0.2.0"
},
{
"chart": "argo-events",
"name": "argo-events",
"namespace": "argo",
"repository": "https://argoproj.github.io/argo-helm",
"version": "1.7.0"
},
{
"chart": "argo-workflows",
"name": "argo-workflows",
"namespace": "argo",
"repository": "https://argoproj.github.io/argo-helm",
"version": "0.5.2"
},
{
"chart": "oauth2-proxy",
"name": "oauth2-proxy",
"namespace": "infra",
"repository": "https://oauth2-proxy.github.io/manifests",
"version": "4.2.0"
},
{
"chart": "aws-efs-csi-driver",
"name": "efs-csi",
"namespace": "csi-drivers",
"repository": "https://kubernetes-sigs.github.io/aws-efs-csi-driver",
"version": "2.4.1"
}
]
| no |
| [argocd\_cluster\_default\_enabled](#input\_argocd\_cluster\_default\_enabled) | Whether to create ArgoCD cluster resource. Requires: argocd\_iam\_role\_arn | `bool` | `true` | no |
| [argocd\_iam\_role\_arn](#input\_argocd\_iam\_role\_arn) | IAM role ARN for ArgoCD to authenticate in EKS cluster. | `string` | `""` | no |
| [argocd\_project\_default\_enabled](#input\_argocd\_project\_default\_enabled) | Whether to create default ArgoCD project. | `bool` | `true` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [irsa\_label\_order](#input\_irsa\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | [
"namespace",
"tenant",
"stage",
"attributes"
]
| no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [argo\_ecr\_auth\_service\_account\_role\_arn](#output\_argo\_ecr\_auth\_service\_account\_role\_arn) | argo-ecr-auth IAM role ARN |
| [argo\_ecr\_auth\_service\_account\_role\_name](#output\_argo\_ecr\_auth\_service\_account\_role\_name) | argo-ecr-auth IAM role name |
| [argo\_ecr\_auth\_service\_account\_role\_unique\_id](#output\_argo\_ecr\_auth\_service\_account\_role\_unique\_id) | argo-ecr-auth IAM role unique ID |
| [cluster\_autoscaler\_service\_account\_policy\_id](#output\_cluster\_autoscaler\_service\_account\_policy\_id) | Cluster-Autoscaler IAM policy ID |
| [cluster\_autoscaler\_service\_account\_policy\_name](#output\_cluster\_autoscaler\_service\_account\_policy\_name) | Cluster-Autoscaler IAM policy name |
| [cluster\_autoscaler\_service\_account\_role\_arn](#output\_cluster\_autoscaler\_service\_account\_role\_arn) | Cluster-Autoscaler IAM role ARN |
| [cluster\_autoscaler\_service\_account\_role\_name](#output\_cluster\_autoscaler\_service\_account\_role\_name) | Cluster-Autoscaler IAM role name |
| [cluster\_autoscaler\_service\_account\_role\_unique\_id](#output\_cluster\_autoscaler\_service\_account\_role\_unique\_id) | Cluster-Autoscaler IAM role unique ID |
| [ebs\_csi\_kms\_key\_arn](#output\_ebs\_csi\_kms\_key\_arn) | EBS CSI KMS key ARN |
| [ebs\_csi\_kms\_key\_id](#output\_ebs\_csi\_kms\_key\_id) | EBS CSI KMS key ID |
| [ebs\_csi\_service\_account\_policy\_id](#output\_ebs\_csi\_service\_account\_policy\_id) | EBS CSI driver IAM policy ID |
| [ebs\_csi\_service\_account\_policy\_name](#output\_ebs\_csi\_service\_account\_policy\_name) | EBS CSI driver IAM policy name |
| [ebs\_csi\_service\_account\_role\_arn](#output\_ebs\_csi\_service\_account\_role\_arn) | EBS CSI driver IAM role ARN |
| [ebs\_csi\_service\_account\_role\_name](#output\_ebs\_csi\_service\_account\_role\_name) | EBS CSI driver IAM role name |
| [ebs\_csi\_service\_account\_role\_unique\_id](#output\_ebs\_csi\_service\_account\_role\_unique\_id) | EBS CSI driver IAM role unique ID |
| [efs\_csi\_service\_account\_policy\_id](#output\_efs\_csi\_service\_account\_policy\_id) | EFS CSI driver IAM policy ID |
| [efs\_csi\_service\_account\_policy\_name](#output\_efs\_csi\_service\_account\_policy\_name) | EFS CSI driver IAM policy name |
| [efs\_csi\_service\_account\_role\_arn](#output\_efs\_csi\_service\_account\_role\_arn) | EFS CSI driver IAM role ARN |
| [efs\_csi\_service\_account\_role\_name](#output\_efs\_csi\_service\_account\_role\_name) | EFS CSI driver IAM role name |
| [efs\_csi\_service\_account\_role\_unique\_id](#output\_efs\_csi\_service\_account\_role\_unique\_id) | EFS CSI driver IAM role unique ID |
| [external\_secrets\_injector\_role\_arn](#output\_external\_secrets\_injector\_role\_arn) | The External-secrets injector IAM role ARN |
| [external\_secrets\_service\_account\_policy\_id](#output\_external\_secrets\_service\_account\_policy\_id) | The External-secrets IAM policy ID |
| [external\_secrets\_service\_account\_policy\_name](#output\_external\_secrets\_service\_account\_policy\_name) | The External-secrets operator IAM policy name |
| [external\_secrets\_service\_account\_role\_arn](#output\_external\_secrets\_service\_account\_role\_arn) | The External-secrets operator IAM role ARN |
| [external\_secrets\_service\_account\_role\_name](#output\_external\_secrets\_service\_account\_role\_name) | The External-secrets operator IAM role name |
| [external\_secrets\_service\_account\_role\_unique\_id](#output\_external\_secrets\_service\_account\_role\_unique\_id) | The External-secrets operator IAM role unique ID |
| [karpenter\_instance\_profile\_arn](#output\_karpenter\_instance\_profile\_arn) | The Karpenter Instance Profile ARN |
| [karpenter\_instance\_profile\_id](#output\_karpenter\_instance\_profile\_id) | The Karpenter Instance Profile ID |
| [karpenter\_instance\_profile\_name](#output\_karpenter\_instance\_profile\_name) | The name of Karpenter Instance Profile |
| [karpenter\_service\_account\_policy\_id](#output\_karpenter\_service\_account\_policy\_id) | AWS Karpenter IAM policy ID |
| [karpenter\_service\_account\_policy\_name](#output\_karpenter\_service\_account\_policy\_name) | AWS Karpenter IAM policy name |
| [karpenter\_service\_account\_role\_arn](#output\_karpenter\_service\_account\_role\_arn) | AWS Karpenter IAM role ARN |
| [karpenter\_service\_account\_role\_name](#output\_karpenter\_service\_account\_role\_name) | AWS Karpenter IAM role name |
| [karpenter\_service\_account\_role\_unique\_id](#output\_karpenter\_service\_account\_role\_unique\_id) | AWS Karpenter IAM role unique ID |
| [keda\_service\_account\_policy\_id](#output\_keda\_service\_account\_policy\_id) | KEDA AWS IAM policy ID |
| [keda\_service\_account\_policy\_name](#output\_keda\_service\_account\_policy\_name) | KEDA AWS IAM policy name |
| [keda\_service\_account\_role\_arn](#output\_keda\_service\_account\_role\_arn) | KEDA AWS IAM role ARN |
| [keda\_service\_account\_role\_name](#output\_keda\_service\_account\_role\_name) | Keda AWS IAM role name |
| [keda\_service\_account\_role\_unique\_id](#output\_keda\_service\_account\_role\_unique\_id) | KEDA AWS IAM role unique ID |
| [loki\_s3\_bucket\_arn](#output\_loki\_s3\_bucket\_arn) | Grafana Loki S3 bucket ARN |
| [loki\_s3\_bucket\_id](#output\_loki\_s3\_bucket\_id) | Grafana Loki S3 bucket name |
| [loki\_service\_account\_policy\_id](#output\_loki\_service\_account\_policy\_id) | Grafana Loki IAM policy ID |
| [loki\_service\_account\_policy\_name](#output\_loki\_service\_account\_policy\_name) | Grafana Loki IAM policy name |
| [loki\_service\_account\_role\_arn](#output\_loki\_service\_account\_role\_arn) | Grafana Loki IAM role ARN |
| [loki\_service\_account\_role\_name](#output\_loki\_service\_account\_role\_name) | Grafana Loki IAM role name |
| [loki\_service\_account\_role\_unique\_id](#output\_loki\_service\_account\_role\_unique\_id) | Grafana Loki IAM role unique ID |
| [piggy\_webhooks\_service\_account\_policy\_id](#output\_piggy\_webhooks\_service\_account\_policy\_id) | Piggy webhooks IAM policy ID |
| [piggy\_webhooks\_service\_account\_policy\_name](#output\_piggy\_webhooks\_service\_account\_policy\_name) | Piggy webhooks IAM policy name |
| [piggy\_webhooks\_service\_account\_role\_arn](#output\_piggy\_webhooks\_service\_account\_role\_arn) | Piggy webhooks IAM role ARN |
| [piggy\_webhooks\_service\_account\_role\_name](#output\_piggy\_webhooks\_service\_account\_role\_name) | Piggy webhooks IAM role name |
| [piggy\_webhooks\_service\_account\_role\_unique\_id](#output\_piggy\_webhooks\_service\_account\_role\_unique\_id) | Piggy webhooks IAM role unique ID |
| [prometheus\_yace\_exporter\_service\_account\_role\_arn](#output\_prometheus\_yace\_exporter\_service\_account\_role\_arn) | prometheus-yace-exporter IAM role ARN |
| [prometheus\_yace\_exporter\_service\_account\_role\_name](#output\_prometheus\_yace\_exporter\_service\_account\_role\_name) | prometheus-yace-exporter IAM role name |
| [prometheus\_yace\_exporter\_service\_account\_role\_unique\_id](#output\_prometheus\_yace\_exporter\_service\_account\_role\_unique\_id) | prometheus-yace-exporter IAM role unique ID |
| [tempo\_s3\_bucket\_arn](#output\_tempo\_s3\_bucket\_arn) | Grafana Tempo S3 bucket ARN |
| [tempo\_s3\_bucket\_id](#output\_tempo\_s3\_bucket\_id) | Grafana Tempo S3 bucket name |
| [tempo\_service\_account\_policy\_id](#output\_tempo\_service\_account\_policy\_id) | Grafana Tempo IAM policy ID |
| [tempo\_service\_account\_policy\_name](#output\_tempo\_service\_account\_policy\_name) | Grafana Tempo IAM policy name |
| [tempo\_service\_account\_role\_arn](#output\_tempo\_service\_account\_role\_arn) | Grafana Tempo IAM role ARN |
| [tempo\_service\_account\_role\_name](#output\_tempo\_service\_account\_role\_name) | Grafana Tempo IAM role name |
| [tempo\_service\_account\_role\_unique\_id](#output\_tempo\_service\_account\_role\_unique\_id) | Grafana Tempo IAM role unique ID |
| [velero\_kms\_key\_arn](#output\_velero\_kms\_key\_arn) | Velero KMS key ARN |
| [velero\_kms\_key\_id](#output\_velero\_kms\_key\_id) | Velero KMS key ID |
| [velero\_s3\_bucket\_arn](#output\_velero\_s3\_bucket\_arn) | Velero S3 bucket ARN |
| [velero\_s3\_bucket\_id](#output\_velero\_s3\_bucket\_id) | Velero S3 bucket name |
| [velero\_service\_account\_policy\_id](#output\_velero\_service\_account\_policy\_id) | Velero IAM policy ID |
| [velero\_service\_account\_policy\_name](#output\_velero\_service\_account\_policy\_name) | Velero IAM policy name |
| [velero\_service\_account\_role\_arn](#output\_velero\_service\_account\_role\_arn) | Velero IAM role ARN |
| [velero\_service\_account\_role\_name](#output\_velero\_service\_account\_role\_name) | Velero IAM role name |
| [velero\_service\_account\_role\_unique\_id](#output\_velero\_service\_account\_role\_unique\_id) | Velero IAM role unique ID |
## License
The Apache-2.0 license