aws-ia · askulkarni2 · Feb 21, 2023 · Dec 19, 2022 · Dec 19, 2022 · Dec 19, 2022
@@ -30,3 +30,5 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+**/examples/event-driven-pipeline/input/*
@@ -18,7 +18,9 @@ module "eks_ack_addons" {
   enable_rds           = true
   enable_amp           = true
   enable_emrcontainers = true
-
+  enable_sfn           = true
+  enable_eb            = true
+
   tags = {
     Environment = "dev"
   }
@@ -51,27 +53,32 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_amp"></a> [amp](#module\_amp) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.12.2 |
-| <a name="module_api_gatewayv2"></a> [api\_gatewayv2](#module\_api\_gatewayv2) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.12.2 |
-| <a name="module_dynamodb"></a> [dynamodb](#module\_dynamodb) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.12.2 |
-| <a name="module_emrcontainers"></a> [emrcontainers](#module\_emrcontainers) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.18.0 |
-| <a name="module_rds"></a> [rds](#module\_rds) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.12.2 |
-| <a name="module_s3"></a> [s3](#module\_s3) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.12.2 |
+| <a name="module_amp"></a> [amp](#module\_amp) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_api_gatewayv2"></a> [api\_gatewayv2](#module\_api\_gatewayv2) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_dynamodb"></a> [dynamodb](#module\_dynamodb) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_emrcontainers"></a> [emrcontainers](#module\_emrcontainers) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_rds"></a> [rds](#module\_rds) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_s3"></a> [s3](#module\_s3) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
+| <a name="module_sfn"></a> [sfn](#module\_sfn) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.24.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_iam_policy.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.sfnpasspolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [time_sleep.dataplane](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_iam_policy.amp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.api_gatewayv2_admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.api_gatewayv2_invoke](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
+| [aws_iam_policy.eb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
+| [aws_iam_policy.sfn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy_document.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -85,19 +92,23 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
 | <a name="input_data_plane_wait_arn"></a> [data\_plane\_wait\_arn](#input\_data\_plane\_wait\_arn) | Addon deployment will not proceed until this value is known. Set to node group/Fargate profile ARN to wait for data plane to be ready before provisioning addons | `string` | `""` | no |
 | <a name="input_dynamodb_helm_config"></a> [dynamodb\_helm\_config](#input\_dynamodb\_helm\_config) | ACK dynamodb Helm Chart config | `any` | `{}` | no |
+| <a name="input_eb_helm_config"></a> [eb\_helm\_config](#input\_eb\_helm\_config) | ACK Event Bridge Helm Chart config | `any` | `{}` | no |
 | <a name="input_ecrpublic_token"></a> [ecrpublic\_token](#input\_ecrpublic\_token) | Password decoded from the authorization token for accessing public ECR | `string` | n/a | yes |
 | <a name="input_ecrpublic_username"></a> [ecrpublic\_username](#input\_ecrpublic\_username) | User name decoded from the authorization token for accessing public ECR | `string` | n/a | yes |
 | <a name="input_emrcontainers_helm_config"></a> [emrcontainers\_helm\_config](#input\_emrcontainers\_helm\_config) | ACK EMR container Helm Chart config | `any` | `{}` | no |
 | <a name="input_enable_amp"></a> [enable\_amp](#input\_enable\_amp) | Enable ACK amp add-on | `bool` | `false` | no |
 | <a name="input_enable_api_gatewayv2"></a> [enable\_api\_gatewayv2](#input\_enable\_api\_gatewayv2) | Enable ACK API gateway v2 add-on | `bool` | `false` | no |
 | <a name="input_enable_dynamodb"></a> [enable\_dynamodb](#input\_enable\_dynamodb) | Enable ACK dynamodb add-on | `bool` | `false` | no |
+| <a name="input_enable_eb"></a> [enable\_eb](#input\_enable\_eb) | Enable ACK Event Bridge add-on | `bool` | `false` | no |
 | <a name="input_enable_emrcontainers"></a> [enable\_emrcontainers](#input\_enable\_emrcontainers) | Enable ACK EMR container add-on | `bool` | `false` | no |
 | <a name="input_enable_rds"></a> [enable\_rds](#input\_enable\_rds) | Enable ACK rds add-on | `bool` | `false` | no |
 | <a name="input_enable_s3"></a> [enable\_s3](#input\_enable\_s3) | Enable ACK s3 add-on | `bool` | `false` | no |
+| <a name="input_enable_sfn"></a> [enable\_sfn](#input\_enable\_sfn) | Enable ACK step functions add-on | `bool` | `false` | no |
 | <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `""` | no |
 | <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
 | <a name="input_rds_helm_config"></a> [rds\_helm\_config](#input\_rds\_helm\_config) | ACK rds Helm Chart config | `any` | `{}` | no |
 | <a name="input_s3_helm_config"></a> [s3\_helm\_config](#input\_s3\_helm\_config) | ACK s3 Helm Chart config | `any` | `{}` | no |
+| <a name="input_sfn_helm_config"></a> [sfn\_helm\_config](#input\_sfn\_helm\_config) | ACK step functions Helm Chart config | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
 
 ## Outputs

@@ -52,7 +52,7 @@ locals {
 ################################################################################
 
 module "eks_blueprints" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.24.0"
 
   cluster_name    = local.name
   cluster_version = "1.23"
@@ -77,7 +77,7 @@ module "eks_blueprints" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.24.0"
 
   eks_cluster_id       = module.eks_blueprints.eks_cluster_id
   eks_cluster_endpoint = module.eks_blueprints.eks_cluster_endpoint
@@ -116,6 +116,8 @@ module "eks_ack_addons" {
   enable_rds           = true
   enable_amp           = true
   enable_emrcontainers = true
+  enable_sfn           = true
+  enable_eb            = true
 
   tags = local.tags
 }
@@ -197,7 +199,7 @@ resource "aws_iam_policy" "dynamodb_access" {
 }
 
 module "irsa" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/irsa?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/irsa?ref=v4.24.0"
 
   create_kubernetes_namespace = true
   kubernetes_namespace        = "ack-demo"

@@ -46,7 +46,7 @@ locals {
 }
 
 module "api_gatewayv2" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_api_gatewayv2 ? 1 : 0
 
@@ -122,7 +122,7 @@ locals {
 }
 
 module "dynamodb" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_dynamodb ? 1 : 0
 
@@ -189,7 +189,7 @@ locals {
 }
 
 module "s3" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_s3 ? 1 : 0
 
@@ -256,7 +256,7 @@ locals {
 }
 
 module "rds" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_rds ? 1 : 0
 
@@ -324,7 +324,7 @@ locals {
 }
 
 module "amp" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.12.2"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_amp ? 1 : 0
 
@@ -392,7 +392,7 @@ locals {
 }
 
 module "emrcontainers" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.18.0"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
 
   count = var.enable_emrcontainers ? 1 : 0
 
@@ -447,7 +447,7 @@ module "emrcontainers" {
 resource "aws_iam_policy" "emrcontainers" {
   count = var.enable_emrcontainers ? 1 : 0
 
-  name        = format("%s-%s", local.emr_name, "controller-iam-policies")
+  name_prefix = format("%s-%s", local.emr_name, "controller-iam-policies")
   description = "IAM policy for EMRcontainers controller"
   path        = "/"
   policy      = data.aws_iam_policy_document.emrcontainers.json
@@ -526,3 +526,165 @@ data "aws_iam_policy_document" "emrcontainers" {
   }
 
 }
+
+################################################################################
+# Step Functions
+################################################################################
+
+locals {
+  sfn_name = "ack-sfn"
+}
+
+module "sfn" {
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
+
+  count = var.enable_sfn ? 1 : 0
+
+  helm_config = merge(
+    {
+      name                = local.sfn_name
+      chart               = "sfn-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0.1.3"
+      namespace           = local.sfn_name
+      repository_username = var.ecrpublic_username
+      repository_password = var.ecrpublic_token
+      create_namespace    = true
+      description         = "ACK SFN Controller v2 Helm chart deployment configuration"
+      values = [
+        # shortens pod name from `ack-sfn-sfn-chart-xxxxxxxxxxxxx` to `ack-sfn-xxxxxxxxxxxxx`
+        <<-EOT
+          nameOverride: ack-sfn
+        EOT
+      ]
+    },
+    var.sfn_helm_config
+  )
+
+  set_values = [
+    {
+      name  = "serviceAccount.name"
+      value = local.sfn_name
+    },
+    {
+      name  = "serviceAccount.create"
+      value = false
+    },
+    {
+      name  = "aws.region"
+      value = local.region
+    }
+  ]
+
+  irsa_config = {
+    create_kubernetes_namespace = true
+    kubernetes_namespace        = try(var.sfn_helm_config.namespace, local.sfn_name)
+
+    create_kubernetes_service_account = true
+    kubernetes_service_account        = local.sfn_name
+
+    irsa_iam_policies = [data.aws_iam_policy.sfn[0].arn, aws_iam_policy.sfnpasspolicy[0].arn]
+  }
+
+  addon_context = local.addon_context
+}
+
+data "aws_iam_policy" "sfn" {
+  count = var.enable_sfn ? 1 : 0
+
+  name = "AWSStepFunctionsFullAccess"
+}
+
+
+resource "aws_iam_policy" "sfnpasspolicy" {
+  count = var.enable_sfn ? 1 : 0
+
+  name_prefix = format("%s-%s", local.sfn_name, "controller-iam-policies")
+
+  path        = "/"
+  description = "passrole policy"
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "iam:PassRole",
+        ]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ]
+  })
+}
+
+
+################################################################################
+# Event Bridge
+################################################################################
+
+locals {
+  eb_name = "ack-eb"
+}
+
+module "eventbridge" {
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.24.0"
+
+  count = var.enable_eb ? 1 : 0
+
+  helm_config = merge(
+    {
+      name                = local.eb_name
+      chart               = "eb-ack-chart"
+      repository          = "oci://public.ecr.aws/k4r0k1t7"
+      version             = "v0.0.2"
+      namespace           = local.eb_name
+      repository_username = var.ecrpublic_username
+      repository_password = var.ecrpublic_token
+      create_namespace    = true
+      description         = "ACK eventbridge Controller v2 Helm chart deployment configuration"
+      values = [
+        # shortens pod name from `ack-eb-eb-chart-xxxxxxxxxxxxx` to `ack-eb-xxxxxxxxxxxxx`
+        <<-EOT
+          nameOverride: ack-eb
+        EOT
+      ]
+    },
+    var.eb_helm_config
+  )
+
+  set_values = [
+    {
+      name  = "serviceAccount.name"
+      value = local.eb_name
+    },
+    {
+      name  = "serviceAccount.create"
+      value = false
+    },
+    {
+      name  = "aws.region"
+      value = local.region
+    }
+  ]
+
+  irsa_config = {
+    create_kubernetes_namespace = true
+    kubernetes_namespace        = try(var.eb_helm_config.namespace, local.eb_name)
+
+    create_kubernetes_service_account = true
+    kubernetes_service_account        = local.eb_name
+
+    irsa_iam_policies = [data.aws_iam_policy.eb[0].arn]
+  }
+
+  addon_context = local.addon_context
+}
+
+data "aws_iam_policy" "eb" {
+  count = var.enable_eb ? 1 : 0
+
+  name = "AmazonEventBridgeFullAccess"
+}
@@ -132,3 +132,35 @@ variable "amp_helm_config" {
   type        = any
   default     = {}
 }
+
+################################################################################
+# Step Functions
+################################################################################
+
+variable "enable_sfn" {
+  description = "Enable ACK step functions add-on"
+  type        = bool
+  default     = false
+}
+
+variable "sfn_helm_config" {
+  description = "ACK step functions Helm Chart config"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Event Bridge
+################################################################################
+
+variable "enable_eb" {
+  description = "Enable ACK Event Bridge add-on"
+  type        = bool
+  default     = false
+}
+
+variable "eb_helm_config" {
+  description = "ACK Event Bridge Helm Chart config"
+  type        = any
+  default     = {}
+}