Configuration in this directory creates an AWS EKS cluster with various EKS Managed Node Groups demonstrating the various methods of configuring/customizing:
- A default, "out of the box" EKS managed node group as supplied by AWS EKS
- A default, "out of the box" Bottlerocket EKS managed node group as supplied by AWS EKS
- A Bottlerocket EKS managed node group that supplies additional bootstrap settings
- A Bottlerocket EKS managed node group that demonstrates many of the configuration/customizations offered by the
eks-managed-node-groupsub-module for the Bottlerocket OS - An EKS managed node group created from a launch template created outside of the module
- An EKS managed node group that utilizes a custom AMI that is an EKS optimized AMI derivative
- An EKS managed node group that demonstrates nearly all of the configurations/customizations offered by the
eks-managed-node-groupsub-module
See the AWS documentation for further details.
To run this example you need to execute:
$ terraform init
$ terraform plan
$ terraform applyNote that this example may create resources which cost money. Run terraform destroy when you don't need these resources.
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.57 |
| kubernetes | >= 2.10 |
| Name | Version |
|---|---|
| aws | >= 4.57 |
| Name | Source | Version |
|---|---|---|
| ebs_kms_key | terraform-aws-modules/kms/aws | ~> 1.5 |
| eks | ../.. | n/a |
| key_pair | terraform-aws-modules/key-pair/aws | ~> 2.0 |
| vpc | terraform-aws-modules/vpc/aws | ~> 4.0 |
| vpc_cni_irsa | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 |
| Name | Type |
|---|---|
| aws_autoscaling_group_tag.cluster_autoscaler_label_tags | resource |
| aws_iam_policy.node_additional | resource |
| aws_security_group.remote_access | resource |
| aws_ami.eks_default | data source |
| aws_ami.eks_default_arm | data source |
| aws_ami.eks_default_bottlerocket | data source |
| aws_availability_zones.available | data source |
| aws_caller_identity.current | data source |
No inputs.
| Name | Description |
|---|---|
| aws_auth_configmap_yaml | Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles |
| cloudwatch_log_group_arn | Arn of cloudwatch log group created |
| cloudwatch_log_group_name | Name of cloudwatch log group created |
| cluster_addons | Map of attribute maps for all EKS cluster addons enabled |
| cluster_arn | The Amazon Resource Name (ARN) of the cluster |
| cluster_certificate_authority_data | Base64 encoded certificate data required to communicate with the cluster |
| cluster_endpoint | Endpoint for your Kubernetes API server |
| cluster_iam_role_arn | IAM role ARN of the EKS cluster |
| cluster_iam_role_name | IAM role name of the EKS cluster |
| cluster_iam_role_unique_id | Stable and unique string identifying the IAM role |
| cluster_id | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts |
| cluster_identity_providers | Map of attribute maps for all EKS identity providers enabled |
| cluster_name | The name of the EKS cluster |
| cluster_oidc_issuer_url | The URL on the EKS cluster for the OpenID Connect identity provider |
| cluster_platform_version | Platform version for the cluster |
| cluster_primary_security_group_id | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |
| cluster_security_group_arn | Amazon Resource Name (ARN) of the cluster security group |
| cluster_security_group_id | ID of the cluster security group |
| cluster_status | Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED |
| cluster_tls_certificate_sha1_fingerprint | The SHA1 fingerprint of the public key of the cluster's certificate |
| eks_managed_node_groups | Map of attribute maps for all EKS managed node groups created |
| eks_managed_node_groups_autoscaling_group_names | List of the autoscaling group names created by EKS managed node groups |
| fargate_profiles | Map of attribute maps for all EKS Fargate Profiles created |
| kms_key_arn | The Amazon Resource Name (ARN) of the key |
| kms_key_id | The globally unique identifier for the key |
| kms_key_policy | The IAM resource policy set on the key |
| node_security_group_arn | Amazon Resource Name (ARN) of the node shared security group |
| node_security_group_id | ID of the node shared security group |
| oidc_provider | The OpenID Connect identity provider (issuer URL without leading https://) |
| oidc_provider_arn | The ARN of the OIDC Provider if enable_irsa = true |
| self_managed_node_groups | Map of attribute maps for all self managed node groups created |
| self_managed_node_groups_autoscaling_group_names | List of the autoscaling group names created by self-managed node groups |