README.md

Terraform EKS module

Terraform module which creates FlowFuse-specific EKS cluster and node groups on AWS.

The module supports the following:

• Creation of an EKS cluster with configurable Kubernetes version.
• Management of EKS node groups, with support for multiple instance types, AMI types, and autoscaling configurations.
• Integration with AWS IAM for access control.
• Optional creation and management of related AWS resources such as IAM policies and roles.
• Support for enabling various EKS cluster features such as detailed monitoring and cluster autoscaling.

Usage

Replace AWS_ACCOUNT_ID with your AWS account ID

  module "eks" {
    source = "git::https://github.com/FlowFuse/terraform-aws-flowfuse.git//eks?ref=main"

    namespace = "my-company"
    stage     = "production"

    kubernetes_version           = "1.29"
    eks_access_entry_map         = {
      "arn:aws:iam::AWS_ACCOUNT_ID:user/your-user" = {
        access_policy_associations = {
          ClusterAdmin = {}
        }
      }
    }

    tags = {
      Environment = "production"
      Project = "my-project"
      terraform = true
    }
  }

Requirements

Name	Version
aws	~> 5.48

Providers

Name	Version
aws	~> 5.48

Modules

Name	Source	Version
eks_cluster	cloudposse/eks-cluster/aws	4.0.0
node_groups	cloudposse/eks-node-group/aws	2.12.0
vpc_cni_eks_iam_role	cloudposse/eks-iam-role/aws	2.1.1

Resources

Name	Type
aws_iam_policy.cluster_autoscaler	resource
aws_iam_role_policy_attachment.vpc_cni	resource
aws_caller_identity.current	data source
aws_iam_policy_document.cluster_autoscaler	data source
aws_iam_policy_document.vpc_cni_ipv6	data source
aws_iam_session_context.current	data source
aws_security_group.vpc_default_security_group_id	data source
aws_subnet.private	data source
aws_subnets.private	data source
aws_subnets.public	data source
aws_vpc.this	data source

Inputs

Name	Description	Type	Default	Required
addons	Manages aws_eks_addon resources.	list(object({ addon_name = string addon_version = string resolve_conflicts = optional(string, null) resolve_conflicts_on_create = optional(string, null) resolve_conflicts_on_update = optional(string, null) service_account_role_arn = string }))	[]	no
cluster_log_retention_period	The value in days for the retention period of the log group.	number	14	no
eks_access_entry_map	Represents a map of access entries for an EKS cluster. Each entry in the map represents the access configuration for a specific principal ARN	map(object({ # key is principal_arn user_name = optional(string) # Cannot assign "system:*" groups to IAM users, use ClusterAdmin and Admin instead kubernetes_groups = optional(list(string), []) type = optional(string, "STANDARD") access_policy_associations = optional(map(object({ # key is policy_arn or policy_name access_scope = optional(object({ type = optional(string, "cluster") namespaces = optional(list(string)) }), {}) # access_scope })), {}) # access_policy_associations }))	{}	no
eks_node_groups	Map of maps containing configuration of EKS node groups to be created. The key is the name of the node group. * name - Node Group name * instance_types - EC2 instance types to use for the node group * ami_type - AMI type for the instance * desired_size - desired number of instances * min_size - minimum number of instances * max_size - maximum number of instances * kubernetes_version - Kubernetes version for the node group * kubernetes_labels - Kubernetes labels to apply to the node group * cluster_autoscaler_enabled - whether to enable the cluster autoscaler for the node group * detailed_monitoring_enabled - whether to enable detailed monitoring for the node group * attributes - Additional attributes (e.g. ["eks"])	map(object({ name = string instance_types = list(string) ami_type = string desired_size = number min_size = number max_size = number zone_ids = optional(list(string), null) kubernetes_version = list(string) kubernetes_labels = map(string) cluster_autoscaler_enabled = bool detailed_monitoring_enabled = bool attributes = list(string) }))	{ "management": { "ami_type": "AL2_x86_64", "attributes": [ "management" ], "cluster_autoscaler_enabled": true, "desired_size": 1, "detailed_monitoring_enabled": false, "instance_types": [ "m6a.xlarge" ], "kubernetes_labels": { "role": "management" }, "kubernetes_version": [ "1.26" ], "max_size": 2, "min_size": 1, "name": "management" }, "projects": { "ami_type": "AL2_ARM_64", "attributes": [ "projects" ], "cluster_autoscaler_enabled": true, "desired_size": 1, "detailed_monitoring_enabled": false, "instance_types": [ "t4g.large" ], "kubernetes_labels": { "role": "projects" }, "kubernetes_version": [ "1.26" ], "max_size": 4, "min_size": 1, "name": "projects" } }	no
eks_vpc_cni_addon_version	The version of the VPC CNI addon to install on the EKS cluster	string	"v1.18.0-eksbuild.1"	no
enabled_cluster_log_types	A list of the desired control plane logging to enable. Available values: api, audit, authenticator, controllerManager, scheduler	list(string)	[ "api", "audit", "authenticator", "controllerManager", "scheduler" ]	no
kubernetes_version	The desired Kubernetes master version. If you do not specify a value, the latest available version is used.	string	"1.26"	no
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	string	n/a	yes
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	string	n/a	yes
tags	A map of tags to add to all resources	map(string)	{}	no

Outputs

Name	Description
cluster_name	n/a
cluster_oidc_issuer_url	n/a
private_subnet_ids	n/a
public_subnet_ids	n/a