AWS EKS Terraform Module

Requirements

Name	Version
terraform	>= 0.13
aws	3.21.0
helm	2.0.2
kubernetes	2.0.2
local	2.0.0
null	3.0.0
random	3.0.0

Providers

Name	Version
aws	3.21.0
random	3.0.0

Name

Version

aws

3.21.0

random

3.0.0

Modules

Name	Source	Version
	argocd
	cluster	terraform-aws-modules/eks/aws
13.2.1	efs	camptocamp/efs/aws
	iam_assumable_role_cert_manager	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
3.6.0	iam_assumable_role_loki	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
3.6.0	nlb	terraform-aws-modules/alb/aws
5.10.0	nlb_private	terraform-aws-modules/alb/aws

Name

Source

Version

argocd

cluster

terraform-aws-modules/eks/aws

13.2.1

efs

camptocamp/efs/aws

iam_assumable_role_cert_manager

terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc

3.6.0

iam_assumable_role_loki

terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc

3.6.0

nlb

terraform-aws-modules/alb/aws

5.10.0

nlb_private

terraform-aws-modules/alb/aws

Resources

Name	Type
aws_cognito_user_pool_client.client	resource
aws_iam_policy.cert_manager	resource
aws_iam_policy.loki	resource
aws_route53_record.wildcard	resource
aws_s3_bucket.loki	resource
aws_security_group_rule.workers_ingress_healthcheck_http	resource
aws_security_group_rule.workers_ingress_healthcheck_https	resource
random_password.grafana_admin_password	resource
aws_eks_cluster.cluster	data source
aws_eks_cluster_auth.cluster	data source
aws_iam_policy_document.cert_manager	data source
aws_iam_policy_document.loki	data source
aws_nat_gateway.this	data source
aws_region.current	data source
aws_route53_zone.this	data source
aws_subnet_ids.private	data source
aws_subnet_ids.public	data source
aws_vpc.this	data source

Name

Type

aws_cognito_user_pool_client.client

resource

aws_iam_policy.cert_manager

resource

aws_iam_policy.loki

resource

aws_route53_record.wildcard

resource

aws_s3_bucket.loki

resource

aws_security_group_rule.workers_ingress_healthcheck_http

resource

aws_security_group_rule.workers_ingress_healthcheck_https

resource

random_password.grafana_admin_password

resource

aws_eks_cluster.cluster

data source

aws_eks_cluster_auth.cluster

data source

aws_iam_policy_document.cert_manager

data source

aws_iam_policy_document.loki

data source

aws_nat_gateway.this

data source

aws_region.current

data source

aws_route53_zone.this

data source

aws_subnet_ids.private

data source

aws_subnet_ids.public

data source

aws_vpc.this

data source

Inputs

Name Description Type Default Required

Name	Description	Type	Default	Required
app_of_apps_values_overrides	App of apps values overrides.	`string`	`""`	no
argocd_server_secretkey	ArgoCD Server Secert Key to avoid regenerate token on redeploy.	`string`	`null`	no
base_domain	The base domain used for Ingresses.	`string`	n/a	yes
cluster_endpoint_public_access_cidrs	List of CIDR blocks which can access the Amazon EKS public API server endpoint.	`list(string)`	`[ "0.0.0.0/0" ]`	no
cluster_name	The name of the Kubernetes cluster to create.	`string`	n/a	yes
cluster_version	Kubernetes version to use for the EKS cluster.	`string`	`"1.18"`	no
cognito_user_pool_domain	Domain prefix of the Cognito user pool to use (custom domain currently not supported!).	`string`	n/a	yes
cognito_user_pool_id	ID of the Cognito user pool to use.	`string`	n/a	yes
create_private_nlb	Whether to create an internal NLB attached the private subnets	`bool`	`false`	no
create_public_nlb	Whether to create an internet-facing NLB attached to the public subnets	`bool`	`true`	no
enable_efs	Whether to provision an EFS filesystem, along with a provisioner	`bool`	`false`	no
extra_apps	Extra applications to deploy.	`list(any)`	`[]`	no
grafana_admin_password	The admin password for Grafana.	`string`	`null`	no
kubeconfig_aws_authenticator_command	Override the kubeconfig authenticator command	`string`	`"aws-iam-authenticator"`	no
kubeconfig_aws_authenticator_command_args	Override the kubeconfig authenticator arguments	`list(string)`	`[]`	no
map_roles	Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format.	`list(object({ rolearn = string username = string groups = list(string) }))`	`[]`	no
oidc	OIDC configuration for core applications.	`object({ issuer_url = string oauth_url = string token_url = string api_url = string client_id = string client_secret = string oauth2_proxy_extra_args = list(string) })`	`null`	no
repo_url	The source repo URL of ArgoCD’s app of apps.	`string`	`"https://github.com/camptocamp/devops-stack.git"`	no
target_revision	The source target revision of ArgoCD’s app of apps.	`string`	`"master"`	no
vpc_id	VPC where the cluster and workers will be deployed.	`string`	n/a	yes
worker_groups	A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys.	`any`	`[]`	no

app_of_apps_values_overrides

App of apps values overrides.

string

""

no

argocd_server_secretkey

ArgoCD Server Secert Key to avoid regenerate token on redeploy.

string

null

no

base_domain

The base domain used for Ingresses.

string

n/a

yes

cluster_endpoint_public_access_cidrs

List of CIDR blocks which can access the Amazon EKS public API server endpoint.

list(string)

[
  "0.0.0.0/0"
]

no

cluster_name

The name of the Kubernetes cluster to create.

string

n/a

yes

cluster_version

Kubernetes version to use for the EKS cluster.

string

"1.18"

no

cognito_user_pool_domain

Domain prefix of the Cognito user pool to use (custom domain currently not supported!).

string

n/a

yes

cognito_user_pool_id

ID of the Cognito user pool to use.

string

n/a

yes

create_private_nlb

Whether to create an internal NLB attached the private subnets

bool

false

no

create_public_nlb

Whether to create an internet-facing NLB attached to the public subnets

bool

true

no

enable_efs

Whether to provision an EFS filesystem, along with a provisioner

bool

false

no

extra_apps

Extra applications to deploy.

list(any)

[]

no

grafana_admin_password

The admin password for Grafana.

string

null

no

kubeconfig_aws_authenticator_command

Override the kubeconfig authenticator command

string

"aws-iam-authenticator"

no

kubeconfig_aws_authenticator_command_args

Override the kubeconfig authenticator arguments

list(string)

[]

no

map_roles

Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format.

list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))

[]

no

oidc

OIDC configuration for core applications.

object({
    issuer_url              = string
    oauth_url               = string
    token_url               = string
    api_url                 = string
    client_id               = string
    client_secret           = string
    oauth2_proxy_extra_args = list(string)
  })

null

no

repo_url

The source repo URL of ArgoCD’s app of apps.

string

"https://github.com/camptocamp/devops-stack.git"

no

target_revision

The source target revision of ArgoCD’s app of apps.

string

"master"

no

vpc_id

VPC where the cluster and workers will be deployed.

string

n/a

yes

worker_groups

A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys.

any

[]

no

Outputs

Name	Description
app_of_apps_values	n/a
argocd_auth_token	The token to set in ARGOCD_AUTH_TOKEN environment variable.
argocd_server	The URL of the ArgoCD server.
cluster_id	The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready
cluster_oidc_issuer_url	The URL on the EKS cluster OIDC Issuer
grafana_admin_password	The admin password for Grafana.
kubeconfig	The content of the KUBECONFIG file.
kubernetes_cluster_ca_certificate	n/a
kubernetes_host	n/a
kubernetes_token	n/a
repo_url	n/a
target_revision	n/a
worker_iam_role_name	default IAM role name for EKS worker groups
worker_security_group_id	Security group ID attached to the EKS workers.

Name

Description

app_of_apps_values

n/a

argocd_auth_token

The token to set in ARGOCD_AUTH_TOKEN environment variable.

argocd_server

The URL of the ArgoCD server.

cluster_id

The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready

cluster_oidc_issuer_url

The URL on the EKS cluster OIDC Issuer