477 | Enable ALB access logs for EKS clusters

[Franr]

What?

We are adding a variable to create a bucket and enable access logs on the EKS ALB.

Why?

For security/traceability.

References

closes #477

[github-actions]

💰 Infracost estimate: monthly cost will not change

Project	Previous	New	Diff
All projects	$1,904	$1,904	$0

129 projects have no cost estimate changes.

Infracost output

──────────────────────────────────

The following projects have no cost estimate changes: binbashar/le-tf-infra-aws/apps-devstg/global/base-identities (Module path: apps-devstg/global/base-identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/backups -- (Module path: apps-devstg/us-east-1/backups --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/base-network (Module path: apps-devstg/us-east-1/base-network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/base-tf-backend (Module path: apps-devstg/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/cdn-s3-frontend -- (Module path: apps-devstg/us-east-1/cdn-s3-frontend --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-aurora (Module path: apps-devstg/us-east-1/databases-aurora), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-mysql -- (Module path: apps-devstg/us-east-1/databases-mysql --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-pgsql -- (Module path: apps-devstg/us-east-1/databases-pgsql --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/ec2-fleet-ansible -- (Module path: apps-devstg/us-east-1/ec2-fleet-ansible --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/cluster (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/identities (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-workloads (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/network (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/cluster (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/identities (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/k8s-resources (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/k8s-workloads (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/network (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks/cluster (Module path: apps-devstg/us-east-1/k8s-eks/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks/identities (Module path: apps-devstg/us-east-1/k8s-eks/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks/k8s-components (Module path: apps-devstg/us-east-1/k8s-eks/k8s-components), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks/k8s-workloads (Module path: apps-devstg/us-east-1/k8s-eks/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks/network (Module path: apps-devstg/us-east-1/k8s-eks/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kind/k8s-resources (Module path: apps-devstg/us-east-1/k8s-kind/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kops --/1-prerequisites (Module path: apps-devstg/us-east-1/k8s-kops --/1-prerequisites), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kops --/2-kops (Module path: apps-devstg/us-east-1/k8s-kops --/2-kops), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/notifications (Module path: apps-devstg/us-east-1/notifications), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-audit (Module path: apps-devstg/us-east-1/security-audit), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-base (Module path: apps-devstg/us-east-1/security-base), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-certs (Module path: apps-devstg/us-east-1/security-certs), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-compliance -- (Module path: apps-devstg/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-firewall -- (Module path: apps-devstg/us-east-1/security-firewall --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-keys (Module path: apps-devstg/us-east-1/security-keys), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/storage/s3-bucket-demo-files -- (Module path: apps-devstg/us-east-1/storage/s3-bucket-demo-files --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/tools-cloud-nuke (Module path: apps-devstg/us-east-1/tools-cloud-nuke), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/cluster (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/identities (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/k8s-resources (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/k8s-workloads (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/network (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/security-compliance -- (Module path: apps-devstg/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/security-keys (Module path: apps-devstg/us-east-2/security-keys), binbashar/le-tf-infra-aws/apps-prd/global/base-identities (Module path: apps-prd/global/base-identities), binbashar/le-tf-infra-aws/apps-prd/us-east-1/backups -- (Module path: apps-prd/us-east-1/backups --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/base-network (Module path: apps-prd/us-east-1/base-network), binbashar/le-tf-infra-aws/apps-prd/us-east-1/base-tf-backend (Module path: apps-prd/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/apps-prd/us-east-1/cdn-s3-frontend -- (Module path: apps-prd/us-east-1/cdn-s3-frontend --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/ec2-fleet -- (Module path: apps-prd/us-east-1/ec2-fleet --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/notifications (Module path: apps-prd/us-east-1/notifications), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-audit (Module path: apps-prd/us-east-1/security-audit), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-base (Module path: apps-prd/us-east-1/security-base), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-certs (Module path: apps-prd/us-east-1/security-certs), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-compliance -- (Module path: apps-prd/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-keys (Module path: apps-prd/us-east-1/security-keys), binbashar/le-tf-infra-aws/management/global/base-identities (Module path: management/global/base-identities), binbashar/le-tf-infra-aws/management/global/cost-mgmt (Module path: management/global/cost-mgmt), binbashar/le-tf-infra-aws/management/global/organizations (Module path: management/global/organizations), binbashar/le-tf-infra-aws/management/global/sso (Module path: management/global/sso), binbashar/le-tf-infra-aws/management/us-east-1/backups (Module path: management/us-east-1/backups), binbashar/le-tf-infra-aws/management/us-east-1/base-tf-backend (Module path: management/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/management/us-east-1/firewall-manager (Module path: management/us-east-1/firewall-manager), binbashar/le-tf-infra-aws/management/us-east-1/notifications (Module path: management/us-east-1/notifications), binbashar/le-tf-infra-aws/management/us-east-1/security-audit (Module path: management/us-east-1/security-audit), binbashar/le-tf-infra-aws/management/us-east-1/security-base (Module path: management/us-east-1/security-base), binbashar/le-tf-infra-aws/management/us-east-1/security-compliance (Module path: management/us-east-1/security-compliance), binbashar/le-tf-infra-aws/management/us-east-1/security-keys (Module path: management/us-east-1/security-keys), binbashar/le-tf-infra-aws/management/us-east-1/security-monitoring (Module path: management/us-east-1/security-monitoring), binbashar/le-tf-infra-aws/management/us-east-2/security-monitoring -- (Module path: management/us-east-2/security-monitoring --), binbashar/le-tf-infra-aws/network/global/base-identities (Module path: network/global/base-identities), binbashar/le-tf-infra-aws/network/us-east-1/base-network (Module path: network/us-east-1/base-network), binbashar/le-tf-infra-aws/network/us-east-1/base-tf-backend (Module path: network/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/network/us-east-1/network-firewall (Module path: network/us-east-1/network-firewall), binbashar/le-tf-infra-aws/network/us-east-1/notifications (Module path: network/us-east-1/notifications), binbashar/le-tf-infra-aws/network/us-east-1/security-audit (Module path: network/us-east-1/security-audit), binbashar/le-tf-infra-aws/network/us-east-1/security-base (Module path: network/us-east-1/security-base), binbashar/le-tf-infra-aws/network/us-east-1/security-compliance -- (Module path: network/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/network/us-east-1/security-keys (Module path: network/us-east-1/security-keys), binbashar/le-tf-infra-aws/network/us-east-1/transit-gateway (Module path: network/us-east-1/transit-gateway), binbashar/le-tf-infra-aws/network/us-east-2/base-network (Module path: network/us-east-2/base-network), binbashar/le-tf-infra-aws/network/us-east-2/network-firewall (Module path: network/us-east-2/network-firewall), binbashar/le-tf-infra-aws/network/us-east-2/security-compliance -- (Module path: network/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/network/us-east-2/security-keys (Module path: network/us-east-2/security-keys), binbashar/le-tf-infra-aws/network/us-east-2/transit-gateway (Module path: network/us-east-2/transit-gateway), binbashar/le-tf-infra-aws/security/global/base-identities (Module path: security/global/base-identities), binbashar/le-tf-infra-aws/security/us-east-1/base-tf-backend (Module path: security/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/security/us-east-1/firewall-manager (Module path: security/us-east-1/firewall-manager), binbashar/le-tf-infra-aws/security/us-east-1/notifications (Module path: security/us-east-1/notifications), binbashar/le-tf-infra-aws/security/us-east-1/security-audit (Module path: security/us-east-1/security-audit), binbashar/le-tf-infra-aws/security/us-east-1/security-base (Module path: security/us-east-1/security-base), binbashar/le-tf-infra-aws/security/us-east-1/security-compliance -- (Module path: security/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/security/us-east-1/security-keys (Module path: security/us-east-1/security-keys), binbashar/le-tf-infra-aws/security/us-east-1/security-monitoring (Module path: security/us-east-1/security-monitoring), binbashar/le-tf-infra-aws/security/us-east-2/security-audit (Module path: security/us-east-2/security-audit), binbashar/le-tf-infra-aws/security/us-east-2/security-compliance -- (Module path: security/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/security/us-east-2/security-monitoring -- (Module path: security/us-east-2/security-monitoring --), binbashar/le-tf-infra-aws/shared/global/base-dns/binbash.com.ar (Module path: shared/global/base-dns/binbash.com.ar), binbashar/le-tf-infra-aws/shared/global/base-identities (Module path: shared/global/base-identities), binbashar/le-tf-infra-aws/shared/us-east-1/backups (Module path: shared/us-east-1/backups), binbashar/le-tf-infra-aws/shared/us-east-1/base-network (Module path: shared/us-east-1/base-network), binbashar/le-tf-infra-aws/shared/us-east-1/base-tf-backend (Module path: shared/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/shared/us-east-1/container-registry (Module path: shared/us-east-1/container-registry), binbashar/le-tf-infra-aws/shared/us-east-1/ec2-fleet -- (Module path: shared/us-east-1/ec2-fleet --), binbashar/le-tf-infra-aws/shared/us-east-1/ec2-fleet-bastions -- (Module path: shared/us-east-1/ec2-fleet-bastions --), binbashar/le-tf-infra-aws/shared/us-east-1/k8s-eks-demoapps/identities (Module path: shared/us-east-1/k8s-eks-demoapps/identities), binbashar/le-tf-infra-aws/shared/us-east-1/notifications (Module path: shared/us-east-1/notifications), binbashar/le-tf-infra-aws/shared/us-east-1/secrets-manager (Module path: shared/us-east-1/secrets-manager), binbashar/le-tf-infra-aws/shared/us-east-1/security-audit (Module path: shared/us-east-1/security-audit), binbashar/le-tf-infra-aws/shared/us-east-1/security-base (Module path: shared/us-east-1/security-base), binbashar/le-tf-infra-aws/shared/us-east-1/security-compliance -- (Module path: shared/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/shared/us-east-1/security-keys (Module path: shared/us-east-1/security-keys), binbashar/le-tf-infra-aws/shared/us-east-1/storage/backup-gdrive -- (Module path: shared/us-east-1/storage/backup-gdrive --), binbashar/le-tf-infra-aws/shared/us-east-1/storage/object-file-shares-for-users-list -- (Module path: shared/us-east-1/storage/object-file-shares-for-users-list --), binbashar/le-tf-infra-aws/shared/us-east-1/storage/object-file-shares-sftp-transfer-service -- (Module path: shared/us-east-1/storage/object-file-shares-sftp-transfer-service --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-cloud-scheduler-stop-start (Module path: shared/us-east-1/tools-cloud-scheduler-stop-start), binbashar/le-tf-infra-aws/shared/us-east-1/tools-eskibana -- (Module path: shared/us-east-1/tools-eskibana --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-github-selfhosted-runners (Module path: shared/us-east-1/tools-github-selfhosted-runners), binbashar/le-tf-infra-aws/shared/us-east-1/tools-jenkins -- (Module path: shared/us-east-1/tools-jenkins --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-managedeskibana -- (Module path: shared/us-east-1/tools-managedeskibana --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-prometheus-grafana -- (Module path: shared/us-east-1/tools-prometheus-grafana --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-vault -- (Module path: shared/us-east-1/tools-vault --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-vpn-server (Module path: shared/us-east-1/tools-vpn-server), binbashar/le-tf-infra-aws/shared/us-east-1/tools-webhooks -- (Module path: shared/us-east-1/tools-webhooks --), binbashar/le-tf-infra-aws/shared/us-east-2/base-network (Module path: shared/us-east-2/base-network), binbashar/le-tf-infra-aws/shared/us-east-2/container-registry (Module path: shared/us-east-2/container-registry), binbashar/le-tf-infra-aws/shared/us-east-2/security-compliance -- (Module path: shared/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/shared/us-east-2/security-keys (Module path: shared/us-east-2/security-keys), binbashar/le-tf-infra-aws/shared/us-east-2/tools-eskibana -- (Module path: shared/us-east-2/tools-eskibana --), binbashar/le-tf-infra-aws/shared/us-east-2/tools-prometheus-grafana -- (Module path: shared/us-east-2/tools-prometheus-grafana --)
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
2271 cloud resources were detected:
∙ 576 were estimated, 444 of which include usage-based costs, see https://infracost.io/usage-file
∙ 1544 were free:
  ∙ 159 x aws_iam_role_policy_attachment
  ∙ 139 x aws_iam_role
  ∙ 121 x aws_security_group_rule
  ∙ 104 x aws_iam_policy
  ∙ 96 x aws_cloudwatch_log_metric_filter
  ∙ 58 x aws_route_table_association
  ∙ 58 x aws_subnet
  ∙ 50 x aws_route
  ∙ 47 x aws_iam_role_policy
  ∙ 40 x aws_network_acl_rule
  ∙ 34 x aws_ecr_lifecycle_policy
  ∙ 34 x aws_ecr_repository_policy
  ∙ 33 x aws_s3_bucket_public_access_block
  ∙ 32 x aws_security_group
  ∙ 30 x aws_lambda_permission
  ∙ 27 x aws_s3_bucket_policy
  ∙ 26 x aws_iam_access_key
  ∙ 26 x aws_iam_user
  ∙ 24 x aws_network_acl
  ∙ 24 x aws_route_table
  ∙ 22 x aws_iam_group_policy_attachment
  ∙ 22 x aws_vpc_peering_connection_options
  ∙ 20 x aws_vpc_endpoint
  ∙ 16 x aws_iam_user_login_profile
  ∙ 16 x aws_sns_topic_subscription
  ∙ 15 x aws_kms_alias
  ∙ 13 x aws_cloudwatch_event_target
  ∙ 13 x aws_kms_ciphertext
  ∙ 13 x aws_vpc_peering_connection_accepter
  ∙ 12 x aws_iam_instance_profile
  ∙ 12 x aws_internet_gateway
  ∙ 12 x aws_vpc
  ∙ 11 x aws_vpc_peering_connection
  ∙ 9 x aws_iam_group
  ∙ 9 x aws_iam_group_membership
  ∙ 9 x aws_iam_openid_connect_provider
  ∙ 9 x aws_iam_policy_attachment
  ∙ 8 x aws_config_configuration_recorder_status
  ∙ 8 x aws_config_delivery_channel
  ∙ 7 x aws_cloudwatch_event_rule
  ∙ 7 x aws_key_pair
  ∙ 7 x aws_route53_zone_association
  ∙ 7 x aws_ssm_parameter
  ∙ 6 x aws_ebs_encryption_by_default
  ∙ 6 x aws_ec2_tag
  ∙ 6 x aws_iam_account_alias
  ∙ 6 x aws_iam_account_password_policy
  ∙ 6 x aws_s3_account_public_access_block
  ∙ 5 x aws_eip
  ∙ 5 x aws_s3_bucket_ownership_controls
  ∙ 4 x aws_flow_log
  ∙ 4 x aws_iam_user_policy
  ∙ 4 x aws_launch_template
  ∙ 4 x aws_s3_bucket_acl
  ∙ 3 x aws_backup_plan
  ∙ 3 x aws_backup_selection
  ∙ 3 x aws_cloudfront_origin_access_identity
  ∙ 3 x aws_iam_service_linked_role
  ∙ 3 x aws_networkfirewall_rule_group
  ∙ 3 x aws_sns_topic_policy
  ∙ 2 x aws_acm_certificate
  ∙ 2 x aws_acm_certificate_validation
  ∙ 2 x aws_db_parameter_group
  ∙ 2 x aws_db_subnet_group
  ∙ 2 x aws_eip_association
  ∙ 2 x aws_transfer_ssh_key
  ∙ 2 x aws_transfer_user
  ∙ 1 x aws_apigatewayv2_integration
  ∙ 1 x aws_apigatewayv2_route
  ∙ 1 x aws_apigatewayv2_stage
  ∙ 1 x aws_backup_global_settings
  ∙ 1 x aws_backup_vault_notifications
  ∙ 1 x aws_cloudwatch_log_resource_policy
  ∙ 1 x aws_config_configuration_aggregator
  ∙ 1 x aws_db_option_group
  ∙ 1 x aws_lambda_event_source_mapping
  ∙ 1 x aws_lb_listener
  ∙ 1 x aws_networkfirewall_firewall_policy
  ∙ 1 x aws_s3_bucket_notification
  ∙ 1 x aws_secretsmanager_secret_policy
  ∙ 1 x aws_secretsmanager_secret_version
  ∙ 1 x aws_sqs_queue_policy
  ∙ 1 x aws_wafv2_web_acl_association
  ∙ 1 x aws_wafv2_web_acl_logging_configuration
∙ 151 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 25 x aws_identitystore_group_membership
  ∙ 15 x aws_ssoadmin_account_assignment
  ∙ 13 x aws_identitystore_user
  ∙ 13 x aws_organizations_policy_attachment
  ∙ 10 x aws_guardduty_member
  ∙ 7 x aws_route53_vpc_association_authorization
  ∙ 7 x aws_ssoadmin_permission_set
  ∙ 6 x aws_identitystore_group
  ∙ 6 x aws_organizations_account
  ∙ 6 x aws_ssoadmin_managed_policy_attachment
  ∙ 5 x aws_fms_policy
  ∙ 5 x aws_organizations_organizational_unit
  ∙ 4 x aws_guardduty_detector
  ∙ 4 x aws_organizations_policy
  ∙ 4 x aws_s3_bucket_server_side_encryption_configuration
  ∙ 3 x aws_s3_bucket_replication_configuration
  ∙ 2 x aws_budgets_budget
  ∙ 2 x aws_guardduty_organization_admin_account
  ∙ 2 x aws_guardduty_organization_configuration
  ∙ 2 x aws_s3_bucket_versioning
  ∙ 2 x aws_ssoadmin_permission_set_inline_policy
  ∙ 1 x aws_accessanalyzer_analyzer
  ∙ 1 x aws_fms_admin_account
  ∙ 1 x aws_organizations_organization
  ∙ 1 x aws_route53_resolver_firewall_domain_list
  ∙ 1 x aws_route53_resolver_firewall_rule
  ∙ 1 x aws_route53_resolver_firewall_rule_group
  ∙ 1 x aws_s3_bucket_logging
  ∙ 1 x aws_s3_object

This comment will be updated when the cost estimate changes.

_{Is this comment useful? Yes, No, Other}

[exequielrafaela]

@Franr Cisco there's anything else pending before we can change this PR from draft? Let's us know and we could review it when needed.

[Franr]

@Franr Cisco there's anything else pending before we can change this PR from draft? Let's us know and we could review it when needed.

yes, I was not able to bring up the cluster to be able to test it... there were some errors and I desisted.
If the is another cluster up (like demoapps), I could try there!

[Franr]

@exequielrafaela alright Exe, I was finally able to test it! Moving the PR into ready to review.

[exequielrafaela]

@Franr small one related to CI test for terraform canonical format => https://app.circleci.com/pipelines/github/binbashar/le-tf-infra-aws/3095/workflows/b22009a1-7f14-47b9-b243-b51deb4be59a/jobs/3876 easily fixed with leverage terraform format cmd 💪🏼