diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf index 045a8f7199..8af1ca8b14 100644 --- a/examples/agones-game-controller/main.tf +++ b/examples/agones-game-controller/main.tf @@ -44,7 +44,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = local.cluster_version @@ -117,7 +117,7 @@ module "eks_blueprints_kubernetes_addons" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -126,17 +126,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf index fc7a151d7f..9f1d8e1ba7 100644 --- a/examples/amp-amg-opensearch/main.tf +++ b/examples/amp-amg-opensearch/main.tf @@ -49,7 +49,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = local.cluster_version @@ -257,7 +257,7 @@ module "managed_prometheus" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -266,17 +266,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf index 739fcc24d1..c9b254297d 100644 --- a/examples/appmesh-mtls/main.tf +++ b/examples/appmesh-mtls/main.tf @@ -51,7 +51,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -199,7 +199,7 @@ resource "kubectl_manifest" "pca_certificate" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -208,17 +208,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf index 30d924a935..99f3e5994f 100644 --- a/examples/argocd/main.tf +++ b/examples/argocd/main.tf @@ -46,7 +46,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = local.cluster_version @@ -173,7 +173,7 @@ resource "aws_secretsmanager_secret_version" "argocd" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -182,17 +182,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/blue-green-upgrade/core-infra/main.tf b/examples/blue-green-upgrade/core-infra/main.tf index ec0aa45b42..e9af609733 100644 --- a/examples/blue-green-upgrade/core-infra/main.tf +++ b/examples/blue-green-upgrade/core-infra/main.tf @@ -22,38 +22,24 @@ data "aws_availability_zones" "available" {} module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] - - enable_nat_gateway = true - create_igw = true - enable_dns_hostnames = true - single_nat_gateway = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { - "kubernetes.io/cluster/${local.name}-blue" = "shared" - "kubernetes.io/cluster/${local.name}-green" = "shared" - "kubernetes.io/role/elb" = "1" + "kubernetes.io/role/elb" = 1 } private_subnet_tags = { - "kubernetes.io/cluster/${local.name}-blue" = "shared" - "kubernetes.io/cluster/${local.name}-green" = "shared" - "kubernetes.io/role/internal-elb" = "1" + "kubernetes.io/role/internal-elb" = 1 } tags = local.tags diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf index e0e8aa74a1..aa27c040e5 100644 --- a/examples/external-secrets/main.tf +++ b/examples/external-secrets/main.tf @@ -57,7 +57,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -109,35 +109,24 @@ module "eks_blueprints_kubernetes_addons" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { - "kubernetes.io/cluster/${local.name}" = "shared" - "kubernetes.io/role/elb" = 1 + "kubernetes.io/role/elb" = 1 } private_subnet_tags = { - "kubernetes.io/cluster/${local.name}" = "shared" - "kubernetes.io/role/internal-elb" = 1 + "kubernetes.io/role/internal-elb" = 1 } tags = local.tags diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf index 874d4be04a..860beabffd 100644 --- a/examples/fargate-serverless/main.tf +++ b/examples/fargate-serverless/main.tf @@ -42,7 +42,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -149,26 +149,17 @@ module "eks_blueprints_kubernetes_addons" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] - - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/fully-private-cluster/main.tf b/examples/fully-private-cluster/main.tf index 7ff034f7eb..5777cfc851 100644 --- a/examples/fully-private-cluster/main.tf +++ b/examples/fully-private-cluster/main.tf @@ -24,7 +24,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -58,7 +58,7 @@ module "eks" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -66,17 +66,7 @@ module "vpc" { azs = local.azs private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] - enable_nat_gateway = false - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = false private_subnet_tags = { "kubernetes.io/role/internal-elb" = 1 @@ -114,7 +104,7 @@ module "vpc_endpoints_sg" { module "vpc_endpoints" { source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - version = "~> 3.0" + version = "~> 4.0" vpc_id = module.vpc.vpc_id security_group_ids = [module.vpc_endpoints_sg.security_group_id] diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf index 418f394d4c..5cc0ba5809 100644 --- a/examples/ipv4-prefix-delegation/main.tf +++ b/examples/ipv4-prefix-delegation/main.tf @@ -44,7 +44,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = local.cluster_version @@ -92,7 +92,7 @@ module "eks" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -101,17 +101,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/ipv6-eks-cluster/main.tf b/examples/ipv6-eks-cluster/main.tf index 2c66c81ed9..295372d435 100644 --- a/examples/ipv6-eks-cluster/main.tf +++ b/examples/ipv6-eks-cluster/main.tf @@ -42,7 +42,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -86,33 +86,17 @@ module "eks" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] - - enable_ipv6 = true - assign_ipv6_address_on_creation = true - create_egress_only_igw = true - - public_subnet_ipv6_prefixes = [0, 1, 2] - private_subnet_ipv6_prefixes = [3, 4, 5] - - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf index 2811a9868e..e6dc80d56d 100644 --- a/examples/karpenter/main.tf +++ b/examples/karpenter/main.tf @@ -60,7 +60,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -182,7 +182,7 @@ module "eks_blueprints_kubernetes_addons" { # Creates Karpenter native node termination handler resources and IAM instance profile module "karpenter" { source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "~> 19.9" + version = "~> 19.12" cluster_name = module.eks.cluster_name irsa_oidc_provider_arn = module.eks.oidc_provider_arn @@ -294,26 +294,17 @@ resource "kubectl_manifest" "karpenter_example_deployment" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] - - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/multi-tenancy-with-teams/main.tf b/examples/multi-tenancy-with-teams/main.tf index d674e329bf..4544113425 100644 --- a/examples/multi-tenancy-with-teams/main.tf +++ b/examples/multi-tenancy-with-teams/main.tf @@ -126,35 +126,24 @@ module "eks_blueprints" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { - "kubernetes.io/cluster/${local.name}" = "shared" - "kubernetes.io/role/elb" = 1 + "kubernetes.io/role/elb" = 1 } private_subnet_tags = { - "kubernetes.io/cluster/${local.name}" = "shared" - "kubernetes.io/role/internal-elb" = 1 + "kubernetes.io/role/internal-elb" = 1 } tags = local.tags diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf index b4b1491fea..89a2ded73e 100644 --- a/examples/stateful/main.tf +++ b/examples/stateful/main.tf @@ -46,7 +46,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -285,26 +285,17 @@ resource "kubernetes_storage_class_v1" "efs" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr azs = local.azs - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)] - - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf index 1a14f75b12..450588c327 100644 --- a/examples/tls-with-aws-pca-issuer/main.tf +++ b/examples/tls-with-aws-pca-issuer/main.tf @@ -51,7 +51,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -215,7 +215,7 @@ resource "kubectl_manifest" "pca_certificate" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -224,17 +224,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/vpc-cni-custom-networking/main.tf b/examples/vpc-cni-custom-networking/main.tf index 43ac65b121..c3585ac113 100644 --- a/examples/vpc-cni-custom-networking/main.tf +++ b/examples/vpc-cni-custom-networking/main.tf @@ -53,7 +53,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = local.cluster_version @@ -129,7 +129,7 @@ resource "kubectl_manifest" "eni_config" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -144,17 +144,8 @@ module "vpc" { public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf index 73f752d589..f0b0e89565 100644 --- a/examples/wireguard-with-cilium/main.tf +++ b/examples/wireguard-with-cilium/main.tf @@ -51,7 +51,7 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 19.12" cluster_name = local.name cluster_version = "1.24" @@ -220,7 +220,7 @@ resource "kubectl_manifest" "client" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 4.0" name = local.name cidr = local.vpc_cidr @@ -229,17 +229,8 @@ module "vpc" { private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - # Manage so we can name - manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } - manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } - manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + enable_nat_gateway = true + single_nat_gateway = true public_subnet_tags = { "kubernetes.io/role/elb" = 1