From bcb1fd279d24f7694d17ac2c177cc29360e18a51 Mon Sep 17 00:00:00 2001 From: Tjeu Kayim <15987676+TjeuKayim@users.noreply.github.com> Date: Tue, 2 Feb 2021 14:41:59 +0100 Subject: [PATCH 1/9] fix: Replace deprecated list() --- README.md | 6 +++--- examples/create_false/main.tf | 6 +++--- local.tf | 2 +- modules/fargate/locals.tf | 4 ++-- outputs.tf | 14 +++++++------- workers_launch_template.tf | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index a513473299..0ece9121c0 100644 --- a/README.md +++ b/README.md @@ -86,9 +86,9 @@ data "aws_eks_cluster_auth" "cluster" { # In case of not creating the cluster, this will be an incompletely configured, unused provider, which poses no problem. provider "kubernetes" { - host = element(concat(data.aws_eks_cluster.cluster[*].endpoint, list("")), 0) - cluster_ca_certificate = base64decode(element(concat(data.aws_eks_cluster.cluster[*].certificate_authority.0.data, list("")), 0)) - token = element(concat(data.aws_eks_cluster_auth.cluster[*].token, list("")), 0) + host = element(concat(data.aws_eks_cluster.cluster[*].endpoint, [""]), 0) + cluster_ca_certificate = base64decode(element(concat(data.aws_eks_cluster.cluster[*].certificate_authority.0.data, [""]), 0)) + token = element(concat(data.aws_eks_cluster_auth.cluster[*].token, [""]), 0) load_config_file = false version = "1.10" } diff --git a/examples/create_false/main.tf b/examples/create_false/main.tf index 0aa61ef959..b58f0f5a21 100644 --- a/examples/create_false/main.tf +++ b/examples/create_false/main.tf @@ -13,9 +13,9 @@ data "aws_eks_cluster_auth" "cluster" { } provider "kubernetes" { - host = element(concat(data.aws_eks_cluster.cluster[*].endpoint, list("")), 0) - cluster_ca_certificate = base64decode(element(concat(data.aws_eks_cluster.cluster[*].certificate_authority.0.data, list("")), 0)) - token = element(concat(data.aws_eks_cluster_auth.cluster[*].token, list("")), 0) + host = element(concat(data.aws_eks_cluster.cluster[*].endpoint, [""]), 0) + cluster_ca_certificate = base64decode(element(concat(data.aws_eks_cluster.cluster[*].certificate_authority.0.data, [""]), 0)) + token = element(concat(data.aws_eks_cluster_auth.cluster[*].token, [""]), 0) load_config_file = false version = "~> 1.11" } diff --git a/local.tf b/local.tf index 09d62f0df2..517fe7ab97 100644 --- a/local.tf +++ b/local.tf @@ -1,7 +1,7 @@ locals { cluster_security_group_id = var.cluster_create_security_group ? join("", aws_security_group.cluster.*.id) : var.cluster_security_group_id - cluster_primary_security_group_id = var.cluster_version >= 1.14 ? element(concat(aws_eks_cluster.this[*].vpc_config[0].cluster_security_group_id, list("")), 0) : null + cluster_primary_security_group_id = var.cluster_version >= 1.14 ? element(concat(aws_eks_cluster.this[*].vpc_config[0].cluster_security_group_id, [""]), 0) : null cluster_iam_role_name = var.manage_cluster_iam_resources ? join("", aws_iam_role.cluster.*.name) : var.cluster_iam_role_name cluster_iam_role_arn = var.manage_cluster_iam_resources ? join("", aws_iam_role.cluster.*.arn) : join("", data.aws_iam_role.custom_cluster_iam_role.*.arn) worker_security_group_id = var.worker_create_security_group ? join("", aws_security_group.workers.*.id) : var.worker_security_group_id diff --git a/modules/fargate/locals.tf b/modules/fargate/locals.tf index 4216953b77..18ba96403b 100644 --- a/modules/fargate/locals.tf +++ b/modules/fargate/locals.tf @@ -1,7 +1,7 @@ locals { create_eks = var.create_eks && length(var.fargate_profiles) > 0 - pod_execution_role_arn = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.arn, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.arn, list("")), 0) - pod_execution_role_name = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.name, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.name, list("")), 0) + pod_execution_role_arn = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.arn, [""]), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.arn, [""]), 0) + pod_execution_role_name = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.name, [""]), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.name, [""]), 0) fargate_profiles_expanded = { for k, v in var.fargate_profiles : k => merge( v, diff --git a/outputs.tf b/outputs.tf index 3cf145236d..62d75aaf0f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,6 @@ output "cluster_id" { description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready" - value = element(concat(aws_eks_cluster.this.*.id, list("")), 0) + value = element(concat(aws_eks_cluster.this.*.id, [""]), 0) # So that calling plans wait for the cluster to be available before attempting # to use it. They will not need to duplicate this null_resource depends_on = [null_resource.wait_for_cluster] @@ -8,22 +8,22 @@ output "cluster_id" { output "cluster_arn" { description = "The Amazon Resource Name (ARN) of the cluster." - value = element(concat(aws_eks_cluster.this.*.arn, list("")), 0) + value = element(concat(aws_eks_cluster.this.*.arn, [""]), 0) } output "cluster_certificate_authority_data" { description = "Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster." - value = element(concat(aws_eks_cluster.this[*].certificate_authority[0].data, list("")), 0) + value = element(concat(aws_eks_cluster.this[*].certificate_authority[0].data, [""]), 0) } output "cluster_endpoint" { description = "The endpoint for your EKS Kubernetes API." - value = element(concat(aws_eks_cluster.this.*.endpoint, list("")), 0) + value = element(concat(aws_eks_cluster.this.*.endpoint, [""]), 0) } output "cluster_version" { description = "The Kubernetes server version for the EKS cluster." - value = element(concat(aws_eks_cluster.this[*].version, list("")), 0) + value = element(concat(aws_eks_cluster.this[*].version, [""]), 0) } output "cluster_security_group_id" { @@ -58,12 +58,12 @@ output "cluster_primary_security_group_id" { output "cloudwatch_log_group_name" { description = "Name of cloudwatch log group created" - value = element(concat(aws_cloudwatch_log_group.this[*].name, list("")), 0) + value = element(concat(aws_cloudwatch_log_group.this[*].name, [""]), 0) } output "cloudwatch_log_group_arn" { description = "Arn of cloudwatch log group created" - value = element(concat(aws_cloudwatch_log_group.this[*].arn, list("")), 0) + value = element(concat(aws_cloudwatch_log_group.this[*].arn, [""]), 0) } output "kubeconfig" { diff --git a/workers_launch_template.tf b/workers_launch_template.tf index f574fcc510..5ff606acbf 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -100,7 +100,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { dynamic "mixed_instances_policy" { iterator = item - for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? list(var.worker_groups_launch_template[count.index]) : [] + for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? toList([var.worker_groups_launch_template[count.index]]) : [] content { instances_distribution { From 083d71988f67ec2f806bdf049d5cf21914062b01 Mon Sep 17 00:00:00 2001 From: Tjeu Kayim <15987676+TjeuKayim@users.noreply.github.com> Date: Tue, 2 Feb 2021 14:39:24 +0100 Subject: [PATCH 2/9] fix: Use lowercase tolist Co-authored-by: Thierno IB. BARRY --- workers_launch_template.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 5ff606acbf..524ff31350 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -100,7 +100,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { dynamic "mixed_instances_policy" { iterator = item - for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? toList([var.worker_groups_launch_template[count.index]]) : [] + for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? tolist([var.worker_groups_launch_template[count.index]]) : [] content { instances_distribution { From 00177596b75d184e47b03be0b6de069a7a06b4fd Mon Sep 17 00:00:00 2001 From: Tjeu Kayim <15987676+TjeuKayim@users.noreply.github.com> Date: Tue, 2 Mar 2021 15:11:22 +0100 Subject: [PATCH 3/9] fix: Replace deprecated map() --- workers.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/workers.tf b/workers.tf index 8143e6a304..98bc327ef8 100644 --- a/workers.tf +++ b/workers.tf @@ -133,11 +133,11 @@ resource "aws_autoscaling_group" "workers" { ], [ for tag_key, tag_value in var.tags : - map( - "key", tag_key, - "value", tag_value, - "propagate_at_launch", "true" - ) + { + "key" = tag_key, + "value" = tag_value, + "propagate_at_launch" = "true" + } if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) ], lookup( From c045dacb139f2d002e63859ccafad7864da886b0 Mon Sep 17 00:00:00 2001 From: Tjeu Kayim <15987676+TjeuKayim@users.noreply.github.com> Date: Wed, 3 Mar 2021 10:28:54 +0100 Subject: [PATCH 4/9] fix: Remove redundant toList() Co-authored-by: Anton Babenko --- workers_launch_template.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 524ff31350..3a9676cbe1 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -100,7 +100,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { dynamic "mixed_instances_policy" { iterator = item - for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? tolist([var.worker_groups_launch_template[count.index]]) : [] + for_each = (lookup(var.worker_groups_launch_template[count.index], "override_instance_types", null) != null) || (lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_defaults["on_demand_allocation_strategy"]) != null) ? [var.worker_groups_launch_template[count.index]] : [] content { instances_distribution { From b00eb4941b6e2dad947a0b1e3243b3120d682cee Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 16 Apr 2021 09:29:55 +0200 Subject: [PATCH 5/9] Fixed code to work with Terraform 0.15 --- .gitignore | 47 ++- .pre-commit-config.yaml | 2 +- README.md | 280 +++++++++++------- examples/basic/main.tf | 26 +- examples/basic/versions.tf | 12 + examples/create_false/main.tf | 1 - examples/create_false/versions.tf | 8 + examples/fargate/main.tf | 22 +- examples/fargate/versions.tf | 12 + examples/irsa/main.tf | 20 +- examples/irsa/versions.tf | 12 + examples/launch_templates/main.tf | 26 +- examples/launch_templates/versions.tf | 12 + .../main.tf | 26 +- .../versions.tf | 12 + examples/managed_node_groups/main.tf | 26 +- examples/managed_node_groups/versions.tf | 12 + examples/secrets_encryption/main.tf | 26 +- examples/secrets_encryption/versions.tf | 12 + examples/spot_instances/main.tf | 26 +- examples/spot_instances/versions.tf | 12 + modules/fargate/README.md | 49 +-- modules/node_groups/README.md | 36 ++- 23 files changed, 381 insertions(+), 336 deletions(-) create mode 100644 examples/basic/versions.tf create mode 100644 examples/create_false/versions.tf create mode 100644 examples/fargate/versions.tf create mode 100644 examples/irsa/versions.tf create mode 100644 examples/launch_templates/versions.tf create mode 100644 examples/launch_templates_with_managed_node_groups/versions.tf create mode 100644 examples/managed_node_groups/versions.tf create mode 100644 examples/secrets_encryption/versions.tf create mode 100644 examples/spot_instances/versions.tf diff --git a/.gitignore b/.gitignore index db3aec7ca3..4759a205e3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,41 @@ -*.tfvars -*.tfstate* -.terraform/ -**/inspec.lock -*.gem -Gemfile.lock -terraform.tfstate.d/ eks-admin-cluster-role-binding.yaml eks-admin-service-account.yaml -.idea/ -*.iml config-map-aws-auth*.yaml kubeconfig_* -*.swp + +################################################################# +# Default .gitignore content for all terraform-aws-modules below +################################################################# + +.DS_Store + +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* +*.tfplan + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4949b1cbb5..6ef8a79bb9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.43.0 + rev: v1.48.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 0ece9121c0..49760204f9 100644 --- a/README.md +++ b/README.md @@ -144,129 +144,189 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | Name | Version | |------|---------| -| terraform | >= 0.12.9, != 0.13.0 | -| aws | >= 3.22.0 | -| kubernetes | >= 1.11.1 | -| local | >= 1.4 | -| null | >= 2.1 | -| random | >= 2.1 | -| template | >= 2.1 | +| [terraform](#requirement\_terraform) | >= 0.12.9, != 0.13.0 | +| [aws](#requirement\_aws) | >= 3.22.0 | +| [kubernetes](#requirement\_kubernetes) | >= 1.11.1 | +| [local](#requirement\_local) | >= 1.4 | +| [null](#requirement\_null) | >= 2.1 | +| [random](#requirement\_random) | >= 2.1 | +| [template](#requirement\_template) | >= 2.1 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.22.0 | -| kubernetes | >= 1.11.1 | -| local | >= 1.4 | -| null | >= 2.1 | -| random | >= 2.1 | -| template | >= 2.1 | +| [aws](#provider\_aws) | >= 3.22.0 | +| [kubernetes](#provider\_kubernetes) | >= 1.11.1 | +| [local](#provider\_local) | >= 1.4 | +| [null](#provider\_null) | >= 2.1 | +| [random](#provider\_random) | >= 2.1 | +| [template](#provider\_template) | >= 2.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [fargate](#module\_fargate) | ./modules/fargate | | +| [node\_groups](#module\_node\_groups) | ./modules/node_groups | | + +## Resources + +| Name | Type | +|------|------| +| [aws_autoscaling_group.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource | +| [aws_autoscaling_group.workers_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource | +| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource | +| [aws_iam_instance_profile.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_instance_profile.workers_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_openid_connect_provider.oidc_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource | +| [aws_iam_policy.cluster_elb_sl_role_creation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.cluster_elb_sl_role_creation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.workers_additional_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_launch_configuration.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource | +| [aws_launch_template.workers_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource | +| [aws_security_group.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.cluster_egress_internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.cluster_https_worker_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.cluster_primary_ingress_workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.cluster_private_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_egress_internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_ingress_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_ingress_cluster_https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_ingress_cluster_kubelet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_ingress_cluster_primary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.workers_ingress_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [kubernetes_config_map.aws_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource | +| [local_file.kubeconfig](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [null_resource.wait_for_cluster](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [random_pet.workers](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [random_pet.workers_launch_template](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_ami.eks_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [aws_ami.eks_worker_windows](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_instance_profile.custom_worker_group_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_instance_profile) | data source | +| [aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_instance_profile) | data source | +| [aws_iam_policy_document.cluster_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.cluster_elb_sl_role_creation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.workers_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.custom_cluster_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | +| [template_file.launch_template_userdata](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | +| [template_file.userdata](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| attach\_worker\_cni\_policy | Whether to attach the Amazon managed `AmazonEKS_CNI_Policy` IAM policy to the default worker IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster. | `bool` | `true` | no | -| aws\_auth\_additional\_labels | Additional kubernetes labels applied on aws-auth ConfigMap | `map(string)` | `{}` | no | -| cluster\_create\_endpoint\_private\_access\_sg\_rule | Whether to create security group rules for the access to the Amazon EKS private API server endpoint. | `bool` | `false` | no | -| cluster\_create\_security\_group | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | `bool` | `true` | no | -| cluster\_create\_timeout | Timeout value when creating the EKS cluster. | `string` | `"30m"` | no | -| cluster\_delete\_timeout | Timeout value when deleting the EKS cluster. | `string` | `"15m"` | no | -| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | `[]` | no | -| cluster\_encryption\_config | Configuration block with encryption configuration for the cluster. See examples/secrets\_encryption/main.tf for example format | 
list(object({
    provider_key_arn = string
    resources        = list(string)
  }))
| `[]` | no | -| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | `bool` | `false` | no | -| cluster\_endpoint\_private\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS private API server endpoint. | `list(string)` | `null` | no | -| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | `bool` | `true` | no | -| cluster\_endpoint\_public\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage\_cluster\_iam\_resources is set to false. Set this to reuse an existing IAM role. | `string` | `""` | no | -| cluster\_log\_kms\_key\_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `""` | no | -| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no | -| cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | `string` | n/a | yes | -| cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | `string` | `""` | no | -| cluster\_service\_ipv4\_cidr | service ipv4 cidr for the kubernetes cluster | `string` | `null` | no | -| cluster\_version | Kubernetes version to use for the EKS cluster. | `string` | n/a | yes | -| config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Assumed to be a directory if the value ends with a forward slash `/`. | `string` | `"./"` | no | -| create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | -| create\_fargate\_pod\_execution\_role | Controls if the EKS Fargate pod execution IAM role should be created. | `bool` | `true` | no | -| eks\_oidc\_root\_ca\_thumbprint | Thumbprint of Root CA for EKS OIDC, Valid until 2037 | `string` | `"9e99a48a9960b14926bb7f3b02e22da2b0ab7280"` | no | -| enable\_irsa | Whether to create OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no | -| fargate\_pod\_execution\_role\_name | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no | -| fargate\_profiles | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no | -| iam\_path | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no | -| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no | -| kubeconfig\_aws\_authenticator\_command | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no | -| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster\_name]. | `list(string)` | `[]` | no | -| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS\_PROFILE = "eks"}. | `map(string)` | `{}` | no | -| kubeconfig\_name | Override the default name used for items kubeconfig. | `string` | `""` | no | -| manage\_aws\_auth | Whether to apply the aws-auth configmap file. | `bool` | `true` | no | -| manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster\_iam\_role\_name must be specified. | `bool` | `true` | no | -| manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam\_instance\_profile\_name must be specified for workers. | `bool` | `true` | no | -| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | `list(string)` | `[]` | no | -| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | 
list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | -| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | 
list(object({
    userarn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | -| node\_groups | Map of map of node groups to create. See `node_groups` module's documentation for more details | `any` | `{}` | no | -| node\_groups\_defaults | Map of values to be applied to all node groups. See `node_groups` module's documentation for more details | `any` | `{}` | no | -| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no | -| subnets | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes | -| tags | A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only. | `map(string)` | `{}` | no | -| vpc\_id | VPC where the cluster and workers will be deployed. | `string` | n/a | yes | -| wait\_for\_cluster\_cmd | Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT | `string` | `"for i in `seq 1 60`; do if `command -v wget > /dev/null`; then wget --no-check-certificate -O - -q $ENDPOINT/healthz >/dev/null && exit 0 || true; else curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true;fi; sleep 5; done; echo TIMEOUT && exit 1"` | no | -| wait\_for\_cluster\_interpreter | Custom local-exec command line interpreter for the command to determining if the eks cluster is healthy. | `list(string)` | 
[
  "/bin/sh",
  "-c"
]
| no | -| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no | -| worker\_ami\_name\_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no | -| worker\_ami\_name\_filter\_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no | -| worker\_ami\_owner\_id | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"amazon"` | no | -| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"amazon"` | no | -| worker\_create\_cluster\_primary\_security\_group\_rules | Whether to create security group rules to allow communication between pods on workers and pods using the primary cluster security group. | `bool` | `false` | no | -| worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no | -| worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no | -| worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers\_group\_defaults for valid keys. | `any` | `[]` | no | -| worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. | `any` | `[]` | no | -| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no | -| worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | `number` | `1025` | no | -| workers\_additional\_policies | Additional policies to be added to workers | `list(string)` | `[]` | no | -| workers\_group\_defaults | Override default values for target groups. See workers\_group\_defaults\_defaults in local.tf for valid keys. | `any` | `{}` | no | -| workers\_role\_name | User defined workers role name. | `string` | `""` | no | -| write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | `bool` | `true` | no | +| [attach\_worker\_cni\_policy](#input\_attach\_worker\_cni\_policy) | Whether to attach the Amazon managed `AmazonEKS_CNI_Policy` IAM policy to the default worker IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster. | `bool` | `true` | no | +| [aws\_auth\_additional\_labels](#input\_aws\_auth\_additional\_labels) | Additional kubernetes labels applied on aws-auth ConfigMap | `map(string)` | `{}` | no | +| [cluster\_create\_endpoint\_private\_access\_sg\_rule](#input\_cluster\_create\_endpoint\_private\_access\_sg\_rule) | Whether to create security group rules for the access to the Amazon EKS private API server endpoint. | `bool` | `false` | no | +| [cluster\_create\_security\_group](#input\_cluster\_create\_security\_group) | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | `bool` | `true` | no | +| [cluster\_create\_timeout](#input\_cluster\_create\_timeout) | Timeout value when creating the EKS cluster. | `string` | `"30m"` | no | +| [cluster\_delete\_timeout](#input\_cluster\_delete\_timeout) | Timeout value when deleting the EKS cluster. | `string` | `"15m"` | no | +| [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | `[]` | no | +| [cluster\_encryption\_config](#input\_cluster\_encryption\_config) | Configuration block with encryption configuration for the cluster. See examples/secrets\_encryption/main.tf for example format | 
list(object({
    provider_key_arn = string
    resources        = list(string)
  }))
| `[]` | no | +| [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | `bool` | `false` | no | +| [cluster\_endpoint\_private\_access\_cidrs](#input\_cluster\_endpoint\_private\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS private API server endpoint. | `list(string)` | `null` | no | +| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | `bool` | `true` | no | +| [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [cluster\_iam\_role\_name](#input\_cluster\_iam\_role\_name) | IAM role name for the cluster. Only applicable if manage\_cluster\_iam\_resources is set to false. Set this to reuse an existing IAM role. | `string` | `""` | no | +| [cluster\_log\_kms\_key\_id](#input\_cluster\_log\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `""` | no | +| [cluster\_log\_retention\_in\_days](#input\_cluster\_log\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. Also used as a prefix in names of related resources. | `string` | n/a | yes | +| [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | `string` | `""` | no | +| [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | service ipv4 cidr for the kubernetes cluster | `string` | `null` | no | +| [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster. | `string` | n/a | yes | +| [config\_output\_path](#input\_config\_output\_path) | Where to save the Kubectl config file (if `write_kubeconfig = true`). Assumed to be a directory if the value ends with a forward slash `/`. | `string` | `"./"` | no | +| [create\_eks](#input\_create\_eks) | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | +| [create\_fargate\_pod\_execution\_role](#input\_create\_fargate\_pod\_execution\_role) | Controls if the EKS Fargate pod execution IAM role should be created. | `bool` | `true` | no | +| [eks\_oidc\_root\_ca\_thumbprint](#input\_eks\_oidc\_root\_ca\_thumbprint) | Thumbprint of Root CA for EKS OIDC, Valid until 2037 | `string` | `"9e99a48a9960b14926bb7f3b02e22da2b0ab7280"` | no | +| [enable\_irsa](#input\_enable\_irsa) | Whether to create OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no | +| [fargate\_pod\_execution\_role\_name](#input\_fargate\_pod\_execution\_role\_name) | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no | +| [fargate\_profiles](#input\_fargate\_profiles) | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no | +| [iam\_path](#input\_iam\_path) | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no | +| [kubeconfig\_aws\_authenticator\_additional\_args](#input\_kubeconfig\_aws\_authenticator\_additional\_args) | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no | +| [kubeconfig\_aws\_authenticator\_command](#input\_kubeconfig\_aws\_authenticator\_command) | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no | +| [kubeconfig\_aws\_authenticator\_command\_args](#input\_kubeconfig\_aws\_authenticator\_command\_args) | Default arguments passed to the authenticator command. Defaults to [token -i $cluster\_name]. | `list(string)` | `[]` | no | +| [kubeconfig\_aws\_authenticator\_env\_variables](#input\_kubeconfig\_aws\_authenticator\_env\_variables) | Environment variables that should be used when executing the authenticator. e.g. { AWS\_PROFILE = "eks"}. | `map(string)` | `{}` | no | +| [kubeconfig\_name](#input\_kubeconfig\_name) | Override the default name used for items kubeconfig. | `string` | `""` | no | +| [manage\_aws\_auth](#input\_manage\_aws\_auth) | Whether to apply the aws-auth configmap file. | `bool` | `true` | no | +| [manage\_cluster\_iam\_resources](#input\_manage\_cluster\_iam\_resources) | Whether to let the module manage cluster IAM resources. If set to false, cluster\_iam\_role\_name must be specified. | `bool` | `true` | no | +| [manage\_worker\_iam\_resources](#input\_manage\_worker\_iam\_resources) | Whether to let the module manage worker IAM resources. If set to false, iam\_instance\_profile\_name must be specified for workers. | `bool` | `true` | no | +| [map\_accounts](#input\_map\_accounts) | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | `list(string)` | `[]` | no | +| [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | 
list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | +| [map\_users](#input\_map\_users) | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | 
list(object({
    userarn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | +| [node\_groups](#input\_node\_groups) | Map of map of node groups to create. See `node_groups` module's documentation for more details | `any` | `{}` | no | +| [node\_groups\_defaults](#input\_node\_groups\_defaults) | Map of values to be applied to all node groups. See `node_groups` module's documentation for more details | `any` | `{}` | no | +| [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no | +| [subnets](#input\_subnets) | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes | +| [tags](#input\_tags) | A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only. | `map(string)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | VPC where the cluster and workers will be deployed. | `string` | n/a | yes | +| [wait\_for\_cluster\_cmd](#input\_wait\_for\_cluster\_cmd) | Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT | `string` | `"for i in `seq 1 60`; do if `command -v wget > /dev/null`; then wget --no-check-certificate -O - -q $ENDPOINT/healthz >/dev/null && exit 0 || true; else curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true;fi; sleep 5; done; echo TIMEOUT && exit 1"` | no | +| [wait\_for\_cluster\_interpreter](#input\_wait\_for\_cluster\_interpreter) | Custom local-exec command line interpreter for the command to determining if the eks cluster is healthy. | `list(string)` | 
[
  "/bin/sh",
  "-c"
]
| no | +| [worker\_additional\_security\_group\_ids](#input\_worker\_additional\_security\_group\_ids) | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no | +| [worker\_ami\_name\_filter](#input\_worker\_ami\_name\_filter) | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no | +| [worker\_ami\_name\_filter\_windows](#input\_worker\_ami\_name\_filter\_windows) | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no | +| [worker\_ami\_owner\_id](#input\_worker\_ami\_owner\_id) | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"amazon"` | no | +| [worker\_ami\_owner\_id\_windows](#input\_worker\_ami\_owner\_id\_windows) | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"amazon"` | no | +| [worker\_create\_cluster\_primary\_security\_group\_rules](#input\_worker\_create\_cluster\_primary\_security\_group\_rules) | Whether to create security group rules to allow communication between pods on workers and pods using the primary cluster security group. | `bool` | `false` | no | +| [worker\_create\_initial\_lifecycle\_hooks](#input\_worker\_create\_initial\_lifecycle\_hooks) | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no | +| [worker\_create\_security\_group](#input\_worker\_create\_security\_group) | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no | +| [worker\_groups](#input\_worker\_groups) | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers\_group\_defaults for valid keys. | `any` | `[]` | no | +| [worker\_groups\_launch\_template](#input\_worker\_groups\_launch\_template) | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. | `any` | `[]` | no | +| [worker\_security\_group\_id](#input\_worker\_security\_group\_id) | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no | +| [worker\_sg\_ingress\_from\_port](#input\_worker\_sg\_ingress\_from\_port) | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | `number` | `1025` | no | +| [workers\_additional\_policies](#input\_workers\_additional\_policies) | Additional policies to be added to workers | `list(string)` | `[]` | no | +| [workers\_group\_defaults](#input\_workers\_group\_defaults) | Override default values for target groups. See workers\_group\_defaults\_defaults in local.tf for valid keys. | `any` | `{}` | no | +| [workers\_role\_name](#input\_workers\_role\_name) | User defined workers role name. | `string` | `""` | no | +| [write\_kubeconfig](#input\_write\_kubeconfig) | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | `bool` | `true` | no | ## Outputs | Name | Description | |------|-------------| -| cloudwatch\_log\_group\_arn | Arn of cloudwatch log group created | -| cloudwatch\_log\_group\_name | Name of cloudwatch log group created | -| cluster\_arn | The Amazon Resource Name (ARN) of the cluster. | -| cluster\_certificate\_authority\_data | Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster. | -| cluster\_endpoint | The endpoint for your EKS Kubernetes API. | -| cluster\_iam\_role\_arn | IAM role ARN of the EKS cluster. | -| cluster\_iam\_role\_name | IAM role name of the EKS cluster. | -| cluster\_id | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready | -| cluster\_oidc\_issuer\_url | The URL on the EKS cluster OIDC Issuer | -| cluster\_primary\_security\_group\_id | The cluster primary security group ID created by the EKS cluster on 1.14 or later. Referred to as 'Cluster security group' in the EKS console. | -| cluster\_security\_group\_id | Security group ID attached to the EKS cluster. On 1.14 or later, this is the 'Additional security groups' in the EKS console. | -| cluster\_version | The Kubernetes server version for the EKS cluster. | -| config\_map\_aws\_auth | A kubernetes configuration to authenticate to this EKS cluster. | -| fargate\_iam\_role\_arn | IAM role ARN for EKS Fargate pods | -| fargate\_iam\_role\_name | IAM role name for EKS Fargate pods | -| fargate\_profile\_arns | Amazon Resource Name (ARN) of the EKS Fargate Profiles. | -| fargate\_profile\_ids | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). | -| kubeconfig | kubectl config file contents for this EKS cluster. | -| kubeconfig\_filename | The filename of the generated kubectl config. | -| node\_groups | Outputs from EKS node groups. Map of maps, keyed by var.node\_groups keys | -| oidc\_provider\_arn | The ARN of the OIDC Provider if `enable_irsa = true`. | -| security\_group\_rule\_cluster\_https\_worker\_ingress | Security group rule responsible for allowing pods to communicate with the EKS cluster API. | -| worker\_iam\_instance\_profile\_arns | default IAM instance profile ARN for EKS worker groups | -| worker\_iam\_instance\_profile\_names | default IAM instance profile name for EKS worker groups | -| worker\_iam\_role\_arn | default IAM role ARN for EKS worker groups | -| worker\_iam\_role\_name | default IAM role name for EKS worker groups | -| worker\_security\_group\_id | Security group ID attached to the EKS workers. | -| workers\_asg\_arns | IDs of the autoscaling groups containing workers. | -| workers\_asg\_names | Names of the autoscaling groups containing workers. | -| workers\_default\_ami\_id | ID of the default worker group AMI | -| workers\_launch\_template\_arns | ARNs of the worker launch templates. | -| workers\_launch\_template\_ids | IDs of the worker launch templates. | -| workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. | -| workers\_user\_data | User data of worker groups | - +| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | +| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster. | +| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster. | +| [cluster\_endpoint](#output\_cluster\_endpoint) | The endpoint for your EKS Kubernetes API. | +| [cluster\_iam\_role\_arn](#output\_cluster\_iam\_role\_arn) | IAM role ARN of the EKS cluster. | +| [cluster\_iam\_role\_name](#output\_cluster\_iam\_role\_name) | IAM role name of the EKS cluster. | +| [cluster\_id](#output\_cluster\_id) | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready | +| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster OIDC Issuer | +| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | The cluster primary security group ID created by the EKS cluster on 1.14 or later. Referred to as 'Cluster security group' in the EKS console. | +| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group ID attached to the EKS cluster. On 1.14 or later, this is the 'Additional security groups' in the EKS console. | +| [cluster\_version](#output\_cluster\_version) | The Kubernetes server version for the EKS cluster. | +| [config\_map\_aws\_auth](#output\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. | +| [fargate\_iam\_role\_arn](#output\_fargate\_iam\_role\_arn) | IAM role ARN for EKS Fargate pods | +| [fargate\_iam\_role\_name](#output\_fargate\_iam\_role\_name) | IAM role name for EKS Fargate pods | +| [fargate\_profile\_arns](#output\_fargate\_profile\_arns) | Amazon Resource Name (ARN) of the EKS Fargate Profiles. | +| [fargate\_profile\_ids](#output\_fargate\_profile\_ids) | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). | +| [kubeconfig](#output\_kubeconfig) | kubectl config file contents for this EKS cluster. | +| [kubeconfig\_filename](#output\_kubeconfig\_filename) | The filename of the generated kubectl config. | +| [node\_groups](#output\_node\_groups) | Outputs from EKS node groups. Map of maps, keyed by var.node\_groups keys | +| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true`. | +| [security\_group\_rule\_cluster\_https\_worker\_ingress](#output\_security\_group\_rule\_cluster\_https\_worker\_ingress) | Security group rule responsible for allowing pods to communicate with the EKS cluster API. | +| [worker\_iam\_instance\_profile\_arns](#output\_worker\_iam\_instance\_profile\_arns) | default IAM instance profile ARN for EKS worker groups | +| [worker\_iam\_instance\_profile\_names](#output\_worker\_iam\_instance\_profile\_names) | default IAM instance profile name for EKS worker groups | +| [worker\_iam\_role\_arn](#output\_worker\_iam\_role\_arn) | default IAM role ARN for EKS worker groups | +| [worker\_iam\_role\_name](#output\_worker\_iam\_role\_name) | default IAM role name for EKS worker groups | +| [worker\_security\_group\_id](#output\_worker\_security\_group\_id) | Security group ID attached to the EKS workers. | +| [workers\_asg\_arns](#output\_workers\_asg\_arns) | IDs of the autoscaling groups containing workers. | +| [workers\_asg\_names](#output\_workers\_asg\_names) | Names of the autoscaling groups containing workers. | +| [workers\_default\_ami\_id](#output\_workers\_default\_ami\_id) | ID of the default worker group AMI | +| [workers\_launch\_template\_arns](#output\_workers\_launch\_template\_arns) | ARNs of the worker launch templates. | +| [workers\_launch\_template\_ids](#output\_workers\_launch\_template\_ids) | IDs of the worker launch templates. | +| [workers\_launch\_template\_latest\_versions](#output\_workers\_launch\_template\_latest\_versions) | Latest versions of the worker launch templates. | +| [workers\_user\_data](#output\_workers\_user\_data) | User data of worker groups | diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 5cfedac88d..a1e443290a 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.0" -} - provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -100,7 +78,7 @@ resource "aws_security_group" "all_worker_mgmt" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc" cidr = "10.0.0.0/16" diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/basic/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/create_false/main.tf b/examples/create_false/main.tf index b58f0f5a21..0afffcd2b4 100644 --- a/examples/create_false/main.tf +++ b/examples/create_false/main.tf @@ -17,7 +17,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(element(concat(data.aws_eks_cluster.cluster[*].certificate_authority.0.data, [""]), 0)) token = element(concat(data.aws_eks_cluster_auth.cluster[*].token, [""]), 0) load_config_file = false - version = "~> 1.11" } module "eks" { diff --git a/examples/create_false/versions.tf b/examples/create_false/versions.tf new file mode 100644 index 0000000000..b855c76273 --- /dev/null +++ b/examples/create_false/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + kubernetes = "~> 1.11" + } +} diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf index 7fd0118c96..167805d185 100644 --- a/examples/fargate/main.tf +++ b/examples/fargate/main.tf @@ -3,24 +3,7 @@ terraform { } provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +19,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -53,7 +35,7 @@ resource "random_string" "suffix" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc" cidr = "172.16.0.0/16" diff --git a/examples/fargate/versions.tf b/examples/fargate/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/fargate/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/irsa/main.tf b/examples/irsa/main.tf index de0186da8e..f881547262 100644 --- a/examples/irsa/main.tf +++ b/examples/irsa/main.tf @@ -1,22 +1,5 @@ -terraform { - required_version = ">= 0.12.0" -} - provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -32,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" {} diff --git a/examples/irsa/versions.tf b/examples/irsa/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/irsa/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/launch_templates/main.tf b/examples/launch_templates/main.tf index c17d5a9dfd..2501d6daa6 100644 --- a/examples/launch_templates/main.tf +++ b/examples/launch_templates/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.2" -} - provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -53,7 +31,7 @@ resource "random_string" "suffix" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc-lt" cidr = "10.0.0.0/16" diff --git a/examples/launch_templates/versions.tf b/examples/launch_templates/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/launch_templates/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/launch_templates_with_managed_node_groups/main.tf b/examples/launch_templates_with_managed_node_groups/main.tf index 004aa07d1a..95c43a38f0 100644 --- a/examples/launch_templates_with_managed_node_groups/main.tf +++ b/examples/launch_templates_with_managed_node_groups/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.9" -} - provider "aws" { - version = ">= 3.3.0" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~>1.4" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -53,7 +31,7 @@ resource "random_string" "suffix" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc" cidr = "172.16.0.0/16" diff --git a/examples/launch_templates_with_managed_node_groups/versions.tf b/examples/launch_templates_with_managed_node_groups/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/launch_templates_with_managed_node_groups/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/managed_node_groups/main.tf b/examples/managed_node_groups/main.tf index 1bf66a0375..c2e910e4a5 100644 --- a/examples/managed_node_groups/main.tf +++ b/examples/managed_node_groups/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.6" -} - provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -53,7 +31,7 @@ resource "random_string" "suffix" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc" cidr = "172.16.0.0/16" diff --git a/examples/managed_node_groups/versions.tf b/examples/managed_node_groups/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/managed_node_groups/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/secrets_encryption/main.tf b/examples/secrets_encryption/main.tf index 337219c4a7..4612700f20 100644 --- a/examples/secrets_encryption/main.tf +++ b/examples/secrets_encryption/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.0" -} - provider "aws" { - version = ">= 2.52.0" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -57,7 +35,7 @@ resource "aws_kms_key" "eks" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc" cidr = "10.0.0.0/16" diff --git a/examples/secrets_encryption/versions.tf b/examples/secrets_encryption/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/secrets_encryption/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/examples/spot_instances/main.tf b/examples/spot_instances/main.tf index d2f77f76d7..67215d16a9 100644 --- a/examples/spot_instances/main.tf +++ b/examples/spot_instances/main.tf @@ -1,26 +1,5 @@ -terraform { - required_version = ">= 0.12.2" -} - provider "aws" { - version = ">= 2.28.1" - region = var.region -} - -provider "random" { - version = "~> 2.1" -} - -provider "local" { - version = "~> 1.2" -} - -provider "null" { - version = "~> 2.1" -} - -provider "template" { - version = "~> 2.1" + region = var.region } data "aws_eks_cluster" "cluster" { @@ -36,7 +15,6 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token load_config_file = false - version = "~> 1.11" } data "aws_availability_zones" "available" { @@ -53,7 +31,7 @@ resource "random_string" "suffix" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.47.0" + version = "~> 2.47" name = "test-vpc-spot" cidr = "10.0.0.0/16" diff --git a/examples/spot_instances/versions.tf b/examples/spot_instances/versions.tf new file mode 100644 index 0000000000..2a174293b0 --- /dev/null +++ b/examples/spot_instances/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = ">= 3.22.0" + local = ">= 1.4" + null = ">= 2.1" + template = ">= 2.1" + random = ">= 2.1" + kubernetes = "~> 1.11" + } +} diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 8b4c72f25e..7398696df0 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -25,32 +25,45 @@ No requirements. | Name | Version | |------|---------| -| aws | n/a | +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_eks_fargate_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | resource | +| [aws_iam_role.eks_fargate_pod](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.eks_fargate_pod](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.eks_fargate_pod_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_role.custom_fargate_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cluster\_name | Name of the EKS cluster. | `string` | n/a | yes | -| create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | -| create\_fargate\_pod\_execution\_role | Controls if the the IAM Role that provides permissions for the EKS Fargate Profile should be created. | `bool` | `true` | no | -| eks\_depends\_on | List of references to other resources this submodule depends on. | `any` | `null` | no | -| fargate\_pod\_execution\_role\_name | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no | -| fargate\_profiles | Fargate profiles to create. See `fargate_profile` keys section in README.md for more details | `any` | `{}` | no | -| iam\_path | IAM roles will be created on this path. | `string` | `"/"` | no | -| iam\_policy\_arn\_prefix | IAM policy prefix with the correct AWS partition. | `string` | n/a | yes | -| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no | -| subnets | A list of subnets for the EKS Fargate profiles. | `list(string)` | `[]` | no | -| tags | A map of tags to add to all resources. | `map(string)` | `{}` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. | `string` | n/a | yes | +| [create\_eks](#input\_create\_eks) | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | +| [create\_fargate\_pod\_execution\_role](#input\_create\_fargate\_pod\_execution\_role) | Controls if the the IAM Role that provides permissions for the EKS Fargate Profile should be created. | `bool` | `true` | no | +| [eks\_depends\_on](#input\_eks\_depends\_on) | List of references to other resources this submodule depends on. | `any` | `null` | no | +| [fargate\_pod\_execution\_role\_name](#input\_fargate\_pod\_execution\_role\_name) | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no | +| [fargate\_profiles](#input\_fargate\_profiles) | Fargate profiles to create. See `fargate_profile` keys section in README.md for more details | `any` | `{}` | no | +| [iam\_path](#input\_iam\_path) | IAM roles will be created on this path. | `string` | `"/"` | no | +| [iam\_policy\_arn\_prefix](#input\_iam\_policy\_arn\_prefix) | IAM policy prefix with the correct AWS partition. | `string` | n/a | yes | +| [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no | +| [subnets](#input\_subnets) | A list of subnets for the EKS Fargate profiles. | `list(string)` | `[]` | no | +| [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| aws\_auth\_roles | Roles for use in aws-auth ConfigMap | -| fargate\_profile\_arns | Amazon Resource Name (ARN) of the EKS Fargate Profiles. | -| fargate\_profile\_ids | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). | -| iam\_role\_arn | IAM role ARN for EKS Fargate pods | -| iam\_role\_name | IAM role name for EKS Fargate pods | - +| [aws\_auth\_roles](#output\_aws\_auth\_roles) | Roles for use in aws-auth ConfigMap | +| [fargate\_profile\_arns](#output\_fargate\_profile\_arns) | Amazon Resource Name (ARN) of the EKS Fargate Profiles. | +| [fargate\_profile\_ids](#output\_fargate\_profile\_ids) | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). | +| [iam\_role\_arn](#output\_iam\_role\_arn) | IAM role ARN for EKS Fargate pods | +| [iam\_role\_name](#output\_iam\_role\_name) | IAM role name for EKS Fargate pods | diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index e7a1967dc6..511e741b8e 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -45,27 +45,37 @@ No requirements. | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| [aws](#provider\_aws) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_eks_node_group.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource | +| [random_pet.node_groups](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cluster\_name | Name of parent cluster | `string` | n/a | yes | -| create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | -| default\_iam\_role\_arn | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | `string` | n/a | yes | -| ng\_depends\_on | List of references to other resources this submodule depends on | `any` | `null` | no | -| node\_groups | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no | -| node\_groups\_defaults | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes | -| tags | A map of tags to add to all resources | `map(string)` | n/a | yes | -| workers\_group\_defaults | Workers group defaults from parent | `any` | n/a | yes | +| [cluster\_name](#input\_cluster\_name) | Name of parent cluster | `string` | n/a | yes | +| [create\_eks](#input\_create\_eks) | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no | +| [default\_iam\_role\_arn](#input\_default\_iam\_role\_arn) | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | `string` | n/a | yes | +| [ng\_depends\_on](#input\_ng\_depends\_on) | List of references to other resources this submodule depends on | `any` | `null` | no | +| [node\_groups](#input\_node\_groups) | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no | +| [node\_groups\_defaults](#input\_node\_groups\_defaults) | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes | +| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes | +| [workers\_group\_defaults](#input\_workers\_group\_defaults) | Workers group defaults from parent | `any` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| aws\_auth\_roles | Roles for use in aws-auth ConfigMap | -| node\_groups | Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values | - +| [aws\_auth\_roles](#output\_aws\_auth\_roles) | Roles for use in aws-auth ConfigMap | +| [node\_groups](#output\_node\_groups) | Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values | From 9c0be935c1ffdd08714a94ca913730ee3a0e9ab2 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 16 Apr 2021 09:32:53 +0200 Subject: [PATCH 6/9] Use the same GH Actions to run all pre-commit checks as on other terraform-aws-modules --- .github/workflows/lint.yml | 82 ------------------------- .github/workflows/pre-commit.yml | 102 +++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+), 82 deletions(-) delete mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/pre-commit.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 13f9c894af..0000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Lint -on: [push, pull_request] - -jobs: - tflint: - name: TFLint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - name: TFLint - uses: docker://wata727/tflint - - fmt: - name: Code Format - runs-on: ubuntu-latest - container: - image: hashicorp/terraform:latest - steps: - - uses: actions/checkout@master - - run: terraform fmt --recursive -check=true - - docs: - name: Docs - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - uses: actions/setup-python@v2 - - name: Install terraform-docs - run: | - # Get the download url of the latest version of terraform-docs - tf_docs_download_url=$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | jq -rc '.assets[] | select( .name | contains("linux-amd64")).browser_download_url') - mkdir -p $GITHUB_WORKSPACE/bin - curl -Lo $GITHUB_WORKSPACE/bin/terraform-docs $tf_docs_download_url - chmod +x $GITHUB_WORKSPACE/bin/terraform-docs - echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH - - name: Check Docs - uses: pre-commit/action@v2.0.0 - with: - extra_args: --show-diff-on-failure --all-files terraform_docs - - validate: - name: Validate - runs-on: ubuntu-latest - container: - image: hashicorp/terraform:0.12.29 - steps: - - uses: actions/checkout@master - - name: Validate Code - env: - AWS_REGION: 'us-east-1' - TF_WARN_OUTPUT_ERRORS: 1 - TF_VAR_vpc_id: 'vpc-123456' - TF_VAR_subnets: '["subnet-12345a"]' - TF_VAR_workers_ami_id: 'ami-123456' - TF_VAR_cluster_name: 'test_cluster' - run: | - terraform init - terraform validate - - name: Validate Examples - run: | - for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do - cd $example - terraform init - terraform validate - cd - - done - - minimum: - name: Minimum version check - runs-on: ubuntu-latest - container: - image: hashicorp/terraform:0.12.9 - steps: - - uses: actions/checkout@master - - name: Validate Code - env: - AWS_REGION: 'us-east-1' - TF_WARN_OUTPUT_ERRORS: 1 - run: | - sed -i -e 's/>=/=/' -e 's/ \(\d\+\.\d\+\)"/ \1.0"/' versions.tf - terraform init - terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster" diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000000..59cd0a8967 --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,102 @@ +name: Pre-Commit + +on: + pull_request: + push: + branches: + - master + +jobs: + # Min Terraform version(s) + getDirectories: + name: Get root directories + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Build matrix + id: matrix + run: | + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + echo "::set-output name=directories::$DIRS" + outputs: + directories: ${{ steps.matrix.outputs.directories }} + + preCommitMinVersions: + name: Min TF validate + needs: getDirectories + runs-on: ubuntu-latest + strategy: + matrix: + directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Terraform min/max versions + id: minMax + uses: clowdhaus/terraform-min-max@v1.0.1 + with: + directory: ${{ matrix.directory }} + - name: Install Terraform v${{ steps.minMax.outputs.minVersion }} + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ steps.minMax.outputs.minVersion }} + - name: Install pre-commit dependencies + run: pip install pre-commit + - name: Execute pre-commit + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory != '.' }} + run: + pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/* + - name: Execute pre-commit + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory == '.' }} + run: + pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) + + + # Max Terraform version + getBaseVersion: + name: Module max TF version + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Terraform min/max versions + id: minMax + uses: clowdhaus/terraform-min-max@v1.0.1 + outputs: + minVersion: ${{ steps.minMax.outputs.minVersion }} + maxVersion: ${{ steps.minMax.outputs.maxVersion }} + + preCommitMaxVersion: + name: Max TF pre-commit + runs-on: ubuntu-latest + needs: getBaseVersion + strategy: + fail-fast: false + matrix: + version: + - ${{ needs.getBaseVersion.outputs.maxVersion }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Install Terraform v${{ matrix.version }} + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ matrix.version }} + - name: Install pre-commit dependencies + run: | + pip install pre-commit + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ + - name: Execute pre-commit + # Run all pre-commit checks on max version supported + if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} + run: pre-commit run --color=always --show-diff-on-failure --all-files From 335b1bd26b6836ebfbf22c654695d382d935f17c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 16 Apr 2021 09:38:00 +0200 Subject: [PATCH 7/9] Set minimum version of Terraform to 0.13.1 --- examples/basic/versions.tf | 2 +- examples/create_false/versions.tf | 2 +- examples/fargate/versions.tf | 2 +- examples/irsa/versions.tf | 2 +- examples/launch_templates/versions.tf | 2 +- examples/launch_templates_with_managed_node_groups/versions.tf | 2 +- examples/managed_node_groups/versions.tf | 2 +- examples/secrets_encryption/versions.tf | 2 +- examples/spot_instances/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/basic/versions.tf +++ b/examples/basic/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/create_false/versions.tf b/examples/create_false/versions.tf index b855c76273..9b73d00523 100644 --- a/examples/create_false/versions.tf +++ b/examples/create_false/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/fargate/versions.tf b/examples/fargate/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/fargate/versions.tf +++ b/examples/fargate/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/irsa/versions.tf b/examples/irsa/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/irsa/versions.tf +++ b/examples/irsa/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/launch_templates/versions.tf b/examples/launch_templates/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/launch_templates/versions.tf +++ b/examples/launch_templates/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/launch_templates_with_managed_node_groups/versions.tf b/examples/launch_templates_with_managed_node_groups/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/launch_templates_with_managed_node_groups/versions.tf +++ b/examples/launch_templates_with_managed_node_groups/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/managed_node_groups/versions.tf b/examples/managed_node_groups/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/managed_node_groups/versions.tf +++ b/examples/managed_node_groups/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/secrets_encryption/versions.tf b/examples/secrets_encryption/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/secrets_encryption/versions.tf +++ b/examples/secrets_encryption/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/examples/spot_instances/versions.tf b/examples/spot_instances/versions.tf index 2a174293b0..c9f4a4d350 100644 --- a/examples/spot_instances/versions.tf +++ b/examples/spot_instances/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" diff --git a/versions.tf b/versions.tf index a5eb7b6c67..f7aaf8d90c 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.9, != 0.13.0" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.22.0" From 176ce9abf1e502956dddd37a918167c20088f3af Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 16 Apr 2021 09:44:29 +0200 Subject: [PATCH 8/9] Defined version requirements for submodules also --- README.md | 2 +- modules/fargate/README.md | 7 +++++-- modules/fargate/data.tf | 2 +- modules/fargate/versions.tf | 7 +++++++ modules/node_groups/README.md | 10 +++++++--- modules/node_groups/versions.tf | 8 ++++++++ workers.tf | 4 ++-- workers_launch_template.tf | 6 +++--- 8 files changed, 34 insertions(+), 12 deletions(-) create mode 100644 modules/fargate/versions.tf create mode 100644 modules/node_groups/versions.tf diff --git a/README.md b/README.md index 49760204f9..4687b2e829 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.9, != 0.13.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.22.0 | | [kubernetes](#requirement\_kubernetes) | >= 1.11.1 | | [local](#requirement\_local) | >= 1.4 | diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 7398696df0..d31e59735b 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -19,13 +19,16 @@ Helper submodule to create and manage resources related to `aws_eks_fargate_prof ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.22.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | +| [aws](#provider\_aws) | >= 3.22.0 | ## Modules diff --git a/modules/fargate/data.tf b/modules/fargate/data.tf index ee8e0d8e96..fc41f4924c 100644 --- a/modules/fargate/data.tf +++ b/modules/fargate/data.tf @@ -12,6 +12,6 @@ data "aws_iam_policy_document" "eks_fargate_pod_assume_role" { } data "aws_iam_role" "custom_fargate_iam_role" { - count = local.create_eks && !var.create_fargate_pod_execution_role ? 1 : 0 + count = local.create_eks && ! var.create_fargate_pod_execution_role ? 1 : 0 name = var.fargate_pod_execution_role_name } diff --git a/modules/fargate/versions.tf b/modules/fargate/versions.tf new file mode 100644 index 0000000000..1263d791e8 --- /dev/null +++ b/modules/fargate/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = ">= 3.22.0" + } +} diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 511e741b8e..574be73214 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -39,14 +39,18 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.22.0 | +| [random](#requirement\_random) | >= 2.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | -| [random](#provider\_random) | n/a | +| [aws](#provider\_aws) | >= 3.22.0 | +| [random](#provider\_random) | >= 2.1 | ## Modules diff --git a/modules/node_groups/versions.tf b/modules/node_groups/versions.tf new file mode 100644 index 0000000000..9fb30e02ba --- /dev/null +++ b/modules/node_groups/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = ">= 3.22.0" + random = ">= 2.1" + } +} diff --git a/workers.tf b/workers.tf index 98bc327ef8..7c69bb0295 100644 --- a/workers.tf +++ b/workers.tf @@ -138,7 +138,7 @@ resource "aws_autoscaling_group" "workers" { "value" = tag_value, "propagate_at_launch" = "true" } - if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) ], lookup( var.worker_groups[count.index], @@ -199,7 +199,7 @@ resource "aws_launch_configuration" "workers" { ebs_optimized = lookup( var.worker_groups[count.index], "ebs_optimized", - !contains( + ! contains( local.ebs_optimized_not_supported, lookup( var.worker_groups[count.index], diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 3a9676cbe1..e19f677cb7 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -214,7 +214,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { "value", tag_value, "propagate_at_launch", "true" ) - if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) ], lookup( var.worker_groups_launch_template[count.index], @@ -302,7 +302,7 @@ resource "aws_launch_template" "workers_launch_template" { ebs_optimized = lookup( var.worker_groups_launch_template[count.index], "ebs_optimized", - !contains( + ! contains( local.ebs_optimized_not_supported, lookup( var.worker_groups_launch_template[count.index], @@ -481,7 +481,7 @@ resource "aws_launch_template" "workers_launch_template" { }, { for tag_key, tag_value in var.tags : tag_key => tag_value - if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) } ) } From e498afeb4ea344755ecf1459c3866b69ab1fbf87 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 16 Apr 2021 09:48:43 +0200 Subject: [PATCH 9/9] Fixed formatting with Terraform 0.15 --- modules/fargate/data.tf | 2 +- workers.tf | 4 ++-- workers_launch_template.tf | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/fargate/data.tf b/modules/fargate/data.tf index fc41f4924c..ee8e0d8e96 100644 --- a/modules/fargate/data.tf +++ b/modules/fargate/data.tf @@ -12,6 +12,6 @@ data "aws_iam_policy_document" "eks_fargate_pod_assume_role" { } data "aws_iam_role" "custom_fargate_iam_role" { - count = local.create_eks && ! var.create_fargate_pod_execution_role ? 1 : 0 + count = local.create_eks && !var.create_fargate_pod_execution_role ? 1 : 0 name = var.fargate_pod_execution_role_name } diff --git a/workers.tf b/workers.tf index 7c69bb0295..98bc327ef8 100644 --- a/workers.tf +++ b/workers.tf @@ -138,7 +138,7 @@ resource "aws_autoscaling_group" "workers" { "value" = tag_value, "propagate_at_launch" = "true" } - if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) ], lookup( var.worker_groups[count.index], @@ -199,7 +199,7 @@ resource "aws_launch_configuration" "workers" { ebs_optimized = lookup( var.worker_groups[count.index], "ebs_optimized", - ! contains( + !contains( local.ebs_optimized_not_supported, lookup( var.worker_groups[count.index], diff --git a/workers_launch_template.tf b/workers_launch_template.tf index e19f677cb7..3a9676cbe1 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -214,7 +214,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { "value", tag_value, "propagate_at_launch", "true" ) - if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) ], lookup( var.worker_groups_launch_template[count.index], @@ -302,7 +302,7 @@ resource "aws_launch_template" "workers_launch_template" { ebs_optimized = lookup( var.worker_groups_launch_template[count.index], "ebs_optimized", - ! contains( + !contains( local.ebs_optimized_not_supported, lookup( var.worker_groups_launch_template[count.index], @@ -481,7 +481,7 @@ resource "aws_launch_template" "workers_launch_template" { }, { for tag_key, tag_value in var.tags : tag_key => tag_value - if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) + if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key) } ) }