Skip to content

softwaremill/terraform-eks-bootstrap

BranchesTags

Repository files navigation

Terraform EKS module

The module is designed to create AWS EKS cluster with all necessary AWS resources such as:

  • VPC network and subnets with proper tagging,
  • Security Groups
  • NAT Gateways
  • AWS KMS encryption key to envelope encrypt Kubernetes Secrets
  • AWS EKS clusters with default node group

Available Features

Requirements

No requirements.

Providers

Name Version
aws 6.13.0
kubernetes 2.38.0

Modules

Name Source Version
ebs_csi_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.24.0
eks terraform-aws-modules/eks/aws 19.19.0
vpc terraform-aws-modules/vpc/aws 5.0.0

Resources

Name Type
kubernetes_storage_class.storage_class resource
aws_availability_zones.available data source
aws_caller_identity.current data source
aws_partition.current data source
aws_vpc.selected data source

Inputs

Name Description Type Default Required
additional_tags Additional tags to include map(string) {} no
create_aws_auth_configmap Should Terraform create aws_auth ConfigMap used for setting up cluster access bool false no
create_vpc Specifies if new VPC be created, if not vpc_id and subnet_ids variables need to be provided bool true no
eks_additional_cluster_addons Map of additional cluster addon configurations to enable for the cluster. any {} no
eks_cluster_auth_role AWS roles with access permission to EKS cluster 
list(object({
    rolearn : string
    username : string
    groups = list(string)
  }))
 [] no
eks_cluster_auth_user AWS users with access permission to EKS cluster 
list(object({
    userarn : string
    username : string
    groups = list(string)
  }))
 [] no
eks_cluster_endpoint_access EKS managed node group default configurations 
object({
    enable_public_access : bool
    enable_private_access : bool
  })
 
{
  "enable_private_access": false,
  "enable_public_access": true
}
 no
eks_cluster_fargate_profiles EKS Fargate profile object map(object({})) {} no
eks_cluster_log_types A list of the desired control plane logs to enable list(string) 
[
  "api",
  "audit",
  "authenticator"
]
 no
eks_cluster_name Name of the Kubernetes cluster string "eks-cluster" no
eks_cluster_node_groups EKS managed additional node group any {} no
eks_cluster_node_groups_default_configuration EKS managed node group default configurations any 
{
  "attach_cluster_primary_security_group": true,
  "desired_size": 3,
  "disk_size": 40,
  "instance_types": [
    "m5.large"
  ],
  "labels": {
    "node-group": "default"
  },
  "max_size": 5,
  "min_size": 1
}
 no
eks_cluster_version Kubernetes cluster version string "1.33" no
eks_create Specifies if actually create the EKS cluster bool true no
eks_create_kms_key Should KMS key to encrypt kubernetes secrets be generated bool true no
eks_default_cluster_addons Map of default cluster addon configurations to enable for the cluster. any 
{
  "coredns": {
    "most_recent": true,
    "preserve": true,
    "resolve_conflicts": "OVERWRITE"
  },
  "kube-proxy": {
    "most_recent": true,
    "preserve": true,
    "resolve_conflicts": "OVERWRITE"
  },
  "vpc-cni": {
    "most_recent": true,
    "preserve": true,
    "resolve_conflicts": "OVERWRITE"
  }
}
 no
eks_kms_key_administrators List of ARNs of users/roles that should have administrator access to the KMS key list(string) [] no
eks_kms_key_enable_default_policy Should default KMS key policy be created bool false no
eks_kms_key_owners List of ARNs of users/roles that should have owner access to the KMS key list(string) [] no
eks_kms_key_service_users A list of IAM ARNs for key service users list(string) [] no
eks_kms_key_users A list of IAM ARNs for key users list(string) [] no
eks_node_security_group_tags Map of tags for eks node sg map(string) {} no
eks_single_az Specifies if all node's should be deployed in the same AZ bool false no
eks_storage_classes EBS storage class with custom parameters 
list(object({
    name                      = string
    storage_class_provisioner = string
    parameters                = optional(map(string))
    volume_binding_mode       = optional(string)
    reclaim_policy            = optional(string)

    }
  ))
 [] no
enable_bastion True if bastion host should be created bool false no
enable_ebs_csi_driver Specifies if enable the EBS/CSI driver bool true no
environment Environment name string n/a yes
logs_retention_days Log retention in days number 14 no
manage_aws_auth_configmap Should Terraform manage aws_auth ConfigMap used for setting up cluster access bool true no
org Organization name - part of other resource names string "terraform" no
private_subnet_ids List of IDs of existing private subnets, only used when create_vpc is set to false list(string) [] no
public_subnet_ids List of IDs of existing public subnets, only used when create_vpc is set to false list(string) [] no
region n/a string "eu-central-1" no
vpc_cidr VPC CIDR address string "10.0.0.0/16" no
vpc_id ID of existing VPC, only used when create_vpc is set to false string "" no
vpc_nat_setting Enable NAT Gateway 
object({
    enable_nat_gateway : bool
    multi_az_nat_gateway : bool
  })
 
{
  "enable_nat_gateway": true,
  "multi_az_nat_gateway": false
}
 no

Outputs

Name Description
eks_cluster_arn ARN of the cluster
eks_cluster_certificate_authority_data Base64 encoded certificate data required to communicate with the cluster
eks_cluster_endpoint Endpoint for your Kubernetes API server
eks_cluster_id The id of the cluster
eks_cluster_name The name of the cluster
eks_cluster_oidc_issuer_arn The ARN on the EKS cluster OIDC provider
eks_cluster_oidc_issuer_url The URL on the EKS cluster OIDC Issuer
eks_cluster_primary_security_group_id The cluster primary security group ID created by the EKS cluster
eks_cluster_version The Kubernetes server version for the EKS cluster.
vpc_id The VPC ID
vpc_name The name of the VPC
vpc_nats_ids The list of allocation ID for Elastic IPs
vpc_private_route_table_ids The list of IDs of private route tables
vpc_private_subnets_ids The list of private subnets IDs associated with the VPC
vpc_public_route_table_ids The list of IDs of public route tables
vpc_public_subnets_ids The list of public subnets IDs associated with the VPC

eks_storage_classes variable

The eks_storage_classes variable takes the following parameters:

Name Description Type Default Required
name Standard storage class's name in metadata string "" Required
storage_class_provisioner Indicates the type of the provisioner string "" Required
parameters The parameters for the provisioner that should create volumes of this storage class. See the documentaion for the available parameters map(string) {} Optional
volume_binding_mode Indicates when volume binding and dynamic provisioning should occur string "WaitForFirstConsumer" Optional
reclaim_policy Indicates the reclaim policy to use string "Delete" Optional

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

20 watching

Forks

0 forks
Report repository

Releases 12

v0.0.12 Latest
Sep 15, 2025
+ 11 releases

Packages

No packages published

Contributors 9

Languages