| addons |
Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with name |
any |
{} |
no |
| aws_auth_roles |
List of additional IAM roles maps to add to the aws-auth configmap.
See https://github.com/terraform-aws-modules/terraform-aws-eks/blob/v18.24.1/examples/complete/main.tf#L206 for example format. |
list(object({
rolearn = string
username = string
groups = list(string)
})) |
[] |
no |
| aws_auth_users |
List of additional IAM users maps to add to the aws-auth configmap.
See https://github.com/terraform-aws-modules/terraform-aws-eks/blob/v18.24.1/examples/complete/main.tf#L214 for example format. |
list(object({
userarn = string
username = string
groups = list(string)
})) |
[] |
no |
| cloudwatch_log_group_retention_in_days |
Number of days to retain log events. Default retention - 7 days. |
number |
7 |
no |
| cluster_additional_security_group_ids |
List of additional, externally created security group IDs to attach to the cluster control plane. |
list(string) |
[] |
no |
| cluster_enabled_log_types |
A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). |
list(string) |
[
"authenticator"
] |
no |
| cluster_encryption_config |
Configuration block with encryption configuration for the cluster |
any |
{
"resources": [
"secrets"
]
} |
no |
| cluster_endpoint_private_access |
Indicates whether or not the Amazon EKS private API server endpoint is enabled. |
bool |
true |
no |
| cluster_endpoint_public_access |
Indicates whether or not the Amazon EKS public API server endpoint is enabled. |
bool |
true |
no |
| cluster_endpoint_public_access_cidrs |
List of CIDR blocks which can access the Amazon EKS public API server endpoint. |
list(string) |
[
"0.0.0.0/0"
] |
no |
| cluster_name |
Name of the EKS cluster. |
string |
"" |
no |
| cluster_security_group_additional_rules |
List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source. |
any |
{} |
no |
| cluster_short_name |
Short name of the EKS cluster. |
string |
"" |
no |
| cluster_version |
Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.25). |
string |
"1.25" |
no |
| create_kms_key |
In the 18.x version of public module terraform-aws-eks, 'create_kms_key' was 'false', but in the 19.x version it is 'true'. Clusters created with this module now default to enabling secret encryption by default with a customer-managed KMS key created by this module. But we do not want this. We will use the KMS created by another module in the AWS account. |
bool |
false |
no |
| eks_managed_node_group_defaults |
Map of EKS managed node group default configurations |
any |
{} |
no |
| eks_managed_node_groups |
Map of EKS managed node group definitions to create |
any |
{} |
no |
| iam_role_name |
Name to use on IAM role created. |
string |
null |
no |
| mng_ami_type |
Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Valid values are AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64, CUSTOM, BOTTLEROCKET_ARM_64, BOTTLEROCKET_x86_64 |
string |
"AL2_ARM_64" |
no |
| node_security_group_additional_rules |
List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source. |
any |
{} |
no |
| node_security_group_enable_recommended_rules |
Determines whether to enable recommended security group rules for the node security group created. This includes node-to-node TCP ingress on ephemeral ports and allows all egress traffic. |
bool |
true |
no |
| node_security_group_tags |
A map of additional tags to add to the node security group created. |
map(string) |
{} |
no |
| self_managed_node_group_defaults |
Map of self-managed node group default configurations |
any |
{} |
no |
| self_managed_node_groups |
Map of self-managed node group definitions to create |
any |
{} |
no |
| sensedia_rbac |
Sensedia RBAC to give access to developers. |
any |
{} |
no |
| subnet_ids |
A list of subnet IDs where the nodes/node groups will be provisioned. If control_plane_subnet_ids is not provided, the EKS cluster control plane (ENIs) will be provisioned in these subnets. |
list(string) |
[] |
no |
| tags |
A map of tags to add to all resources. |
map(string) |
{} |
no |
| type_worker_node_group |
Enter type of worker node group. Types supported: KARPENTER, AWS_MANAGED_NODE (requires 'eks_managed_node_groups' parameter to be set) and SELF_MANAGED_NODE (requires 'self_managed_node_groups' parameter to be set). |
string |
"AWS_MANAGED_NODE" |
no |
| vpc_cidr_block |
CIDR of the VPC where the cluster and its nodes will be provisioned. |
list(string) |
[] |
no |
| vpc_id |
ID of the VPC where the cluster and its nodes will be provisioned. |
string |
null |
no |