refactor: Refactoring to match the rest of terraform-aws-modules (#1583)

examples/launch_templates_with_managed_node_groups/disk_encryption_policy.tf

@@ -4,74 +4,74 @@ resource "aws_iam_service_linked_role" "autoscaling" {
   description      = "Default Service-Linked Role enables access to AWS Services and Resources used or managed by Auto Scaling"
 }
 
-data "aws_caller_identity" "current" {}
-
-# This policy is required for the KMS key used for EKS root volumes, so the cluster is allowed to enc/dec/attach encrypted EBS volumes
-data "aws_iam_policy_document" "ebs_decryption" {
-  # Copy of default KMS policy that lets you manage it
-  statement {
-    sid    = "Enable IAM User Permissions"
-    effect = "Allow"
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
-    }
-
-    actions = [
-      "kms:*"
-    ]
-
-    resources = ["*"]
-  }
-
-  # Required for EKS
-  statement {
-    sid    = "Allow service-linked role use of the CMK"
-    effect = "Allow"
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
-        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
-      ]
-    }
-
-    actions = [
-      "kms:Encrypt",
-      "kms:Decrypt",
-      "kms:ReEncrypt*",
-      "kms:GenerateDataKey*",
-      "kms:DescribeKey"
-    ]
-
-    resources = ["*"]
-  }
-
-  statement {
-    sid    = "Allow attachment of persistent resources"
-    effect = "Allow"
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
-        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
-      ]
-    }
-
-    actions = [
-      "kms:CreateGrant"
-    ]
-
-    resources = ["*"]
-
-    condition {
-      test     = "Bool"
-      variable = "kms:GrantIsForAWSResource"
-      values   = ["true"]
-    }
-
-  }
-}
+#data "aws_caller_identity" "current" {}
+#
+## This policy is required for the KMS key used for EKS root volumes, so the cluster is allowed to enc/dec/attach encrypted EBS volumes
+#data "aws_iam_policy_document" "ebs_decryption" {
+#  # Copy of default KMS policy that lets you manage it
+#  statement {
+#    sid    = "Enable IAM User Permissions"
+#    effect = "Allow"
+#
+#    principals {
+#      type        = "AWS"
+#      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
+#    }
+#
+#    actions = [
+#      "kms:*"
+#    ]
+#
+#    resources = ["*"]
+#  }
+#
+#  # Required for EKS
+#  statement {
+#    sid    = "Allow service-linked role use of the CMK"
+#    effect = "Allow"
+#
+#    principals {
+#      type = "AWS"
+#      identifiers = [
+#        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
+#        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
+#      ]
+#    }
+#
+#    actions = [
+#      "kms:Encrypt",
+#      "kms:Decrypt",
+#      "kms:ReEncrypt*",
+#      "kms:GenerateDataKey*",
+#      "kms:DescribeKey"
+#    ]
+#
+#    resources = ["*"]
+#  }
+#
+#  statement {
+#    sid    = "Allow attachment of persistent resources"
+#    effect = "Allow"
+#
+#    principals {
+#      type = "AWS"
+#      identifiers = [
+#        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
+#        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
+#      ]
+#    }
+#
+#    actions = [
+#      "kms:CreateGrant"
+#    ]
+#
+#    resources = ["*"]
+#
+#    condition {
+#      test     = "Bool"
+#      variable = "kms:GrantIsForAWSResource"
+#      values   = ["true"]
+#    }
+#
+#  }
+#}

examples/launch_templates_with_managed_node_groups/launchtemplate.tf

@@ -1,15 +1,15 @@
-data "template_file" "launch_template_userdata" {
-  template = file("${path.module}/templates/userdata.sh.tpl")
-
-  vars = {
-    cluster_name        = local.cluster_name
-    endpoint            = module.eks.cluster_endpoint
-    cluster_auth_base64 = module.eks.cluster_certificate_authority_data
-
-    bootstrap_extra_args = ""
-    kubelet_extra_args   = ""
-  }
-}
+#data "template_file" "launch_template_userdata" {
+#  template = file("${path.module}/templates/userdata.sh.tpl")
+#
+#  vars = {
+#    cluster_name        = local.cluster_name
+#    endpoint            = module.eks.cluster_endpoint
+#    cluster_auth_base64 = module.eks.cluster_certificate_authority_data
+#
+#    bootstrap_extra_args = ""
+#    kubelet_extra_args   = ""
+#  }
+#}
 
 # This is based on the LT that EKS would create if no custom one is specified (aws ec2 describe-launch-template-versions --launch-template-id xxx)
 # there are several more options one could set but you probably dont need to modify them

examples/launch_templates_with_managed_node_groups/main.tf

@@ -1,5 +1,5 @@
 provider "aws" {
-  region = var.region
+  region = "eu-west-1"
 }
 
 data "aws_eks_cluster" "cluster" {
@@ -12,9 +12,8 @@ data "aws_eks_cluster_auth" "cluster" {
 
 provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-  load_config_file       = false
 }
 
 data "aws_availability_zones" "available" {

examples/launch_templates_with_managed_node_groups/outputs.tf

@@ -0,0 +1,19 @@
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.eks.cluster_endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.eks.cluster_security_group_id
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = module.eks.kubeconfig
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.eks.config_map_aws_auth
+}

examples/launch_templates_with_managed_node_groups/variables.tf

@@ -1,15 +1,6 @@
-variable "region" {
-  default = "eu-central-1"
-}
-
 variable "instance_type" {
+  description = "Instance type"
   # Smallest recommended, where ~1.1Gb of 2Gb memory is available for the Kubernetes pods after ‘warming up’ Docker, Kubelet, and OS
-  default = "t3.small"
   type    = string
-}
-
-variable "kms_key_arn" {
-  default     = ""
-  description = "KMS key ARN to use if you want to encrypt EKS node root volumes"
-  type        = string
+  default = "t3.small"
 }