xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity

feat!: Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#3412)

Browse Source 
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively

* fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0

* fix: Remove `aws-auth` sub-module

* fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module

* fix: Resolve all marked `todos` that have been accumulated

* fix: Set default `http_put_response_hop_limit` to `1`

* fix: Remove IRSA support from Karpenter sub-module

* fix: Avoid making GET requests from data sources unless absolutely necessary

* feat: Add variable optional attribute definitions

* feat: Bump KMS key module version to latest, add remaining variable attribute definitions

* fix: Remove `cluster_` prefix from variable names to better match the underlying API

* fix: Move all EFA logic to the nodegroup itself

* fix: Remove arguments that do not make sense in EKS

* fix: Updates from plan validation

* fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters

* fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes

* fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade

* feat: Add support for `region` argument on relevant resources

* feat: Initial pass on upgrade guide

* fix: Updates from testing and validating EKS managed node group

* fix: Updates from testing and validating self-managed node group

* docs: Ensure addon ussage documented is aligned

* feat: Switch to dualstack OIDC issuer URL

* feat: Allow sourcing over overriding the Karpenter assume role policy

* fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy

* fix: Correct use of `nullable` and default value propagation
This commit is contained in:
Bryant Biggs
2025-07-23 15:11:01 -05:00
committed by GitHub
parent 8a0efdbbc8
commit 416515a0da
84 changed files with 4111 additions and 3339 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/self-managed-node-group/variables.tf
+446 -148
View File
@@ -2,6 +2,7 @@ variable "create" {
description = "Determines whether to create self managed node group or not"
type = bool
default = true
nullable = false
}
variable "tags" {
@@ -10,16 +11,22 @@ variable "tags" {
default = {}
}
# tflint-ignore: terraform_unused_declarations
variable "platform" {
description = "[DEPRECATED - must use `ami_type` instead. Will be removed in `v21.0`]"
variable "region" {
description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
type = string
default = null
}
validation {
condition = var.platform == null
error_message = "`platform` is no longer valid due to the number of OS choices. Please provide an [`ami_type`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) instead."
}
variable "partition" {
description = "The AWS partition - pass through value to reduce number of GET requests from data sources"
type = string
default = ""
}
variable "account_id" {
description = "The AWS account ID - pass through value to reduce number of GET requests from data sources"
type = string
default = ""
}
################################################################################
@@ -35,55 +42,55 @@ variable "cluster_name" {
variable "cluster_endpoint" {
description = "Endpoint of associated EKS cluster"
type = string
default = ""
default = null
}
variable "cluster_auth_base64" {
description = "Base64 encoded CA of associated EKS cluster"
type = string
default = ""
default = null
}
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
default = null
}
variable "cluster_ip_family" {
description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
type = string
default = "ipv4"
default = null
}
variable "additional_cluster_dns_ips" {
description = "Additional DNS IP addresses to use for the cluster. Only used when `ami_type` = `BOTTLEROCKET_*`"
type = list(string)
default = []
default = null
}
variable "pre_bootstrap_user_data" {
description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
default = null
}
variable "post_bootstrap_user_data" {
description = "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
default = null
}
variable "bootstrap_extra_args" {
description = "Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
type = string
default = ""
default = null
}
variable "user_data_template_path" {
description = "Path to a local, custom user data template file to use when rendering user data"
type = string
default = ""
default = null
}
variable "cloudinit_pre_nodeadm" {
@@ -94,7 +101,7 @@ variable "cloudinit_pre_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = null
}
variable "cloudinit_post_nodeadm" {
@@ -105,7 +112,7 @@ variable "cloudinit_post_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = null
}
################################################################################
@@ -116,6 +123,7 @@ variable "create_launch_template" {
description = "Determines whether to create launch template or not"
type = bool
default = true
nullable = false
}
variable "launch_template_id" {
@@ -134,6 +142,7 @@ variable "launch_template_use_name_prefix" {
description = "Determines whether to use `launch_template_name` as is or create a unique name beginning with the `launch_template_name` as the prefix"
type = bool
default = true
nullable = false
}
variable "launch_template_description" {
@@ -152,6 +161,7 @@ variable "update_launch_template_default_version" {
description = "Whether to update Default Version each update. Conflicts with `launch_template_default_version`"
type = bool
default = true
nullable = false
}
variable "disable_api_termination" {
@@ -180,92 +190,163 @@ variable "ram_disk_id" {
variable "block_device_mappings" {
description = "Specify volumes to attach to the instance besides the volumes specified by the AMI"
type = any
default = {}
type = map(object({
device_name = optional(string)
ebs = optional(object({
delete_on_termination = optional(bool)
encrypted = optional(bool)
iops = optional(number)
kms_key_id = optional(string)
snapshot_id = optional(string)
throughput = optional(number)
volume_initialization_rate = optional(number)
volume_size = optional(number)
volume_type = optional(string)
}))
no_device = optional(string)
virtual_name = optional(string)
}))
default = null
}
variable "capacity_reservation_specification" {
description = "Targeting for EC2 capacity reservations"
type = any
default = {}
type = object({
capacity_reservation_preference = optional(string)
capacity_reservation_target = optional(object({
capacity_reservation_id = optional(string)
capacity_reservation_resource_group_arn = optional(string)
}))
})
default = null
}
variable "cpu_options" {
description = "The CPU options for the instance"
type = map(string)
default = {}
type = object({
amd_sev_snp = optional(string)
core_count = optional(number)
threads_per_core = optional(number)
})
default = null
}
variable "credit_specification" {
description = "Customize the credit specification of the instance"
type = map(string)
default = {}
}
variable "elastic_gpu_specifications" {
description = "The elastic GPU to attach to the instance"
type = any
default = {}
}
variable "elastic_inference_accelerator" {
description = "Configuration block containing an Elastic Inference Accelerator to attach to the instance"
type = map(string)
default = {}
type = object({
cpu_credits = optional(string)
})
default = null
}
variable "enclave_options" {
description = "Enable Nitro Enclaves on launched instances"
type = map(string)
default = {}
}
variable "hibernation_options" {
description = "The hibernation options for the instance"
type = map(string)
default = {}
type = object({
enabled = optional(bool)
})
default = null
}
variable "instance_market_options" {
description = "The market (purchasing) option for the instance"
type = any
default = {}
type = object({
market_type = optional(string)
spot_options = optional(object({
block_duration_minutes = optional(number)
instance_interruption_behavior = optional(string)
max_price = optional(string)
spot_instance_type = optional(string)
valid_until = optional(string)
}))
})
default = null
}
variable "maintenance_options" {
description = "The maintenance options for the instance"
type = any
default = {}
type = object({
auto_recovery = optional(string)
})
default = null
}
variable "license_specifications" {
description = "A map of license specifications to associate with"
type = any
default = {}
description = "A list of license specifications to associate with"
type = list(object({
license_configuration_arn = string
}))
default = null
}
variable "network_interfaces" {
description = "Customize network interfaces to be attached at instance boot time"
type = list(any)
default = []
type = list(object({
associate_carrier_ip_address = optional(bool)
associate_public_ip_address = optional(bool)
connection_tracking_specification = optional(object({
tcp_established_timeout = optional(number)
udp_stream_timeout = optional(number)
udp_timeout = optional(number)
}))
delete_on_termination = optional(bool)
description = optional(string)
device_index = optional(number)
ena_srd_specification = optional(object({
ena_srd_enabled = optional(bool)
ena_srd_udp_specification = optional(object({
ena_srd_udp_enabled = optional(bool)
}))
}))
interface_type = optional(string)
ipv4_address_count = optional(number)
ipv4_addresses = optional(list(string))
ipv4_prefix_count = optional(number)
ipv4_prefixes = optional(list(string))
ipv6_address_count = optional(number)
ipv6_addresses = optional(list(string))
ipv6_prefix_count = optional(number)
ipv6_prefixes = optional(list(string))
network_card_index = optional(number)
network_interface_id = optional(string)
primary_ipv6 = optional(bool)
private_ip_address = optional(string)
security_groups = optional(list(string), [])
subnet_id = optional(string)
}))
default = []
nullable = false
}
variable "placement" {
description = "The placement of the instance"
type = map(string)
default = {}
type = object({
affinity = optional(string)
availability_zone = optional(string)
group_name = optional(string)
host_id = optional(string)
host_resource_group_arn = optional(string)
partition_number = optional(number)
spread_domain = optional(string)
tenancy = optional(string)
})
default = null
}
variable "create_placement_group" {
description = "Determines whether a placement group is created & used by the node group"
type = bool
default = false
nullable = false
}
variable "private_dns_name_options" {
description = "The options for the instance hostname. The default values are inherited from the subnet"
type = map(string)
default = {}
type = object({
enable_resource_name_dns_aaaa_record = optional(bool)
enable_resource_name_dns_a_record = optional(bool)
hostname_type = optional(string)
})
default = null
}
variable "ebs_optimized" {
@@ -283,10 +364,11 @@ variable "ami_id" {
variable "ami_type" {
description = "Type of Amazon Machine Image (AMI) associated with the node group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values"
type = string
default = "AL2_x86_64"
default = "AL2023_x86_64_STANDARD"
nullable = false
}
variable "cluster_version" {
variable "kubernetes_version" {
description = "Kubernetes cluster version - used to lookup default AMI ID if one is not provided"
type = string
default = null
@@ -294,14 +376,67 @@ variable "cluster_version" {
variable "instance_requirements" {
description = "The attribute requirements for the type of instance. If present then `instance_type` cannot be present"
type = any
default = {}
type = object({
accelerator_count = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_manufacturers = optional(list(string))
accelerator_names = optional(list(string))
accelerator_total_memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_types = optional(list(string))
allowed_instance_types = optional(list(string))
bare_metal = optional(string)
baseline_ebs_bandwidth_mbps = optional(object({
max = optional(number)
min = optional(number)
}))
burstable_performance = optional(string)
cpu_manufacturers = optional(list(string))
excluded_instance_types = optional(list(string))
instance_generations = optional(list(string))
local_storage = optional(string)
local_storage_types = optional(list(string))
max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)
memory_gib_per_vcpu = optional(object({
max = optional(number)
min = optional(number)
}))
memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
network_bandwidth_gbps = optional(object({
max = optional(number)
min = optional(number)
}))
network_interface_count = optional(object({
max = optional(number)
min = optional(number)
}))
on_demand_max_price_percentage_over_lowest_price = optional(number)
require_hibernate_support = optional(bool)
spot_max_price_percentage_over_lowest_price = optional(number)
total_local_storage_gb = optional(object({
max = optional(number)
min = optional(number)
}))
vcpu_count = optional(object({
max = optional(number)
min = string
}))
})
default = null
}
variable "instance_type" {
description = "The type of the instance to launch"
type = string
default = ""
default = "m6i.large"
nullable = false
}
variable "key_name" {
@@ -314,6 +449,7 @@ variable "vpc_security_group_ids" {
description = "A list of security group IDs to associate"
type = list(string)
default = []
nullable = false
}
variable "cluster_primary_security_group_id" {
@@ -325,48 +461,60 @@ variable "cluster_primary_security_group_id" {
variable "enable_monitoring" {
description = "Enables/disables detailed monitoring"
type = bool
default = true
default = false
nullable = false
}
variable "enable_efa_support" {
description = "Determines whether to enable Elastic Fabric Adapter (EFA) support"
type = bool
default = false
nullable = false
}
# TODO - make this true by default at next breaking change (remove variable, only pass indices)
variable "enable_efa_only" {
description = "Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later"
type = bool
default = false
default = true
nullable = false
}
variable "efa_indices" {
description = "The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true`"
type = list(number)
default = [0]
nullable = false
}
variable "metadata_options" {
description = "Customize the metadata options for the instance"
type = map(string)
type = object({
http_endpoint = optional(string, "enabled")
http_protocol_ipv6 = optional(string)
http_put_response_hop_limit = optional(number, 1)
http_tokens = optional(string, "required")
instance_metadata_tags = optional(string)
})
default = {
http_endpoint = "enabled"
http_put_response_hop_limit = 1
http_tokens = "required"
http_put_response_hop_limit = 2
}
nullable = false
}
variable "launch_template_tags" {
description = "A map of additional tags to add to the tag_specifications of launch template created"
type = map(string)
default = {}
nullable = false
}
variable "tag_specifications" {
description = "The tags to apply to the resources during launch"
type = list(string)
default = ["instance", "volume", "network-interface"]
nullable = false
}
################################################################################
@@ -377,6 +525,7 @@ variable "create_autoscaling_group" {
description = "Determines whether to create autoscaling group or not"
type = bool
default = true
nullable = false
}
variable "name" {
@@ -389,6 +538,7 @@ variable "use_name_prefix" {
description = "Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix"
type = bool
default = true
nullable = false
}
variable "launch_template_version" {
@@ -403,12 +553,6 @@ variable "availability_zones" {
default = null
}
variable "placement_group_az" {
description = "Availability zone where placement group is created (ex. `eu-west-1c`)"
type = string
default = null
}
variable "subnet_ids" {
description = "A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`"
type = list(string)
@@ -418,19 +562,22 @@ variable "subnet_ids" {
variable "min_size" {
description = "The minimum size of the autoscaling group"
type = number
default = 0
default = 1
nullable = false
}
variable "max_size" {
description = "The maximum size of the autoscaling group"
type = number
default = 3
nullable = false
}
variable "desired_size" {
description = "The number of Amazon EC2 instances that should be running in the autoscaling group"
type = number
default = 1
nullable = false
}
variable "desired_size_type" {
@@ -440,7 +587,7 @@ variable "desired_size_type" {
}
variable "ignore_failed_scaling_activities" {
description = "Whether to ignore failed Auto Scaling scaling activities while waiting for capacity."
description = "Whether to ignore failed Auto Scaling scaling activities while waiting for capacity"
type = bool
default = null
}
@@ -457,30 +604,6 @@ variable "capacity_rebalance" {
default = null
}
variable "min_elb_capacity" {
description = "Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes"
type = number
default = null
}
variable "wait_for_elb_capacity" {
description = "Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior."
type = number
default = null
}
variable "wait_for_capacity_timeout" {
description = "A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior."
type = string
default = null
}
variable "default_cooldown" {
description = "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start"
type = number
default = null
}
variable "default_instance_warmup" {
description = "Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data"
type = number
@@ -488,19 +611,14 @@ variable "default_instance_warmup" {
}
variable "protect_from_scale_in" {
description = "Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events."
description = "Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events"
type = bool
default = false
}
variable "target_group_arns" {
description = "A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing"
type = list(string)
default = []
nullable = false
}
variable "placement_group" {
description = "The name of the placement group into which you'll launch your instances, if any"
description = "The name of the placement group into which you'll launch your instances"
type = string
default = null
}
@@ -523,22 +641,18 @@ variable "force_delete" {
default = null
}
variable "force_delete_warm_pool" {
description = "Allows deleting the Auto Scaling Group without waiting for all instances in the warm pool to terminate"
type = bool
default = null
}
variable "termination_policies" {
description = "A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`"
type = list(string)
default = []
nullable = false
}
variable "suspended_processes" {
description = "A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly"
type = list(string)
default = []
nullable = false
}
variable "max_instance_lifetime" {
@@ -551,6 +665,7 @@ variable "enabled_metrics" {
description = "A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances`"
type = list(string)
default = []
nullable = false
}
variable "metrics_granularity" {
@@ -559,63 +674,157 @@ variable "metrics_granularity" {
default = null
}
variable "service_linked_role_arn" {
description = "The ARN of the service-linked role that the ASG will use to call other AWS services"
type = string
default = null
}
variable "initial_lifecycle_hooks" {
description = "One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource"
type = list(map(string))
default = []
type = list(object({
default_result = optional(string)
heartbeat_timeout = optional(number)
lifecycle_transition = string
name = string
notification_metadata = optional(string)
notification_target_arn = optional(string)
role_arn = optional(string)
}))
default = null
}
variable "instance_maintenance_policy" {
description = "If this block is configured, add a instance maintenance policy to the specified Auto Scaling group"
type = any
default = {}
type = object({
max_healthy_percentage = number
min_healthy_percentage = number
})
default = null
}
variable "instance_refresh" {
description = "If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated"
type = any
type = object({
preferences = optional(object({
alarm_specification = optional(object({
alarms = optional(list(string))
}))
auto_rollback = optional(bool)
checkpoint_delay = optional(number)
checkpoint_percentages = optional(list(number))
instance_warmup = optional(number)
max_healthy_percentage = optional(number)
min_healthy_percentage = optional(number, 33)
scale_in_protected_instances = optional(string)
skip_matching = optional(bool)
standby_instances = optional(string)
}))
strategy = optional(string, "Rolling")
triggers = optional(list(string))
})
default = {
strategy = "Rolling"
preferences = {
min_healthy_percentage = 66
}
}
nullable = false
}
variable "use_mixed_instances_policy" {
description = "Determines whether to use a mixed instances policy in the autoscaling group or not"
type = bool
default = false
nullable = false
}
variable "mixed_instances_policy" {
description = "Configuration block containing settings to define launch targets for Auto Scaling groups"
type = any
default = null
type = object({
instances_distribution = optional(object({
on_demand_allocation_strategy = optional(string)
on_demand_base_capacity = optional(number)
on_demand_percentage_above_base_capacity = optional(number)
spot_allocation_strategy = optional(string)
spot_instance_pools = optional(number)
spot_max_price = optional(string)
}))
launch_template = object({
override = optional(list(object({
instance_requirements = optional(object({
accelerator_count = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_manufacturers = optional(list(string))
accelerator_names = optional(list(string))
accelerator_total_memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_types = optional(list(string))
allowed_instance_types = optional(list(string))
bare_metal = optional(string)
baseline_ebs_bandwidth_mbps = optional(object({
max = optional(number)
min = optional(number)
}))
burstable_performance = optional(string)
cpu_manufacturers = optional(list(string))
excluded_instance_types = optional(list(string))
instance_generations = optional(list(string))
local_storage = optional(string)
local_storage_types = optional(list(string))
max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)
memory_gib_per_vcpu = optional(object({
max = optional(number)
min = optional(number)
}))
memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
network_bandwidth_gbps = optional(object({
max = optional(number)
min = optional(number)
}))
network_interface_count = optional(object({
max = optional(number)
min = optional(number)
}))
on_demand_max_price_percentage_over_lowest_price = optional(number)
require_hibernate_support = optional(bool)
spot_max_price_percentage_over_lowest_price = optional(number)
total_local_storage_gb = optional(object({
max = optional(number)
min = optional(number)
}))
vcpu_count = optional(object({
max = optional(number)
min = optional(number)
}))
}))
instance_type = optional(string)
launch_template_specification = optional(object({
launch_template_id = optional(string)
launch_template_name = optional(string)
version = optional(string)
}))
weighted_capacity = optional(string)
})))
})
})
default = null
}
variable "warm_pool" {
description = "If this block is configured, add a Warm Pool to the specified Auto Scaling group"
type = any
default = {}
}
variable "delete_timeout" {
description = "Delete timeout to wait for destroying autoscaling group"
type = string
default = null
variable "timeouts" {
description = "Timeout configurations for the autoscaling group"
type = object({
delete = optional(string)
})
default = null
}
variable "autoscaling_group_tags" {
description = "A map of additional tags to add to the autoscaling group created. Tags are applied to the autoscaling group only and are NOT propagated to instances"
type = map(string)
default = {}
nullable = false
}
################################################################################
@@ -626,6 +835,7 @@ variable "create_iam_instance_profile" {
description = "Determines whether an IAM instance profile is created or to use an existing IAM instance profile"
type = bool
default = true
nullable = false
}
variable "iam_instance_profile_arn" {
@@ -644,6 +854,7 @@ variable "iam_role_use_name_prefix" {
description = "Determines whether cluster IAM role name (`iam_role_name`) is used as a prefix"
type = bool
default = true
nullable = false
}
variable "iam_role_path" {
@@ -655,7 +866,8 @@ variable "iam_role_path" {
variable "iam_role_description" {
description = "Description of the role"
type = string
default = null
default = "Self managed node group IAM role"
nullable = false
}
variable "iam_role_permissions_boundary" {
@@ -668,18 +880,21 @@ variable "iam_role_attach_cni_policy" {
description = "Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster"
type = bool
default = true
nullable = false
}
variable "iam_role_additional_policies" {
description = "Additional policies to be added to the IAM role"
type = map(string)
default = {}
nullable = false
}
variable "iam_role_tags" {
description = "A map of additional tags to add to the IAM role created"
type = map(string)
default = {}
nullable = false
}
################################################################################
@@ -690,12 +905,33 @@ variable "create_iam_role_policy" {
description = "Determines whether an IAM role policy is created or not"
type = bool
default = true
nullable = false
}
variable "iam_role_policy_statements" {
description = "A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) - used for adding specific IAM permissions as needed"
type = any
default = []
type = list(object({
sid = optional(string)
actions = optional(list(string))
not_actions = optional(list(string))
effect = optional(string)
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
condition = optional(list(object({
test = string
values = list(string)
variable = string
})))
}))
default = null
}
################################################################################
@@ -706,6 +942,7 @@ variable "create_access_entry" {
description = "Determines whether an access entry is created for the IAM role used by the node group"
type = bool
default = true
nullable = false
}
variable "iam_role_arn" {
@@ -715,17 +952,78 @@ variable "iam_role_arn" {
}
################################################################################
# Autoscaling group schedule
# Security Group
################################################################################
variable "create_schedule" {
description = "Determines whether to create autoscaling group schedule or not"
variable "create_security_group" {
description = "Determines if a security group is created"
type = bool
default = true
nullable = false
}
variable "schedules" {
description = "Map of autoscaling group schedule to create"
type = map(any)
default = {}
variable "security_group_name" {
description = "Name to use on security group created"
type = string
default = null
}
variable "security_group_use_name_prefix" {
description = "Determines whether the security group name (`security_group_name`) is used as a prefix"
type = bool
default = true
nullable = false
}
variable "security_group_description" {
description = "Description of the security group created"
type = string
default = null
}
variable "security_group_ingress_rules" {
description = "Security group ingress rules to add to the security group created"
type = map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
}))
default = {}
nullable = false
}
variable "security_group_egress_rules" {
description = "Security group egress rules to add to the security group created"
type = map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
}))
default = {}
nullable = false
}
variable "security_group_tags" {
description = "A map of additional tags to add to the security group created"
type = map(string)
default = {}
nullable = false
}