xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity
Files
b40968a503f1134adcb986af9b4c7f3f3514b811
terraform-aws-eks/modules/fargate-profile/README.md
T
Tiago Vieira 83c9cd187a feat: Add support for deletion protection functionality in the cluster (#3475) 
* feat: Add support for deletion protection functionality in the cluster

* fix: Bump version throughout, correct argument/variable name

---------

Co-authored-by: Tiago Vieira <tiago.vieira@sqills.com>
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2025-08-15 07:23:13 -05:00

8.7 KiB
Raw Blame History

EKS Fargate Profile Module

Configuration in this directory creates a Fargate EKS Profile

Usage

module "fargate_profile" {
  source = "terraform-aws-modules/eks/aws//modules/fargate-profile"

  name         = "separate-fargate-profile"
  cluster_name = "my-cluster"

  subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
  selectors = [{
    namespace = "kube-system"
  }]

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Requirements

Name Version
terraform >= 1.5.7
aws >= 6.9

Providers

Name Version
aws >= 6.9

Modules

No modules.

Resources

Name Type
aws_eks_fargate_profile.this resource
aws_iam_role.this resource
aws_iam_role_policy.this resource
aws_iam_role_policy_attachment.additional resource
aws_iam_role_policy_attachment.this resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role_policy data source
aws_iam_policy_document.role data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
account_id The AWS account ID - pass through value to reduce number of GET requests from data sources string "" no
cluster_ip_family The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6 string "ipv4" no
cluster_name Name of the EKS cluster string "" no
create Determines whether to create Fargate profile or not bool true no
create_iam_role Determines whether an IAM role is created or to use an existing IAM role bool true no
create_iam_role_policy Determines whether an IAM role policy is created or not bool true no
iam_role_additional_policies Additional policies to be added to the IAM role map(string) {} no
iam_role_arn Existing IAM role ARN for the Fargate profile. Required if create_iam_role is set to false string null no
iam_role_attach_cni_policy Whether to attach the AmazonEKS_CNI_Policy/AmazonEKS_CNI_IPv6_Policy IAM policy to the IAM IAM role. WARNING: If set false the permissions must be assigned to the aws-node DaemonSet pods via another method or nodes will not be able to join the cluster bool true no
iam_role_description Description of the role string "Fargate profile IAM role" no
iam_role_name Name to use on IAM role created string "" no
iam_role_path IAM role path string null no
iam_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the IAM role string null no
iam_role_policy_statements A list of IAM policy statements - used for adding specific IAM permissions as needed 
list(object({
    sid           = optional(string)
    actions       = optional(list(string))
    not_actions   = optional(list(string))
    effect        = optional(string)
    resources     = optional(list(string))
    not_resources = optional(list(string))
    principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    not_principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    condition = optional(list(object({
      test     = string
      values   = list(string)
      variable = string
    })))
  }))
 null no
iam_role_tags A map of additional tags to add to the IAM role created map(string) {} no
iam_role_use_name_prefix Determines whether the IAM role name (iam_role_name) is used as a prefix bool true no
name Name of the EKS Fargate Profile string "" no
partition The AWS partition - pass through value to reduce number of GET requests from data sources string "" no
region Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration string null no
selectors Configuration block(s) for selecting Kubernetes Pods to execute with this Fargate Profile 
list(object({
    labels    = optional(map(string))
    namespace = string
  }))
 null no
subnet_ids A list of subnet IDs for the EKS Fargate Profile list(string) [] no
tags A map of tags to add to all resources map(string) {} no
timeouts Create and delete timeout configurations for the Fargate Profile 
object({
    create = optional(string)
    delete = optional(string)
  })
 null no

Outputs

Name Description
fargate_profile_arn Amazon Resource Name (ARN) of the EKS Fargate Profile
fargate_profile_id EKS Cluster name and EKS Fargate Profile name separated by a colon (:)
fargate_profile_pod_execution_role_arn Amazon Resource Name (ARN) of the EKS Fargate Profile Pod execution role ARN
fargate_profile_status Status of the EKS Fargate Profile
iam_role_arn The Amazon Resource Name (ARN) specifying the IAM role
iam_role_name The name of the IAM role
iam_role_unique_id Stable and unique string identifying the IAM role
View Git Blame Copy Permalink