| account_id |
The AWS account ID - pass through value to reduce number of GET requests from data sources |
string |
"" |
no |
| additional_cluster_dns_ips |
Additional DNS IP addresses to use for the cluster. Only used when ami_type = BOTTLEROCKET_* |
list(string) |
null |
no |
| ami_id |
The AMI from which to launch the instance |
string |
"" |
no |
| ami_type |
Type of Amazon Machine Image (AMI) associated with the node group. See the AWS documentation for valid values |
string |
"AL2023_x86_64_STANDARD" |
no |
| autoscaling_group_tags |
A map of additional tags to add to the autoscaling group created. Tags are applied to the autoscaling group only and are NOT propagated to instances |
map(string) |
{} |
no |
| availability_zones |
A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with subnet_ids argument. Conflicts with subnet_ids |
list(string) |
null |
no |
| block_device_mappings |
Specify volumes to attach to the instance besides the volumes specified by the AMI |
map(object({
device_name = optional(string)
ebs = optional(object({
delete_on_termination = optional(bool)
encrypted = optional(bool)
iops = optional(number)
kms_key_id = optional(string)
snapshot_id = optional(string)
throughput = optional(number)
volume_initialization_rate = optional(number)
volume_size = optional(number)
volume_type = optional(string)
}))
no_device = optional(string)
virtual_name = optional(string)
})) |
null |
no |
| bootstrap_extra_args |
Additional arguments passed to the bootstrap script. When ami_type = BOTTLEROCKET_*; these are additional settings that are provided to the Bottlerocket user data |
string |
null |
no |
| capacity_rebalance |
Indicates whether capacity rebalance is enabled |
bool |
null |
no |
| capacity_reservation_specification |
Targeting for EC2 capacity reservations |
object({
capacity_reservation_preference = optional(string)
capacity_reservation_target = optional(object({
capacity_reservation_id = optional(string)
capacity_reservation_resource_group_arn = optional(string)
}))
}) |
null |
no |
| cloudinit_post_nodeadm |
Array of cloud-init document parts that are created after the nodeadm document part |
list(object({
content = string
content_type = optional(string)
filename = optional(string)
merge_type = optional(string)
})) |
null |
no |
| cloudinit_pre_nodeadm |
Array of cloud-init document parts that are created before the nodeadm document part |
list(object({
content = string
content_type = optional(string)
filename = optional(string)
merge_type = optional(string)
})) |
null |
no |
| cluster_auth_base64 |
Base64 encoded CA of associated EKS cluster |
string |
null |
no |
| cluster_endpoint |
Endpoint of associated EKS cluster |
string |
null |
no |
| cluster_ip_family |
The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6 |
string |
null |
no |
| cluster_name |
Name of associated EKS cluster |
string |
"" |
no |
| cluster_primary_security_group_id |
The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service |
string |
null |
no |
| cluster_service_cidr |
The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself |
string |
null |
no |
| context |
Reserved |
string |
null |
no |
| cpu_options |
The CPU options for the instance |
object({
amd_sev_snp = optional(string)
core_count = optional(number)
threads_per_core = optional(number)
}) |
null |
no |
| create |
Determines whether to create self managed node group or not |
bool |
true |
no |
| create_access_entry |
Determines whether an access entry is created for the IAM role used by the node group |
bool |
true |
no |
| create_autoscaling_group |
Determines whether to create autoscaling group or not |
bool |
true |
no |
| create_iam_instance_profile |
Determines whether an IAM instance profile is created or to use an existing IAM instance profile |
bool |
true |
no |
| create_iam_role_policy |
Determines whether an IAM role policy is created or not |
bool |
true |
no |
| create_launch_template |
Determines whether to create launch template or not |
bool |
true |
no |
| create_placement_group |
Determines whether a placement group is created & used by the node group |
bool |
false |
no |
| create_security_group |
Determines if a security group is created |
bool |
true |
no |
| credit_specification |
Customize the credit specification of the instance |
object({
cpu_credits = optional(string)
}) |
null |
no |
| default_instance_warmup |
Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data |
number |
null |
no |
| desired_size |
The number of Amazon EC2 instances that should be running in the autoscaling group |
number |
1 |
no |
| desired_size_type |
The unit of measurement for the value specified for desired_size. Supported for attribute-based instance type selection only. Valid values: units, vcpu, memory-mib |
string |
null |
no |
| disable_api_termination |
If true, enables EC2 instance termination protection |
bool |
null |
no |
| ebs_optimized |
If true, the launched EC2 instance will be EBS-optimized |
bool |
null |
no |
| efa_indices |
The indices of the network interfaces that should be EFA-enabled. Only valid when enable_efa_support = true |
list(number) |
[
0
] |
no |
| enable_efa_only |
Determines whether to enable EFA (false, default) or EFA and EFA-only (true) network interfaces. Note: requires vpc-cni version v1.18.4 or later |
bool |
true |
no |
| enable_efa_support |
Determines whether to enable Elastic Fabric Adapter (EFA) support |
bool |
false |
no |
| enable_monitoring |
Enables/disables detailed monitoring |
bool |
false |
no |
| enabled_metrics |
A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances |
list(string) |
[] |
no |
| enclave_options |
Enable Nitro Enclaves on launched instances |
object({
enabled = optional(bool)
}) |
null |
no |
| force_delete |
Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling |
bool |
null |
no |
| health_check_grace_period |
Time (in seconds) after instance comes into service before checking health |
number |
null |
no |
| health_check_type |
EC2 or ELB. Controls how health checking is done |
string |
null |
no |
| iam_instance_profile_arn |
Amazon Resource Name (ARN) of an existing IAM instance profile that provides permissions for the node group. Required if create_iam_instance_profile = false |
string |
null |
no |
| iam_role_additional_policies |
Additional policies to be added to the IAM role |
map(string) |
{} |
no |
| iam_role_arn |
ARN of the IAM role used by the instance profile. Required when create_access_entry = true and create_iam_instance_profile = false |
string |
null |
no |
| iam_role_attach_cni_policy |
Whether to attach the AmazonEKS_CNI_Policy/AmazonEKS_CNI_IPv6_Policy IAM policy to the IAM IAM role. WARNING: If set false the permissions must be assigned to the aws-node DaemonSet pods via another method or nodes will not be able to join the cluster |
bool |
true |
no |
| iam_role_description |
Description of the role |
string |
"Self managed node group IAM role" |
no |
| iam_role_name |
Name to use on IAM role created |
string |
null |
no |
| iam_role_path |
IAM role path |
string |
null |
no |
| iam_role_permissions_boundary |
ARN of the policy that is used to set the permissions boundary for the IAM role |
string |
null |
no |
| iam_role_policy_statements |
A list of IAM policy statements - used for adding specific IAM permissions as needed |
list(object({
sid = optional(string)
actions = optional(list(string))
not_actions = optional(list(string))
effect = optional(string)
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
condition = optional(list(object({
test = string
values = list(string)
variable = string
})))
})) |
null |
no |
| iam_role_tags |
A map of additional tags to add to the IAM role created |
map(string) |
{} |
no |
| iam_role_use_name_prefix |
Determines whether cluster IAM role name (iam_role_name) is used as a prefix |
bool |
true |
no |
| ignore_failed_scaling_activities |
Whether to ignore failed Auto Scaling scaling activities while waiting for capacity |
bool |
null |
no |
| initial_lifecycle_hooks |
One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate aws_autoscaling_lifecycle_hook resource, without the autoscaling_group_name attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use aws_autoscaling_lifecycle_hook resource |
list(object({
default_result = optional(string)
heartbeat_timeout = optional(number)
lifecycle_transition = string
name = string
notification_metadata = optional(string)
notification_target_arn = optional(string)
role_arn = optional(string)
})) |
null |
no |
| instance_initiated_shutdown_behavior |
Shutdown behavior for the instance. Can be stop or terminate. (Default: stop) |
string |
null |
no |
| instance_maintenance_policy |
If this block is configured, add a instance maintenance policy to the specified Auto Scaling group |
object({
max_healthy_percentage = number
min_healthy_percentage = number
}) |
null |
no |
| instance_market_options |
The market (purchasing) option for the instance |
object({
market_type = optional(string)
spot_options = optional(object({
block_duration_minutes = optional(number)
instance_interruption_behavior = optional(string)
max_price = optional(string)
spot_instance_type = optional(string)
valid_until = optional(string)
}))
}) |
null |
no |
| instance_refresh |
If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated |
object({
preferences = optional(object({
alarm_specification = optional(object({
alarms = optional(list(string))
}))
auto_rollback = optional(bool)
checkpoint_delay = optional(number)
checkpoint_percentages = optional(list(number))
instance_warmup = optional(number)
max_healthy_percentage = optional(number)
min_healthy_percentage = optional(number)
scale_in_protected_instances = optional(string)
skip_matching = optional(bool)
standby_instances = optional(string)
}))
strategy = optional(string)
triggers = optional(list(string))
}) |
{
"preferences": {
"min_healthy_percentage": 66
},
"strategy": "Rolling"
} |
no |
| instance_requirements |
The attribute requirements for the type of instance. If present then instance_type cannot be present |
object({
accelerator_count = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_manufacturers = optional(list(string))
accelerator_names = optional(list(string))
accelerator_total_memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_types = optional(list(string))
allowed_instance_types = optional(list(string))
bare_metal = optional(string)
baseline_ebs_bandwidth_mbps = optional(object({
max = optional(number)
min = optional(number)
}))
burstable_performance = optional(string)
cpu_manufacturers = optional(list(string))
excluded_instance_types = optional(list(string))
instance_generations = optional(list(string))
local_storage = optional(string)
local_storage_types = optional(list(string))
max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)
memory_gib_per_vcpu = optional(object({
max = optional(number)
min = optional(number)
}))
memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
network_bandwidth_gbps = optional(object({
max = optional(number)
min = optional(number)
}))
network_interface_count = optional(object({
max = optional(number)
min = optional(number)
}))
on_demand_max_price_percentage_over_lowest_price = optional(number)
require_hibernate_support = optional(bool)
spot_max_price_percentage_over_lowest_price = optional(number)
total_local_storage_gb = optional(object({
max = optional(number)
min = optional(number)
}))
vcpu_count = optional(object({
max = optional(number)
min = string
}))
}) |
null |
no |
| instance_type |
The type of the instance to launch |
string |
"m6i.large" |
no |
| kernel_id |
The kernel ID |
string |
null |
no |
| key_name |
The key name that should be used for the instance |
string |
null |
no |
| kubernetes_version |
Kubernetes cluster version - used to lookup default AMI ID if one is not provided |
string |
null |
no |
| launch_template_default_version |
Default Version of the launch template |
string |
null |
no |
| launch_template_description |
Description of the launch template |
string |
null |
no |
| launch_template_id |
The ID of an existing launch template to use. Required when create_launch_template = false |
string |
"" |
no |
| launch_template_name |
Name of launch template to be created |
string |
null |
no |
| launch_template_tags |
A map of additional tags to add to the tag_specifications of launch template created |
map(string) |
{} |
no |
| launch_template_use_name_prefix |
Determines whether to use launch_template_name as is or create a unique name beginning with the launch_template_name as the prefix |
bool |
true |
no |
| launch_template_version |
Launch template version. Can be version number, $Latest, or $Default |
string |
null |
no |
| license_specifications |
A list of license specifications to associate with |
list(object({
license_configuration_arn = string
})) |
null |
no |
| maintenance_options |
The maintenance options for the instance |
object({
auto_recovery = optional(string)
}) |
null |
no |
| max_instance_lifetime |
The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds |
number |
null |
no |
| max_size |
The maximum size of the autoscaling group |
number |
3 |
no |
| metadata_options |
Customize the metadata options for the instance |
object({
http_endpoint = optional(string, "enabled")
http_protocol_ipv6 = optional(string)
http_put_response_hop_limit = optional(number, 1)
http_tokens = optional(string, "required")
instance_metadata_tags = optional(string)
}) |
{
"http_endpoint": "enabled",
"http_put_response_hop_limit": 1,
"http_tokens": "required"
} |
no |
| metrics_granularity |
The granularity to associate with the metrics to collect. The only valid value is 1Minute |
string |
null |
no |
| min_size |
The minimum size of the autoscaling group |
number |
1 |
no |
| mixed_instances_policy |
Configuration block containing settings to define launch targets for Auto Scaling groups |
object({
instances_distribution = optional(object({
on_demand_allocation_strategy = optional(string)
on_demand_base_capacity = optional(number)
on_demand_percentage_above_base_capacity = optional(number)
spot_allocation_strategy = optional(string)
spot_instance_pools = optional(number)
spot_max_price = optional(string)
}))
launch_template = object({
override = optional(list(object({
instance_requirements = optional(object({
accelerator_count = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_manufacturers = optional(list(string))
accelerator_names = optional(list(string))
accelerator_total_memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
accelerator_types = optional(list(string))
allowed_instance_types = optional(list(string))
bare_metal = optional(string)
baseline_ebs_bandwidth_mbps = optional(object({
max = optional(number)
min = optional(number)
}))
burstable_performance = optional(string)
cpu_manufacturers = optional(list(string))
excluded_instance_types = optional(list(string))
instance_generations = optional(list(string))
local_storage = optional(string)
local_storage_types = optional(list(string))
max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)
memory_gib_per_vcpu = optional(object({
max = optional(number)
min = optional(number)
}))
memory_mib = optional(object({
max = optional(number)
min = optional(number)
}))
network_bandwidth_gbps = optional(object({
max = optional(number)
min = optional(number)
}))
network_interface_count = optional(object({
max = optional(number)
min = optional(number)
}))
on_demand_max_price_percentage_over_lowest_price = optional(number)
require_hibernate_support = optional(bool)
spot_max_price_percentage_over_lowest_price = optional(number)
total_local_storage_gb = optional(object({
max = optional(number)
min = optional(number)
}))
vcpu_count = optional(object({
max = optional(number)
min = optional(number)
}))
}))
instance_type = optional(string)
launch_template_specification = optional(object({
launch_template_id = optional(string)
launch_template_name = optional(string)
version = optional(string)
}))
weighted_capacity = optional(string)
})))
})
}) |
null |
no |
| name |
Name of the Self managed Node Group |
string |
"" |
no |
| network_interfaces |
Customize network interfaces to be attached at instance boot time |
list(object({
associate_carrier_ip_address = optional(bool)
associate_public_ip_address = optional(bool)
connection_tracking_specification = optional(object({
tcp_established_timeout = optional(number)
udp_stream_timeout = optional(number)
udp_timeout = optional(number)
}))
delete_on_termination = optional(bool)
description = optional(string)
device_index = optional(number)
ena_srd_specification = optional(object({
ena_srd_enabled = optional(bool)
ena_srd_udp_specification = optional(object({
ena_srd_udp_enabled = optional(bool)
}))
}))
interface_type = optional(string)
ipv4_address_count = optional(number)
ipv4_addresses = optional(list(string))
ipv4_prefix_count = optional(number)
ipv4_prefixes = optional(list(string))
ipv6_address_count = optional(number)
ipv6_addresses = optional(list(string))
ipv6_prefix_count = optional(number)
ipv6_prefixes = optional(list(string))
network_card_index = optional(number)
network_interface_id = optional(string)
primary_ipv6 = optional(bool)
private_ip_address = optional(string)
security_groups = optional(list(string), [])
subnet_id = optional(string)
})) |
[] |
no |
| partition |
The AWS partition - pass through value to reduce number of GET requests from data sources |
string |
"" |
no |
| placement |
The placement of the instance |
object({
affinity = optional(string)
availability_zone = optional(string)
group_name = optional(string)
host_id = optional(string)
host_resource_group_arn = optional(string)
partition_number = optional(number)
spread_domain = optional(string)
tenancy = optional(string)
}) |
null |
no |
| placement_group |
The name of the placement group into which you'll launch your instances |
string |
null |
no |
| post_bootstrap_user_data |
User data that is appended to the user data script after of the EKS bootstrap script. Not used when ami_type = BOTTLEROCKET_* |
string |
null |
no |
| pre_bootstrap_user_data |
User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when ami_type = BOTTLEROCKET_* |
string |
null |
no |
| private_dns_name_options |
The options for the instance hostname. The default values are inherited from the subnet |
object({
enable_resource_name_dns_aaaa_record = optional(bool)
enable_resource_name_dns_a_record = optional(bool)
hostname_type = optional(string)
}) |
null |
no |
| protect_from_scale_in |
Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events |
bool |
false |
no |
| ram_disk_id |
The ID of the ram disk |
string |
null |
no |
| region |
Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration |
string |
null |
no |
| security_group_description |
Description of the security group created |
string |
null |
no |
| security_group_egress_rules |
Security group egress rules to add to the security group created |
map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
})) |
{} |
no |
| security_group_ingress_rules |
Security group ingress rules to add to the security group created |
map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
})) |
{} |
no |
| security_group_name |
Name to use on security group created |
string |
null |
no |
| security_group_tags |
A map of additional tags to add to the security group created |
map(string) |
{} |
no |
| security_group_use_name_prefix |
Determines whether the security group name (security_group_name) is used as a prefix |
bool |
true |
no |
| subnet_ids |
A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with availability_zones |
list(string) |
null |
no |
| suspended_processes |
A list of processes to suspend for the Auto Scaling Group. The allowed values are Launch, Terminate, HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification, ScheduledActions, AddToLoadBalancer. Note that if you suspend either the Launch or Terminate process types, it can prevent your Auto Scaling Group from functioning properly |
list(string) |
[] |
no |
| tag_specifications |
The tags to apply to the resources during launch |
list(string) |
[
"instance",
"volume",
"network-interface"
] |
no |
| tags |
A map of tags to add to all resources |
map(string) |
{} |
no |
| termination_policies |
A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy, Default |
list(string) |
[] |
no |
| timeouts |
Timeout configurations for the autoscaling group |
object({
delete = optional(string)
}) |
null |
no |
| update_launch_template_default_version |
Whether to update Default Version each update. Conflicts with launch_template_default_version |
bool |
true |
no |
| use_mixed_instances_policy |
Determines whether to use a mixed instances policy in the autoscaling group or not |
bool |
false |
no |
| use_name_prefix |
Determines whether to use name as is or create a unique name beginning with the name as the prefix |
bool |
true |
no |
| user_data_template_path |
Path to a local, custom user data template file to use when rendering user data |
string |
null |
no |
| vpc_security_group_ids |
A list of security group IDs to associate |
list(string) |
[] |
no |
Bryant Biggs