| attach_cluster_encryption_policy |
Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided |
bool |
false |
|
| cloudwatch_log_group_kms_key_id |
If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) |
string |
false |
|
| cloudwatch_log_group_retention_in_days |
Number of days to retain log events. Default retention - 90 days |
number |
false |
|
| cluster_additional_security_group_ids |
List of additional, externally created security group IDs to attach to the cluster control plane |
list(string) |
false |
|
| cluster_addons |
Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with name |
any |
false |
|
| cluster_enabled_log_types |
A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) |
list(string) |
false |
|
| cluster_encryption_config |
Configuration block with encryption configuration for the cluster |
list(object({\n provider_key_arn = string\n resources = list(string)\n })) |
false |
|
| cluster_encryption_policy_description |
Description of the cluster encryption policy created |
string |
false |
|
| cluster_encryption_policy_name |
Name to use on cluster encryption policy created |
string |
false |
|
| cluster_encryption_policy_path |
Cluster encryption policy path |
string |
false |
|
| cluster_encryption_policy_tags |
A map of additional tags to add to the cluster encryption policy created |
map(string) |
false |
|
| cluster_encryption_policy_use_name_prefix |
Determines whether cluster encryption policy name (cluster_encryption_policy_name) is used as a prefix |
string |
false |
|
| cluster_endpoint_private_access |
Indicates whether or not the Amazon EKS private API server endpoint is enabled |
bool |
false |
|
| cluster_endpoint_public_access |
Indicates whether or not the Amazon EKS public API server endpoint is enabled |
bool |
false |
|
| cluster_endpoint_public_access_cidrs |
List of CIDR blocks which can access the Amazon EKS public API server endpoint |
list(string) |
false |
|
| cluster_iam_role_dns_suffix |
Base DNS domain name for the current partition (e.g., amazonaws.com in AWS Commercial, amazonaws.com.cn in AWS China) |
string |
false |
|
| cluster_identity_providers |
Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA |
any |
false |
|
| cluster_ip_family |
The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created |
string |
false |
|
| cluster_name |
Name of the EKS cluster |
string |
false |
|
| cluster_security_group_additional_rules |
List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source |
any |
false |
|
| cluster_security_group_description |
Description of the cluster security group created |
string |
false |
|
| cluster_security_group_id |
Existing security group ID to be attached to the cluster. Required if create_cluster_security_group = false |
string |
false |
|
| cluster_security_group_name |
Name to use on cluster security group created |
string |
false |
|
| cluster_security_group_tags |
A map of additional tags to add to the cluster security group created |
map(string) |
false |
|
| cluster_security_group_use_name_prefix |
Determines whether cluster security group name (cluster_security_group_name) is used as a prefix |
string |
false |
|
| cluster_service_ipv4_cidr |
The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks |
string |
false |
|
| cluster_tags |
A map of additional tags to add to the cluster |
map(string) |
false |
|
| cluster_timeouts |
Create, update, and delete timeout configurations for the cluster |
map(string) |
false |
|
| cluster_version |
Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.21) |
string |
false |
|
| create |
Controls if EKS resources should be created (affects nearly all resources) |
bool |
false |
|
| create_cloudwatch_log_group |
Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled |
bool |
false |
|
| create_cluster_security_group |
Determines if a security group is created for the cluster or use the existing cluster_security_group_id |
bool |
false |
|
| create_cni_ipv6_iam_policy |
Determines whether to create an AmazonEKS_CNI_IPv6_Policy |
bool |
false |
|
| create_iam_role |
Determines whether a an IAM role is created or to use an existing IAM role |
bool |
false |
|
| create_node_security_group |
Determines whether to create a security group for the node groups or use the existing node_security_group_id |
bool |
false |
|
| custom_oidc_thumbprints |
Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s) |
list(string) |
false |
|
| eks_managed_node_group_defaults |
Map of EKS managed node group default configurations |
any |
false |
|
| eks_managed_node_groups |
Map of EKS managed node group definitions to create |
any |
false |
|
| enable_irsa |
Determines whether to create an OpenID Connect Provider for EKS to enable IRSA |
bool |
false |
|
| fargate_profile_defaults |
Map of Fargate Profile default configurations |
any |
false |
|
| fargate_profiles |
Map of Fargate Profile definitions to create |
any |
false |
|
| iam_role_additional_policies |
Additional policies to be added to the IAM role |
list(string) |
false |
|
| iam_role_arn |
Existing IAM role ARN for the cluster. Required if create_iam_role is set to false |
string |
false |
|
| iam_role_description |
Description of the role |
string |
false |
|
| iam_role_name |
Name to use on IAM role created |
string |
false |
|
| iam_role_path |
Cluster IAM role path |
string |
false |
|
| iam_role_permissions_boundary |
ARN of the policy that is used to set the permissions boundary for the IAM role |
string |
false |
|
| iam_role_tags |
A map of additional tags to add to the IAM role created |
map(string) |
false |
|
| iam_role_use_name_prefix |
Determines whether the IAM role name (iam_role_name) is used as a prefix |
string |
false |
|
| node_security_group_additional_rules |
List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source |
any |
false |
|
| node_security_group_description |
Description of the node security group created |
string |
false |
|
| node_security_group_id |
ID of an existing security group to attach to the node groups created |
string |
false |
|
| node_security_group_name |
Name to use on node security group created |
string |
false |
|
| node_security_group_tags |
A map of additional tags to add to the node security group created |
map(string) |
false |
|
| node_security_group_use_name_prefix |
Determines whether node security group name (node_security_group_name) is used as a prefix |
string |
false |
|
| openid_connect_audiences |
List of OpenID Connect audience client IDs to add to the IRSA provider |
list(string) |
false |
|
| prefix_separator |
The separator to use between the prefix and the generated timestamp for resource names |
string |
false |
|
| putin_khuylo |
Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! |
bool |
false |
|
| self_managed_node_group_defaults |
Map of self-managed node group default configurations |
any |
false |
|
| self_managed_node_groups |
Map of self-managed node group definitions to create |
any |
false |
|
| subnet_ids |
A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration |
list(string) |
false |
|
| tags |
A map of tags to add to all resources |
map(string) |
false |
|
| vpc_id |
ID of the VPC where the cluster and its nodes will be provisioned |
string |
false |
|
| writeConnectionSecretToRef |
The secret which the cloud resource connection will be written to |
writeConnectionSecretToRef |
false |
|