aws-ia · bryantbiggs · Oct 1, 2022 · Sep 30, 2022 · Sep 30, 2022 · Sep 30, 2022
@@ -5,7 +5,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0, < 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
 
 ## Providers

@@ -37,9 +37,9 @@ Helm Addon module can be used to provision a generic Helm Chart as an Add-On for
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = optional(string)<br>    irsa_iam_permissions_boundary  = optional(string)<br>  })</pre> | n/a | yes |
+| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | `any` | n/a | yes |
 | <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs | `any` | n/a | yes |
-| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | <pre>object({<br>    kubernetes_namespace              = string<br>    create_kubernetes_namespace       = optional(bool)<br>    kubernetes_service_account        = string<br>    create_kubernetes_service_account = optional(bool)<br>    kubernetes_svc_image_pull_secrets = optional(list(string))<br>    irsa_iam_policies                 = optional(list(string))<br>  })</pre> | `null` | no |
+| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | `any` | `{}` | no |
 | <a name="input_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no |
 | <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
 | <a name="input_set_sensitive_values"></a> [set\_sensitive\_values](#input\_set\_sensitive\_values) | Forced set\_sensitive values | `any` | `[]` | no |

@@ -61,17 +61,19 @@ resource "helm_release" "addon" {
 }
 
 module "irsa" {
-  count                             = var.irsa_config != null ? 1 : 0
-  source                            = "../../irsa"
+  source = "../../irsa"
+
+  count = length(var.irsa_config) > 0 ? 1 : 0
+
   create_kubernetes_namespace       = try(var.irsa_config.create_kubernetes_namespace, true)
   create_kubernetes_service_account = try(var.irsa_config.create_kubernetes_service_account, true)
-  kubernetes_namespace              = var.irsa_config.kubernetes_namespace
-  kubernetes_service_account        = var.irsa_config.kubernetes_service_account
-  kubernetes_svc_image_pull_secrets = var.irsa_config.kubernetes_svc_image_pull_secrets
-  irsa_iam_policies                 = var.irsa_config.irsa_iam_policies
+  kubernetes_namespace              = lookup(var.irsa_config, "kubernetes_namespace", "")
+  kubernetes_service_account        = lookup(var.irsa_config, "kubernetes_service_account", "")
+  kubernetes_svc_image_pull_secrets = try(var.irsa_config.kubernetes_svc_image_pull_secrets, null)
+  irsa_iam_policies                 = lookup(var.irsa_config, "irsa_iam_policies", null)
   irsa_iam_role_name                = var.irsa_iam_role_name
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
+  irsa_iam_role_path                = lookup(var.addon_context, "irsa_iam_role_path", null)
+  irsa_iam_permissions_boundary     = lookup(var.addon_context, "irsa_iam_permissions_boundary", null)
   eks_cluster_id                    = var.addon_context.eks_cluster_id
   eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
 }
@@ -22,37 +22,18 @@ variable "manage_via_gitops" {
 }
 
 variable "irsa_iam_role_name" {
-  type        = string
   description = "IAM role name for IRSA"
+  type        = string
   default     = ""
 }
 
 variable "irsa_config" {
   description = "Input configuration for IRSA module"
-  type = object({
-    kubernetes_namespace              = string
-    create_kubernetes_namespace       = optional(bool)
-    kubernetes_service_account        = string
-    create_kubernetes_service_account = optional(bool)
-    kubernetes_svc_image_pull_secrets = optional(list(string))
-    irsa_iam_policies                 = optional(list(string))
-  })
-  default = null
+  type        = any
+  default     = {}
 }
 
 variable "addon_context" {
   description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = optional(string)
-    irsa_iam_permissions_boundary  = optional(string)
-  })
+  type        = any
 }
@@ -1,8 +1,6 @@
 terraform {
   required_version = ">= 1.0.0"
 
-  experiments = [module_variable_optional_attrs]
-
   required_providers {
     helm = {
       source  = "hashicorp/helm"

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0, < 1.3.0"
+  required_version = ">= 1.0.0"
 
   required_providers {
     aws = {

@@ -97,7 +97,7 @@ module "launch_templates" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0, < 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
 
 ## Providers
@@ -122,7 +122,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes |
-| <a name="input_launch_template_config"></a> [launch\_template\_config](#input\_launch\_template\_config) | Launch template configuration | <pre>map(object({<br>    ami                    = string<br>    launch_template_os     = optional(string)<br>    launch_template_prefix = string<br>    instance_type          = optional(string)<br>    capacity_type          = optional(string)<br>    iam_instance_profile   = optional(string)<br>    vpc_security_group_ids = optional(list(string)) # conflicts with network_interfaces<br><br>    network_interfaces = optional(list(object({<br>      public_ip       = optional(bool)<br>      security_groups = optional(list(string))<br>    })))<br><br>    block_device_mappings = list(object({<br>      device_name           = string<br>      volume_type           = string<br>      volume_size           = string<br>      delete_on_termination = optional(bool)<br>      encrypted             = optional(bool)<br>      kms_key_id            = optional(string)<br>      iops                  = optional(string)<br>      throughput            = optional(string)<br>    }))<br><br>    format_mount_nvme_disk = optional(bool)<br>    pre_userdata           = optional(string)<br>    bootstrap_extra_args   = optional(string)<br>    post_userdata          = optional(string)<br>    kubelet_extra_args     = optional(string)<br><br>    enable_metadata_options     = optional(bool)<br>    http_endpoint               = optional(string)<br>    http_tokens                 = optional(string)<br>    http_put_response_hop_limit = optional(number)<br>    http_protocol_ipv6          = optional(string)<br>    instance_metadata_tags      = optional(string)<br><br>    service_ipv6_cidr = optional(string)<br>    service_ipv4_cidr = optional(string)<br><br>    monitoring = optional(bool)<br>  }))</pre> | n/a | yes |
+| <a name="input_launch_template_config"></a> [launch\_template\_config](#input\_launch\_template\_config) | Launch template configuration | `any` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
 
 ## Outputs

@@ -1,38 +1,42 @@
+data "aws_eks_cluster" "eks" {
+  name = var.eks_cluster_id
+}
+
 resource "aws_launch_template" "this" {
-  for_each = local.launch_template_config
+  for_each = var.launch_template_config
 
-  name        = format("%s-%s", each.value.launch_template_prefix, var.eks_cluster_id)
+  name        = format("%s-%s", try(each.value.launch_template_prefix, ""), var.eks_cluster_id)
   description = "Launch Template for Amazon EKS Worker Nodes"
 
-  image_id               = each.value.ami
+  image_id               = try(each.value.ami, null)
   update_default_version = true
 
-  instance_type = try(length(each.value.instance_type), 0) == 0 ? null : each.value.instance_type
+  instance_type = try(each.value.instance_type, null)
 
-  user_data = base64encode(templatefile("${path.module}/templates/userdata-${each.value.launch_template_os}.tpl",
+  user_data = base64encode(templatefile("${path.module}/templates/userdata-${try(each.value.launch_template_os, "amazonlinux2eks")}.tpl",
     {
-      pre_userdata           = each.value.pre_userdata
-      post_userdata          = each.value.post_userdata
-      bootstrap_extra_args   = each.value.bootstrap_extra_args
-      kubelet_extra_args     = each.value.kubelet_extra_args
+      pre_userdata           = try(each.value.pre_userdata, "")
+      post_userdata          = try(each.value.post_userdata, "")
+      bootstrap_extra_args   = try(each.value.bootstrap_extra_args, "")
+      kubelet_extra_args     = try(each.value.kubelet_extra_args, "")
       eks_cluster_id         = var.eks_cluster_id
       cluster_ca_base64      = data.aws_eks_cluster.eks.certificate_authority[0].data
       cluster_endpoint       = data.aws_eks_cluster.eks.endpoint
-      service_ipv6_cidr      = try(each.value.service_ipv6_cidr, "")
-      service_ipv4_cidr      = try(each.value.service_ipv4_cidr, "")
-      format_mount_nvme_disk = each.value.format_mount_nvme_disk
+      service_ipv6_cidr      = try(each.value.service_ipv6_cidr, "") == null ? "" : each.value.service_ipv6_cidr
+      service_ipv4_cidr      = try(each.value.service_ipv4_cidr, "") == null ? "" : each.value.service_ipv4_cidr
+      format_mount_nvme_disk = try(each.value.format_mount_nvme_disk, false)
   }))
 
   dynamic "iam_instance_profile" {
-    for_each = try(length(each.value.iam_instance_profile), 0) == 0 ? {} : { iam_instance_profile : each.value.iam_instance_profile }
+    for_each = length(try(each.value.iam_instance_profile, {})) > 0 ? { iam_instance_profile : each.value.iam_instance_profile } : {}
     iterator = iam
     content {
       name = iam.value
     }
   }
 
   dynamic "instance_market_options" {
-    for_each = trimspace(lower(each.value.capacity_type)) == "spot" ? { enabled = true } : {}
+    for_each = trimspace(lower(try(each.value.capacity_type, null))) == "spot" ? { enabled = true } : {}
 
     content {
       market_type = each.value.capacity_type
@@ -42,7 +46,7 @@ resource "aws_launch_template" "this" {
   ebs_optimized = true
 
   dynamic "block_device_mappings" {
-    for_each = each.value.block_device_mappings
+    for_each = try(each.value.block_device_mappings, {})
 
     content {
       device_name = try(block_device_mappings.value.device_name, null)
@@ -53,32 +57,33 @@ resource "aws_launch_template" "this" {
         kms_key_id            = try(block_device_mappings.value.kms_key_id, null)
         volume_size           = try(block_device_mappings.value.volume_size, null)
         volume_type           = try(block_device_mappings.value.volume_type, null)
-        iops                  = block_device_mappings.value.volume_type == "gp3" || block_device_mappings.value.volume_type == "io1" || block_device_mappings.value.volume_type == "io2" ? block_device_mappings.value.iops : null
-        throughput            = block_device_mappings.value.volume_type == "gp3" ? block_device_mappings.value.throughput : null
+        iops                  = contains(["gp3", "io1", "io2"], try(block_device_mappings.value.volume_type, "")) ? try(block_device_mappings.value.iops, 3000) : null
+        throughput            = try(block_device_mappings.value.volume_type, "") == "gp3" ? try(block_device_mappings.value.throughput, 125) : null
       }
     }
   }
 
-  vpc_security_group_ids = try(length(each.value.vpc_security_group_ids), 0) == 0 ? null : each.value.vpc_security_group_ids
+  vpc_security_group_ids = try(each.value.vpc_security_group_ids, null)
 
   dynamic "network_interfaces" {
-    for_each = each.value.network_interfaces
+    for_each = try(each.value.network_interfaces, {})
+
     content {
       associate_public_ip_address = try(network_interfaces.value.public_ip, false)
-      security_groups             = try(length(network_interfaces.value.security_groups), 0) == 0 ? null : network_interfaces.value.security_groups
+      security_groups             = try(network_interfaces.value.security_groups, null)
     }
   }
 
   dynamic "monitoring" {
-    for_each = each.value.monitoring ? [1] : []
+    for_each = try(each.value.monitoring, true) ? [1] : []
 
     content {
       enabled = true
     }
   }
 
   dynamic "metadata_options" {
-    for_each = each.value.enable_metadata_options ? [1] : []
+    for_each = try(each.value.enable_metadata_options, true) ? [1] : []
 
     content {
       http_endpoint               = try(each.value.http_endpoint, "enabled")

@@ -1,48 +1,6 @@
 variable "launch_template_config" {
   description = "Launch template configuration"
-  type = map(object({
-    ami                    = string
-    launch_template_os     = optional(string)
-    launch_template_prefix = string
-    instance_type          = optional(string)
-    capacity_type          = optional(string)
-    iam_instance_profile   = optional(string)
-    vpc_security_group_ids = optional(list(string)) # conflicts with network_interfaces
-
-    network_interfaces = optional(list(object({
-      public_ip       = optional(bool)
-      security_groups = optional(list(string))
-    })))
-
-    block_device_mappings = list(object({
-      device_name           = string
-      volume_type           = string
-      volume_size           = string
-      delete_on_termination = optional(bool)
-      encrypted             = optional(bool)
-      kms_key_id            = optional(string)
-      iops                  = optional(string)
-      throughput            = optional(string)
-    }))
-
-    format_mount_nvme_disk = optional(bool)
-    pre_userdata           = optional(string)
-    bootstrap_extra_args   = optional(string)
-    post_userdata          = optional(string)
-    kubelet_extra_args     = optional(string)
-
-    enable_metadata_options     = optional(bool)
-    http_endpoint               = optional(string)
-    http_tokens                 = optional(string)
-    http_put_response_hop_limit = optional(number)
-    http_protocol_ipv6          = optional(string)
-    instance_metadata_tags      = optional(string)
-
-    service_ipv6_cidr = optional(string)
-    service_ipv4_cidr = optional(string)
-
-    monitoring = optional(bool)
-  }))
+  type        = any
 }
 
 variable "eks_cluster_id" {

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0, < 1.3.0"
+  required_version = ">= 1.0.0"
 
   required_providers {
     aws = {