terraform-aws-eks-auto

Terraform module for deploying an AWS EKS cluster in Auto Mode with fully managed compute

Requirements

Name	Version
aws	>= 6.0.0
kubernetes	2.36.0
tls	4.0.6

Providers

No providers.

Modules

Name	Source	Version
addons	./modules/addons	n/a
cluster	./modules/cluster	n/a
container_insights	./modules/container_insights	n/a
ebs_csi_controller	./modules/ebs_csi_controller	n/a
namespaces	./modules/namespaces	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
apps	n/a	list(object({ name = string image = string port = number namespace = optional(string, "default") labels = optional(map(string), {}) enable_logging = optional(bool, false) replicas = optional(number, 1) autoscaling = optional(object({ enabled = bool }), { enabled = false }) resources = optional(object({ limits = optional(map(string)), requests = optional(map(string)) }), null) env = optional(list(object({ name = string, value = string })), []) healthcheck = optional(object({ liveness = optional(object({ http_get = object({ path = string, port = number }) initial_delay_seconds = number period_seconds = number })) readiness = optional(object({ http_get = object({ path = string, port = number }) initial_delay_seconds = number period_seconds = number })) }), { liveness = null, readiness = null }) volume_mounts = optional(list(object({ name = string, mount_path = string })), []) volumes = optional(list(object({ name = string persistent_volume_claim = object({ claim_name = string }) })), []) init_containers = optional(list(object({ name = string, image = string, command = list(string) })), []) node_selector = optional(map(string), {}) tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = optional(string) effect = optional(string) })), []) image_pull_secrets = optional(list(string), []) pod_annotations = optional(map(string), {}) security_context = optional(object({ run_as_user = optional(number) run_as_group = optional(number) fs_group = optional(number) }), null) }))	[]	no
cluster_enabled_log_types	List of enabled cluster log types	list(string)	[]	no
cluster_name	Name of the EKS cluster	string	n/a	yes
cluster_node_pools	Node pools for EKS Auto Mode (valid: general-purpose, system)	list(string)	[ "general-purpose" ]	no
cluster_upgrade_policy	Upgrade policy for EKS cluster	object({ support_type = optional(string, null) })	{}	no
cluster_version	EKS Kubernetes version	string	"latest"	no
cluster_vpc_config	VPC configuration for EKS	object({ private_subnet_ids = list(string) private_access_cidrs = list(string) public_access_cidrs = list(string) security_group_ids = list(string) endpoint_private_access = bool endpoint_public_access = bool })	n/a	yes
cluster_zonal_shift_config	Zonal shift configuration	object({ enabled = optional(bool, false) })	{}	no
create_security_group	Whether to create an internal security group for EKS	bool	true	no
ebs_csi_controller_sa_name	The name of the Kubernetes ServiceAccount used by the EBS CSI driver	string	"ebs-csi-controller-sa"	no
ebs_csi_driver_chart_version	Helm chart version to use for AWS EBS CSI Driver. Use 'latest' or null to always get the latest chart version.	string	"latest"	no
eks_addons	List of EKS add-ons to install with optional configurations	list(object({ name = string version = optional(string, null) configuration_values = optional(string, null) resolve_conflicts_on_create = optional(string, "NONE") resolve_conflicts_on_update = optional(string, "NONE") tags = optional(map(string), {}) preserve = optional(bool, false) }))	[]	no
eks_log_prevent_destroy	Whether to prevent the destruction of the CloudWatch log group	bool	true	no
eks_log_retention_days	The number of days to retain logs for the EKS in CloudWatch	number	30	no
eks_view_access	Configuration for assigning view access to EKS cluster	object({ enabled = bool role_names = list(string) })	{ "enabled": false, "role_names": [] }	no
enable_aws_load_balancer_controller	Enable AWS Load Balancer Controller with IAM role and RBAC	bool	false	no
enable_cluster_encryption	Enable encryption for Kubernetes secrets using a KMS key	bool	false	no
enable_container_insights	Whether to enable CloudWatch logging for EKS workloads (e.g., Fluent Bit, Fargate logs)	bool	false	no
enable_ebs_csi_controller	Enable the AWS EBS CSI Controller. If true, deploys the Helm release and sets up required IAM roles and policies.	bool	false	no
enable_elastic_load_balancing	Enable or disable Elastic Load Balancing for EKS Auto Mode	bool	true	no
enable_oidc	Enable IAM Roles for Service Accounts (IRSA) support by creating the OIDC provider for the EKS cluster.	bool	true	no
enable_prometheus	Enable Prometheus monitoring with StatefulSet, persistent storage, and LoadBalancer service	bool	false	no
fluentbit_namespace	The Kubernetes namespace where Fluent Bit is deployed. Use 'aws-observability' for EKS Auto Mode or 'amazon-cloudwatch' for standard EKS.	string	"aws-observability"	no
fluentbit_sa_name	The name of the Kubernetes service account used by Fluent Bit. This is used to associate the IAM role via IRSA.	string	"fluent-bit"	no
helm_charts	List of Helm releases to deploy	list(object({ name = string namespace = string repository = string chart = string chart_version = optional(string) values_files = optional(list(string), []) set_values = optional(list(object({ name = string, value = string })), []) set_sensitive_values = optional(list(object({ name = string, value = string })), []) create_namespace = optional(bool, true) enabled = optional(bool, true) depends_on = optional(list(any), []) }))	[]	no
namespaces	List of Kubernetes namespaces to create	list(string)	[]	no
prometheus_chart_version	Version of the Prometheus Helm chart	string	"25.8.0"	no
prometheus_namespace	Kubernetes namespace for Prometheus	string	"monitoring"	no
prometheus_replicas	The number of Prometheus replicas to deploy	number	1	no
prometheus_resources	The resource requests and limits for Prometheus	object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) })	{ "limits": { "cpu": "1000m", "memory": "2Gi" }, "requests": { "cpu": "100m", "memory": "512Mi" } }	no
prometheus_retention_time	The number of days to retain metrics in Prometheus	string	"15d"	no
prometheus_service_annotations	The annotations for the Prometheus service	map(string)	{ "service.beta.kubernetes.io/aws-load-balancer-scheme": "internal", "service.beta.kubernetes.io/aws-load-balancer-type": "nlb" }	no
prometheus_service_type	The type of Kubernetes service for Prometheus	string	"LoadBalancer"	no
prometheus_storage_class	The storage class for the Prometheus persistent volume	string	"gp2"	no
prometheus_storage_size	The size of the persistent volume for Prometheus data	string	"10Gi"	no
prometheus_version	Prometheus version. Use 'latest' or null to always get the latest version.	string	"latest"	no
tags	A map of tags to use on all resources	map(string)	{}	no
timeouts	Timeouts for EKS cluster creation, update, and deletion	object({ create = optional(string, null) update = optional(string, null) delete = optional(string, null) })	{}	no
vpc_id	VPC ID where the EKS cluster will be deployed	string	n/a	yes

Outputs

Name	Description
cluster_version	The Kubernetes version used by the EKS cluster, if exported by the module.
eks_cluster_auth_token	Authentication token for the EKS cluster (used by kubectl and SDKs)
eks_cluster_ca_cert	The base64-decoded certificate authority data for the EKS cluster
eks_cluster_endpoint	The endpoint URL of the EKS cluster
oidc_provider_arn	ARN of the OIDC provider for IRSA
oidc_provider_url	URL of the OIDC provider for IRSA