Skip to content
/ terraform-aws-eks Public
forked from squareops/terraform-aws-eks

Terraform module to create an Elastic Kubernetes Service(EKS) cluster, managed(CIS) node group and associated resources

squareops.com

License

Apache-2.0 license
0 stars 28 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nitin-yadav-sq/terraform-aws-eks

BranchesTags
 
 

Repository files navigation

AWS EKS Terraform module

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This terraform module is used to create EKS cluster and related resources for container workload deployment on AWS Cloud.

Usage Example

module "eks" {
  source = "squareops/eks/aws"
    name = "SKAF"
    environment = "production"  
    cluster_enabled_log_types = ["api","scheduler"]
    cluster_version = "1.23"
    cluster_log_retention_in_days = 30
    cluster_endpoint_public_access = true
    cluster_endpoint_public_access_cidrs = ["0.0.0.0/0"]
    vpc_id = "vpc-06e37f0786b7eskaf"
    private_subnet_ids    = ["subnet-00exyzd5df967d21w","subnet-0c4abcd5aedxyzaea"]
    kms_key_arn           = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
}

module "managed_node_group_production" {
    source = "squareops/eks/aws//modules/managed-nodegroup"
    name                  = "SKAF"
    environment           = "production"
    eks_cluster_name      = "production-cluster"
    eks_nodes_keypair     = "prod-key"
    subnet_ids            = ["subnet-00exyzd5df967d21w"]
    worker_iam_role_arn   = "arn:aws:iam::222222222222:role/worker_iam_role_arn"
    worker_iam_role_name  = "worker_iam_role_name"
    kms_key_arn           = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
    kms_policy_arn        = module.eks.kms_policy_arn
    desired_size          = 1
    max_size              = 3
    instance_types        = ["t3a.xlarge"]
    capacity_type         = "ON_DEMAND"
    k8s_labels = {
      "Infra-Services" = "true"
    }
}

Refer examples for more details.

IAM Permissions

The required IAM permissions to create resources from this module can be found here

EKS-BOOTSTRAP

The EKS module is designed to be used as a standalone Terraform module. We recommend using EKS-Bootstrap module in conjunction to enhance functionality.

CIS COMPLIANCE

Security scanning is graciously provided by Prowler. Prowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.

Benchmark Description
Ensure EKS Control Plane Audit Logging is enabled for all log types Control plane logging enabled and correctly configured for EKS cluster
Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) Encryption for Kubernetes secrets is configured for EKS cluster
Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled Cluster endpoint access is private for EKS cluster
Restrict Access to the EKS Control Plane Endpoint Cluster control plane access is restricted for EKS cluster

Requirements

Name Version
terraform >= 1.0
aws >= 4.23
helm >= 2.6
kubernetes >= 2.13

Providers

Name Version
aws >= 4.23

Modules

Name Source Version
eks terraform-aws-modules/eks/aws 18.29.0

Resources

Name Type
aws_iam_policy.kubernetes_pvc_kms_policy resource
aws_iam_role.node_role resource
aws_iam_role_policy_attachment.eks_kms_cluster_policy_attachment resource

Inputs

Name Description Type Default Required
cluster_enabled_log_types A list of the desired control plane logs to enable for EKS cluster. Valid values: api,audit,authenticator,controllerManager,scheduler list(string) 
[
  ""
]
 no
cluster_endpoint_public_access Indicates whether or not the Amazon EKS public API server endpoint is enabled bool true no
cluster_endpoint_public_access_cidrs List of CIDR blocks which can access the Amazon EKS public API server endpoint list(string) 
[
  ""
]
 no
cluster_log_retention_in_days Retention period for EKS cluster logs number 90 no
cluster_version Kubernetes . version to use for the EKS cluster string "" no
environment Environment identifier for the EKS cluster string "" no
kms_key_arn KMS key to Encrypt EKS resources. string "" no
name Specify the name of the EKS cluster string "" no
private_subnet_ids Private subnets of the VPC which can be used by EKS list(string) 
[
  ""
]
 no
vpc_id ID of the VPC where the cluster and its nodes will be provisioned string "" no

Outputs

Name Description
cluster_endpoint Endpoint for EKS control plane
cluster_name Kubernetes Cluster Name
cluster_oidc_issuer_url The URL on the EKS cluster for the OpenID Connect identity provider
cluster_security_group_id Security group ids attached to the cluster control plane
kms_policy_arn ARN of KMS policy.
kubeconfig_context_name Name of the kubeconfig context
worker_iam_role_arn ARN of the EKS Worker Role
worker_iam_role_name The name of the EKS Worker IAM role

Contribution & Issue Reporting

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to see if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Be sure to provide enough context and details so others can understand your problem.

License

Apache License, Version 2.0, January 2004 (http://www.apache.org/licenses/).

Support Us

To support a GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository.

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Starring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 4 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.

About

Terraform module to create an Elastic Kubernetes Service(EKS) cluster, managed(CIS) node group and associated resources

squareops.com

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 93.8%
  • Smarty 6.2%