Skip to content

eks-iam-access

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

eks-iam-access

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
resource-group.tf
resource-group.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

eks-iam-access

This module creates following resources.

  • aws_eks_access_entry (optional)
  • aws_eks_access_policy_association (optional)

Requirements

Name Version
terraform >= 1.12
aws >= 6.12

Providers

No providers.

Modules

Name Source Version
node ../eks-access-entry n/a
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.12.0
user ../eks-access-entry n/a

Resources

No resources.

Inputs

Name Description Type Default Required
cluster_name (Required) The name of the Amazon EKS cluster to create IAM access entries. string n/a yes
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
node_access_entries (Optional) A list of configurations for EKS access entries for nodes (EC2 instances, Fargate) that are allowed to access the EKS cluster. Each item of node_access_entries block as defined below.
(Required) name - A unique name for the access entry. This value is only used internally within Terraform code.
(Required) type - The type of the access entry. Valid values are EC2, EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX, HYBRID_LINUX, HYPERPOD_LINUX.
(Required) principal - The ARN of one, and only one, existing IAM principal to grant access to Kubernetes objects on the cluster. An IAM principal can't be included in more than one access entry.		 
list(object({
    name      = string
    type      = string
    principal = string
  }))
 [] no
region (Optional) The region in which to create the module resources. If not provided, the module resources will be created in the provider's configured region. string null no
resource_group (Optional) A configurations of Resource Group for this module. resource_group as defined below.
(Optional) enabled - Whether to create Resource Group to find and group AWS resources which are created by this module. Defaults to true.
(Optional) name - The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. If not provided, a name will be generated using the module name and instance name.
(Optional) description - The description of Resource Group. Defaults to Managed by Terraform..		 
object({
    enabled     = optional(bool, true)
    name        = optional(string, "")
    description = optional(string, "Managed by Terraform.")
  })
 {} no
tags (Optional) A map of tags to add to all resources. map(string) {} no
timeouts (Optional) How long to wait for the EKS access entry to be created/deleted. 
object({
    create = optional(string, "20m")
    delete = optional(string, "40m")
  })
 {} no
user_access_entries (Optional) A list of configurations for EKS access entries for users (IAM roles, users) that are allowed to access the EKS cluster. Each item of user_access_entries block as defined below.
(Required) name - A unique name for the access entry. This value is only used internally within Terraform code.
(Required) principal - The ARN of one, and only one, existing IAM principal to grant access to Kubernetes objects on the cluster. An IAM principal can't be included in more than one access entry.
(Optional) kubernetes_username - The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. Defaults to the IAM principal ARN.
(Optional) kubernetes_groups - A set of groups within the Kubernetes cluster.
(Optional) kubernetes_permissions - A list of permissions for EKS access entry to the EKS cluster. Each item of kubernetes_permissions block as defined below.
(Required) policy - The ARN of the access policy that you're associating.
(Optional) scope - The type of access scope that you're associating. Valid values are NAMESPACE, CLUSTER. Defaults to CLUSTER.
(Optional) namespaces - A set of namespaces to which the access scope applies. You can enter plain text namespaces, or wildcard namespaces such as dev-*.		 
list(object({
    name                = string
    principal           = string
    kubernetes_username = optional(string)
    kubernetes_groups   = optional(set(string), [])
    kubernetes_permissions = optional(list(object({
      policy     = string
      scope      = optional(string, "CLUSTER")
      namespaces = optional(set(string), [])
    })), [])
  }))
 [] no

Outputs

Name Description
cluster_name The name of the EKS cluster.
node_access_entries The list of configurations for EKS access entries for nodes (EC2 instances, Fargate).
region The AWS region this module resources resides in.
resource_group The resource group created to manage resources in this module.
user_access_entries The list of configurations for EKS access entries for users (IAM roles, users).