github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-04-09 18:53:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add public access endpoint CIDRs option (terraform-aws-eks#647) (#673)

Browse Source 
* Add public access endpoint CIDRs option (terraform-aws-eks#647)

* Update required provider version to 2.44.0

* Fix formatting in docs
This commit is contained in:
Siddarth Prakash
2020-01-09 18:53:33 -05:00
committed by Thierno IB. BARRY
parent a9db852d44
commit 82aefb20f5
5 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -10,6 +10,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.0.0...HEAD)] - 2019-12-11] ## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.0.0...HEAD)] - 2019-12-11]
- Write your awesome change here (by @you) - Write your awesome change here (by @you)
- Add support for restricting access to the public API endpoint (@sidprak)
# History # History

1
README.md
View File

@@ -157,6 +157,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | `[]` | no | | cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | `[]` | no |
| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | bool | `"false"` | no | | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | bool | `"false"` | no |
| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | bool | `"true"` | no | | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | bool | `"true"` | no |
| cluster\_endpoint\_public\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint. | list(string) | `[ "0.0.0.0/0" ]` | no |
| cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no | | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no |
| cluster\_log\_kms\_key\_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | `""` | no | | cluster\_log\_kms\_key\_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | `""` | no |
| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | number | `"90"` | no | | cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | number | `"90"` | no |

1
cluster.tf
View File

@@ -19,6 +19,7 @@ resource "aws_eks_cluster" "this" {
subnet_ids = var.subnets subnet_ids = var.subnets
endpoint_private_access = var.cluster_endpoint_private_access endpoint_private_access = var.cluster_endpoint_private_access
endpoint_public_access = var.cluster_endpoint_public_access endpoint_public_access = var.cluster_endpoint_public_access
public_access_cidrs = var.cluster_endpoint_public_access_cidrs
} }
timeouts { timeouts {

6
variables.tf
View File

@@ -234,6 +234,12 @@ variable "cluster_endpoint_public_access" {
default = true default = true
} }
variable "cluster_endpoint_public_access_cidrs" {
description = "List of CIDR blocks which can access the Amazon EKS public API server endpoint."
type = list(string)
default = ["0.0.0.0/0"]
}
variable "manage_cluster_iam_resources" { variable "manage_cluster_iam_resources" {
description = "Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified." description = "Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified."
type = bool type = bool

2
versions.tf
View File

@@ -2,7 +2,7 @@ terraform {
required_version = ">= 0.12.9" required_version = ">= 0.12.9"
required_providers { required_providers {
aws = ">= 2.38.0" aws = ">= 2.44.0"
local = ">= 1.2" local = ">= 1.2"
null = ">= 2.1" null = ">= 2.1"
template = ">= 2.1" template = ">= 2.1"