diff --git a/README.md b/README.md
index ae234a9..c82ffd5 100644
--- a/README.md
+++ b/README.md
@@ -251,6 +251,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| [kubernetes_config_map.aws_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
| [kubernetes_config_map_v1_data.aws_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1_data) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_default_tags.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
@@ -370,6 +371,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 7aa52f0..6961891 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -88,6 +88,7 @@ No inputs.
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index c612b0f..c6b06de 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -84,6 +84,11 @@ output "oidc_provider_arn" {
value = module.eks.oidc_provider_arn
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
################################################################################
# IAM Role
################################################################################
diff --git a/examples/eks_managed_node_group/README.md b/examples/eks_managed_node_group/README.md
index 654a116..9014bc6 100644
--- a/examples/eks_managed_node_group/README.md
+++ b/examples/eks_managed_node_group/README.md
@@ -123,6 +123,7 @@ No inputs.
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
diff --git a/examples/eks_managed_node_group/outputs.tf b/examples/eks_managed_node_group/outputs.tf
index 3e9e8dd..6e31908 100644
--- a/examples/eks_managed_node_group/outputs.tf
+++ b/examples/eks_managed_node_group/outputs.tf
@@ -103,6 +103,11 @@ output "oidc_provider_arn" {
value = module.eks.oidc_provider_arn
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
################################################################################
# IAM Role
################################################################################
diff --git a/examples/fargate_profile/README.md b/examples/fargate_profile/README.md
index 81f0366..d8a1bfe 100644
--- a/examples/fargate_profile/README.md
+++ b/examples/fargate_profile/README.md
@@ -68,6 +68,7 @@ No inputs.
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
diff --git a/examples/fargate_profile/outputs.tf b/examples/fargate_profile/outputs.tf
index 3e9e8dd..6e31908 100644
--- a/examples/fargate_profile/outputs.tf
+++ b/examples/fargate_profile/outputs.tf
@@ -103,6 +103,11 @@ output "oidc_provider_arn" {
value = module.eks.oidc_provider_arn
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
################################################################################
# IAM Role
################################################################################
diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index fa06e90..761299a 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -108,6 +108,7 @@ No inputs.
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
diff --git a/examples/karpenter/outputs.tf b/examples/karpenter/outputs.tf
index bfe5398..dbbec23 100644
--- a/examples/karpenter/outputs.tf
+++ b/examples/karpenter/outputs.tf
@@ -84,6 +84,11 @@ output "oidc_provider_arn" {
value = module.eks.oidc_provider_arn
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
################################################################################
# IAM Role
################################################################################
diff --git a/examples/self_managed_node_group/README.md b/examples/self_managed_node_group/README.md
index 7831b49..a543d64 100644
--- a/examples/self_managed_node_group/README.md
+++ b/examples/self_managed_node_group/README.md
@@ -85,6 +85,7 @@ No inputs.
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
+| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |
| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups |
| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
diff --git a/examples/self_managed_node_group/outputs.tf b/examples/self_managed_node_group/outputs.tf
index 3e9e8dd..6e31908 100644
--- a/examples/self_managed_node_group/outputs.tf
+++ b/examples/self_managed_node_group/outputs.tf
@@ -103,6 +103,11 @@ output "oidc_provider_arn" {
value = module.eks.oidc_provider_arn
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
################################################################################
# IAM Role
################################################################################
diff --git a/main.tf b/main.tf
index 6b0dc66..011a26c 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,6 @@
data "aws_partition" "current" {}
data "aws_caller_identity" "current" {}
+data "aws_default_tags" "current" {}
locals {
create = var.create && var.putin_khuylo
@@ -66,7 +67,10 @@ resource "aws_ec2_tag" "cluster_primary_security_group" {
# This should not affect the name of the cluster primary security group
# Ref: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2006
# Ref: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2008
- for_each = { for k, v in merge(var.tags, var.cluster_tags) : k => v if local.create && k != "Name" && var.create_cluster_primary_security_group_tags }
+ # `aws_default_tags` is merged in to "dedupe" tags and stabilize tag updates
+ for_each = { for k, v in merge(var.tags, var.cluster_tags, data.aws_default_tags.current.tags) :
+ k => v if local.create && k != "Name" && var.create_cluster_primary_security_group_tags
+ }
resource_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
key = each.key
diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md
index 44aa062..eb8f35d 100644
--- a/modules/eks-managed-node-group/README.md
+++ b/modules/eks-managed-node-group/README.md
@@ -113,7 +113,7 @@ module "eks_managed_node_group" {
| [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance(s) will be EBS-optimized | `bool` | `null` | no |
| [elastic\_gpu\_specifications](#input\_elastic\_gpu\_specifications) | The elastic GPU to attach to the instance | `map(string)` | `{}` | no |
| [elastic\_inference\_accelerator](#input\_elastic\_inference\_accelerator) | Configuration block containing an Elastic Inference Accelerator to attach to the instance | `map(string)` | `{}` | no |
-| [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template | `bool` | `false` | no |
+| [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template. Only valid when using a custom AMI via `ami_id` | `bool` | `false` | no |
| [enable\_monitoring](#input\_enable\_monitoring) | Enables/disables detailed monitoring | `bool` | `true` | no |
| [enclave\_options](#input\_enclave\_options) | Enable Nitro Enclaves on launched instances | `map(string)` | `{}` | no |
| [force\_update\_version](#input\_force\_update\_version) | Force version update if existing pods are unable to be drained due to a pod disruption budget issue | `bool` | `null` | no |
diff --git a/modules/eks-managed-node-group/variables.tf b/modules/eks-managed-node-group/variables.tf
index 72a5aa7..0000827 100644
--- a/modules/eks-managed-node-group/variables.tf
+++ b/modules/eks-managed-node-group/variables.tf
@@ -21,7 +21,7 @@ variable "platform" {
################################################################################
variable "enable_bootstrap_user_data" {
- description = "Determines whether the bootstrap configurations are populated within the user data template"
+ description = "Determines whether the bootstrap configurations are populated within the user data template. Only valid when using a custom AMI via `ami_id`"
type = bool
default = false
}
diff --git a/outputs.tf b/outputs.tf
index 25b8a0b..7fb6d8c 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -108,6 +108,11 @@ output "oidc_provider_arn" {
value = try(aws_iam_openid_connect_provider.oidc_provider[0].arn, "")
}
+output "cluster_tls_certificate_sha1_fingerprint" {
+ description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+ value = try(data.tls_certificate.this[0].certificates[0].sha1_fingerprint, "")
+}
+
################################################################################
# IAM Role
################################################################################