github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-18 09:38:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Ensure that custom KMS key is not created if encryption is not enabled, support computed values in cluster name (#2328)

Browse Source 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Resolves undefined
Resolved undefined
Closes undefined
This commit is contained in:
Carlos Santana
2022-12-07 11:05:49 -05:00
committed by GitHub
parent c0423efb94
commit b83f6d98bf
4 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/complete/README.md
View File

@@ -54,6 +54,7 @@ Note that this example may create resources which cost money. Run `terraform des
| <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
| <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | ../../modules/eks-managed-node-group | n/a |
| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | ../../modules/fargate-profile | n/a |
| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | 1.1.0 |
| <a name="module_self_managed_node_group"></a> [self\_managed\_node\_group](#module\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
@@ -64,6 +65,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_iam_policy.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_security_group.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
## Inputs

22
examples/complete/main.tf
View File

@@ -15,6 +15,7 @@ provider "kubernetes" {
}
data "aws_availability_zones" "available" {}
data "aws_caller_identity" "current" {}
locals {
name = "ex-${replace(basename(path.cwd), "_", "-")}"
@@ -58,13 +59,12 @@ module "eks" {
}
}
# Encryption key
create_kms_key = true
# External encryption key
create_kms_key = false
cluster_encryption_config = {
resources = ["secrets"]
resources = ["secrets"]
provider_key_arn = module.kms.key_arn
}
kms_key_deletion_window_in_days = 7
enable_kms_key_rotation = true
iam_role_additional_policies = {
additional = aws_iam_policy.additional.arn
@@ -460,3 +460,15 @@ resource "aws_iam_policy" "additional" {
]
})
}
module "kms" {
source = "terraform-aws-modules/kms/aws"
version = "1.1.0"
aliases = ["eks/${local.name}"]
description = "${local.name} cluster encryption key"
enable_default_policy = true
key_owners = [data.aws_caller_identity.current.arn]
tags = local.tags
}