mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-01-15 00:04:07 +01:00
3b974d33ad
* feat: Add support for EKS hybrid nodes * feat: Add support for EKS Auto Mode * chore: Update test directory names * chore: Clean up examples and tests * fix: Clean up and last minute changes for GA * chore: Formatting * chore: Bump min required version for new features * fix: Corrects from test/validation on existing clusters * feat: Add policy for custom tags on EKS Auto Mode, validate examples * chore: Expand on `CAM` acronym * chore: Update README to match examples
240 lines
7.0 KiB
HCL
240 lines
7.0 KiB
HCL
variable "create" {
|
|
description = "Controls if resources should be created (affects nearly all resources)"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
################################################################################
|
|
# Node IAM Role
|
|
################################################################################
|
|
|
|
variable "name" {
|
|
description = "Name of the IAM role"
|
|
type = string
|
|
default = "EKSHybridNode"
|
|
}
|
|
|
|
variable "use_name_prefix" {
|
|
description = "Determines whether the name of the IAM role (`name`) is used as a prefix"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "path" {
|
|
description = "Path of the IAM role"
|
|
type = string
|
|
default = "/"
|
|
}
|
|
|
|
variable "description" {
|
|
description = "IAM role description"
|
|
type = string
|
|
default = "EKS Hybrid Node IAM role"
|
|
}
|
|
|
|
variable "max_session_duration" {
|
|
description = "Maximum API session duration in seconds between 3600 and 43200"
|
|
type = number
|
|
default = null
|
|
}
|
|
|
|
variable "permissions_boundary_arn" {
|
|
description = "Permissions boundary ARN to use for the IAM role"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "A map of additional tags to add the the IAM role"
|
|
type = map(any)
|
|
default = {}
|
|
}
|
|
|
|
variable "enable_ira" {
|
|
description = "Enables IAM Roles Anywhere based IAM permissions on the node"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "trust_anchor_arns" {
|
|
description = "List of IAM Roles Anywhere trust anchor ARNs. Required if `enable_ira` is set to `true`"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
################################################################################
|
|
# Node IAM Role Policy
|
|
################################################################################
|
|
|
|
variable "policy_name" {
|
|
description = "Name of the IAM policy"
|
|
type = string
|
|
default = "EKSHybridNode"
|
|
}
|
|
|
|
variable "policy_use_name_prefix" {
|
|
description = "Determines whether the name of the IAM policy (`policy_name`) is used as a prefix"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "policy_path" {
|
|
description = "Path of the IAM policy"
|
|
type = string
|
|
default = "/"
|
|
}
|
|
|
|
variable "policy_description" {
|
|
description = "IAM policy description"
|
|
type = string
|
|
default = "EKS Hybrid Node IAM role policy"
|
|
}
|
|
|
|
variable "policy_statements" {
|
|
description = "A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) - used for adding specific IAM permissions as needed"
|
|
type = any
|
|
default = []
|
|
}
|
|
|
|
variable "policies" {
|
|
description = "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
|
|
type = map(string)
|
|
default = {}
|
|
}
|
|
|
|
variable "cluster_arns" {
|
|
description = "List of EKS cluster ARNs to allow the node to describe"
|
|
type = list(string)
|
|
default = ["*"]
|
|
}
|
|
|
|
variable "enable_pod_identity" {
|
|
description = "Enables EKS Pod Identity based IAM permissions on the node"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
################################################################################
|
|
# IAM Roles Anywhere Profile
|
|
################################################################################
|
|
|
|
variable "ira_profile_name" {
|
|
description = "Name of the Roles Anywhere profile"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ira_profile_duration_seconds" {
|
|
description = "The number of seconds the vended session credentials are valid for. Defaults to `3600`"
|
|
type = number
|
|
default = null
|
|
}
|
|
|
|
variable "ira_profile_managed_policy_arns" {
|
|
description = "A list of managed policy ARNs that apply to the vended session credentials"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "ira_profile_require_instance_properties" {
|
|
description = "Specifies whether instance properties are required in [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) requests with this profile"
|
|
type = bool
|
|
default = null
|
|
}
|
|
|
|
variable "ira_profile_session_policy" {
|
|
description = "A session policy that applies to the trust boundary of the vended session credentials"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
################################################################################
|
|
# Roles Anywhere Trust Anchor
|
|
################################################################################
|
|
|
|
variable "ira_trust_anchor_name" {
|
|
description = "Name of the Roles Anywhere trust anchor"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ira_trust_anchor_notification_settings" {
|
|
description = "Notification settings for the trust anchor"
|
|
type = any
|
|
default = []
|
|
}
|
|
|
|
variable "ira_trust_anchor_acm_pca_arn" {
|
|
description = "The ARN of the ACM PCA that issued the trust anchor certificate"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ira_trust_anchor_x509_certificate_data" {
|
|
description = "The X.509 certificate data of the trust anchor"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ira_trust_anchor_source_type" {
|
|
description = "The source type of the trust anchor"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
################################################################################
|
|
# Intermediate IAM Role
|
|
################################################################################
|
|
|
|
variable "intermediate_role_name" {
|
|
description = "Name of the IAM role"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "intermediate_role_use_name_prefix" {
|
|
description = "Determines whether the name of the IAM role (`intermediate_role_name`) is used as a prefix"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "intermediate_role_path" {
|
|
description = "Path of the IAM role"
|
|
type = string
|
|
default = "/"
|
|
}
|
|
|
|
variable "intermediate_role_description" {
|
|
description = "IAM role description"
|
|
type = string
|
|
default = "EKS Hybrid Node IAM Roles Anywhere intermediate IAM role"
|
|
}
|
|
|
|
################################################################################
|
|
# Intermediate IAM Role Policy
|
|
################################################################################
|
|
|
|
variable "intermediate_policy_name" {
|
|
description = "Name of the IAM policy"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "intermediate_policy_use_name_prefix" {
|
|
description = "Determines whether the name of the IAM policy (`intermediate_policy_name`) is used as a prefix"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "intermediate_policy_statements" {
|
|
description = "A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) - used for adding specific IAM permissions as needed"
|
|
type = any
|
|
default = []
|
|
}
|
|
|
|
variable "intermediate_role_policies" {
|
|
description = "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
|
|
type = map(string)
|
|
default = {}
|
|
}
|