Merge pull request #154 from Ensono/feat/bump-aws-6

feat: upgrades aws modules to the 6.x aws provider

Author: ElvenSpellmaker

aws/modules/infrastructure_modules/container_registry/examples/main.tf

@@ -22,4 +22,6 @@ module "ecr_repositories" {
   max_tagged_image_count = 100
 
   enable_registry_scanning = true
+
+  tags = {}
 }

aws/modules/infrastructure_modules/container_registry/main.tf

@@ -3,7 +3,7 @@ module "ecr" {
   for_each = toset(concat(var.repositories, flatten([for k, v in var.pull_through_cache_setup : [for v in v.images : "${k}/${v}"]])))
 
   source  = "terraform-aws-modules/ecr/aws"
-  version = "1.6.0"
+  version = "3.0.0"
 
   create_repository = true
 
@@ -81,7 +81,7 @@ module "ecr_pull_through_cache" {
   count = length(var.pull_through_cache_setup) > 0 ? 1 : 0
 
   source  = "terraform-aws-modules/ecr/aws"
-  version = "1.6.0"
+  version = "3.0.0"
 
   create_repository = false
 
@@ -103,7 +103,7 @@ module "ecr_registry_scanning_rules" {
   count = var.enable_registry_scanning ? 1 : 0
 
   source  = "terraform-aws-modules/ecr/aws"
-  version = "1.6.0"
+  version = "3.0.0"
 
   create_repository = false
 
@@ -112,8 +112,13 @@ module "ecr_registry_scanning_rules" {
   registry_scan_rules = [
     {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "*"
-      filter_type    = "WILDCARD"
+
+      filter = [
+        {
+          filter      = "*"
+          filter_type = "WILDCARD"
+        },
+      ]
     }
   ]
 

aws/modules/infrastructure_modules/container_registry/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "> 5.0"
+      version = ">= 6.0"
     }
   }
 }

aws/modules/infrastructure_modules/eks/eks-cluster.tf renamed to aws/modules/infrastructure_modules/eks/eks_cluster.tf

@@ -17,44 +17,36 @@ module "eks_kms_key" {
 #############
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.19"
+  version = "~> 21.0.9"
 
-  vpc_id                          = var.vpc_id
-  subnet_ids                      = var.vpc_private_subnets
-  cluster_name                    = var.cluster_name
-  cluster_version                 = var.cluster_version
-  enable_irsa                     = true
-  cluster_endpoint_private_access = var.cluster_endpoint_private_access
-  cluster_endpoint_public_access  = var.cluster_endpoint_public_access
+  vpc_id                  = var.vpc_id
+  subnet_ids              = var.vpc_private_subnets
+  name                    = var.cluster_name
+  kubernetes_version      = var.cluster_version
+  enable_irsa             = true
+  endpoint_private_access = var.cluster_endpoint_private_access
+  endpoint_public_access  = var.cluster_endpoint_public_access
 
-  cluster_security_group_additional_rules = var.cluster_security_group_additional_rules
+  security_group_additional_rules = var.cluster_security_group_additional_rules
 
   node_security_group_additional_rules         = var.node_security_group_additional_rules
   node_security_group_enable_recommended_rules = var.node_security_group_enable_recommended_rules
 
-  cluster_enabled_log_types = var.cluster_enabled_log_types
+  enabled_log_types = var.cluster_enabled_log_types
 
-  cluster_addons = local.cluster_addons
+  addons = local.cluster_addons
 
   create_kms_key         = var.create_kms_key
   kms_key_administrators = var.trusted_role_arn == "" ? [] : ["${data.aws_caller_identity.this.arn}", "${var.trusted_role_arn}"]
 
-  cluster_encryption_config = {
+  encryption_config = {
     resources        = ["secrets"]
     provider_key_arn = module.eks_kms_key.arn
   }
 
   authentication_mode                      = "API_AND_CONFIG_MAP"
   enable_cluster_creator_admin_permissions = var.cluster_creator_admin_permissions
 
-  eks_managed_node_group_defaults = {
-    disk_size             = 50
-    block_device_mappings = var.block_device_mappings
-    placement = {
-      tenancy = var.eks_node_tenancy
-    }
-  }
-
   eks_managed_node_groups = local.eks_managed_node_groups
 
   tags = var.tags

aws/modules/infrastructure_modules/eks/examples/main.tf

@@ -24,7 +24,6 @@ module "eks" {
 
   # EKS Cluster Configuration
   cluster_name                    = "example-cluster"
-  cluster_version                 = "1.27"
   eks_desired_nodes               = 1
   eks_node_size                   = "t3.small"
   cluster_endpoint_public_access  = true

aws/modules/infrastructure_modules/eks/locals.tf

@@ -11,7 +11,19 @@ locals {
     )
   } : {}
 
-  cluster_addons = merge(local.cluster_container_insights_addon)
+  cluster_addons = merge(
+    {
+      coredns = {}
+      eks-pod-identity-agent = {
+        before_compute = true
+      }
+      kube-proxy = {}
+      vpc-cni = {
+        before_compute = true
+      }
+    },
+    local.cluster_container_insights_addon,
+  )
 
   eks_bootstrap_extra_args = <<-EOT
   [settings.kernel]
@@ -51,7 +63,6 @@ locals {
 
   eks_bottlerocket_base_node_config = {
     ami_type        = "BOTTLEROCKET_x86_64"
-    platform        = "bottlerocket"
     use_name_prefix = true
     ebs_optimized   = true
 
@@ -79,6 +90,14 @@ locals {
         iam_role_arn    = local.create_node_iam_role ? aws_iam_role.node["general-${v}"].arn : null # As
         subnet_ids      = [var.vpc_private_subnets[k]]
 
+        # `disk_size` is ignored by Bottlerocket at this time...
+        # disk_size             = 50
+        block_device_mappings = var.block_device_mappings
+
+        placement = {
+          tenancy = var.eks_node_tenancy
+        }
+
         instance_types = [var.eks_node_size]
       }
     )

aws/modules/infrastructure_modules/eks/variables.tf

@@ -29,7 +29,7 @@ variable "cluster_version" {
   type        = string
   description = "Cluster Kubernetes Version"
 
-  default = 1.30
+  default = 1.32
 }
 
 variable "cluster_endpoint_private_access" {
@@ -73,7 +73,7 @@ variable "cluster_addon_container_insights_config" {
   description = "The configuration for the Container Insights Addon 'amazon-cloudwatch-observability'. Addon version is is tied to the Kubernetes Version. See: `aws eks describe-addon-versions --kubernetes-version <version> --addon-name 'amazon-cloudwatch-observability'` for available versions"
 
   default = {
-    addon_version = "v1.8.0-eksbuild.1"
+    addon_version = "v4.3.0-eksbuild.1"
   }
 }
 

aws/modules/infrastructure_modules/eks/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.0"
     }
   }
 }

aws/modules/infrastructure_modules/eks_irsa/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.0"
     }
   }
 }