Skip to content

Latest commit

 

History

History

complete

README.md

Complete Example

Grant access to the AWS EKS cluster by patching the already existing aws-auth configmap with the map_roles, map_user and map_accounts.

ℹ️ The aws-auth configmap will already exist when the AWS EKS cluster is created with managed node groups or fargate profiles. So this module will patch the configmap with terraform.

locals {
  name = "ex-${replace(basename(path.cwd), "_", "-")}"
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = ">= 18.0.0"

  cluster_name    = local.name
  cluster_version = "1.21"

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  self_managed_node_groups = {
    boo = {
      instance_type = "t3.medium"
      instance_market_options = {
        market_type = "spot"
      }
    }
  }

  eks_managed_node_groups = {
    foo = {}
  }

  fargate_profiles = {
    bar = {
      selectors = [
        {
          namespace = "bar"
        }
      ]
    }
  }
}

module "eks_auth" {
  source = "../../"
  eks    = module.eks

  map_roles = [
    {
      rolearn  = "arn:aws:iam::66666666666:role/role1"
      username = "role1"
      groups   = ["system:masters"]
    },
  ]

  map_users = [
    {
      userarn  = "arn:aws:iam::66666666666:user/user1"
      username = "user1"
      groups   = ["system:masters"]
    },
    {
      userarn  = "arn:aws:iam::66666666666:user/user2"
      username = "user2"
      groups   = ["system:masters"]
    },
  ]

  map_accounts = [
    "777777777777",
    "888888888888",
  ]
}

Running this module manually

  1. Install Terraform and make sure it's on your PATH.
  2. Run terraform init.
  3. Run terraform apply.
  4. When you're done, run terraform destroy.

Running automated tests against this module

  1. Install Terraform and make sure it's on your PATH.
  2. Install Golang and make sure this code is checked out into your GOPATH.
  3. cd test
  4. go test terraform_complete_test.go -v

Requirements

Name Version
terraform >= 0.14.8
aws >= 3.72
kubernetes >= 2.10.0

Providers

Name Version
aws >= 3.72

Modules

Name Source Version
eks terraform-aws-modules/eks/aws >= 18.0.0
eks_auth ../../ n/a
vpc terraform-aws-modules/vpc/aws ~> 3.0

Resources

Name Type
aws_eks_cluster.cluster data source
aws_eks_cluster_auth.cluster data source

Inputs

Name Description Type Default Required
aws_region The AWS Region string "us-west-2" no

Outputs

Name Description
fargate_profile_iam_role_arn The Amazon Resource Name (ARN) of the EKS Fargate Profile
managed_node_group_iam_role_arn The Amazon Resource Name (ARN) specifying the IAM role for the managed node group
map_accounts The aws-auth map accounts
map_roles The aws-auth map roles merged with the eks cluster node group and fargate profile roles
map_users The aws-auth map users
self_managed_node_group_iam_role_arn The Amazon Resource Name (ARN) specifying the IAM role for the self managed node group