diff --git a/aws/cluster/README.md b/aws/cluster/README.md
index 55ce08a..676bc78 100644
--- a/aws/cluster/README.md
+++ b/aws/cluster/README.md
@@ -95,6 +95,8 @@ module "cluster" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [auth\_mode](#input\_auth\_mode) | Authentiation mode associated with the cluster Access config | `string` | `"API_AND_CONFIG_MAP"` | no |
+| [bootstrap\_cluster\_creator\_admin\_permission](#input\_bootstrap\_cluster\_creator\_admin\_permission) | Bootstrap access config values to the cluster | `bool` | `false` | no |
| [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | `[]` | no |
| [endpoint\_private\_access](#input\_endpoint\_private\_access) | Enables the Amazon EKS private API server endpoint. | `bool` | `false` | no |
| [endpoint\_public\_access](#input\_endpoint\_public\_access) | Enables the Amazon EKS public API server endpoint. | `bool` | `true` | no |
diff --git a/aws/cluster/main.tf b/aws/cluster/main.tf
index d7222ee..28a5fb6 100644
--- a/aws/cluster/main.tf
+++ b/aws/cluster/main.tf
@@ -16,16 +16,18 @@ module "network" {
module "eks_cluster" {
source = "./modules/eks-cluster"
- enabled_cluster_log_types = var.enabled_cluster_log_types
- endpoint_private_access = var.endpoint_private_access
- endpoint_public_access = var.endpoint_public_access
- k8s_version = var.k8s_version
- log_retention_in_days = var.log_retention_in_days
- name = module.cluster_name.full
- private_subnet_ids = module.network.private_subnet_ids
- public_subnet_ids = module.network.public_subnet_ids
- tags = var.tags
- vpc = module.network.vpc
+ auth_mode = var.auth_mode
+ bootstrap_cluster_creator_admin_permission = var.bootstrap_cluster_creator_admin_permission
+ enabled_cluster_log_types = var.enabled_cluster_log_types
+ endpoint_private_access = var.endpoint_private_access
+ endpoint_public_access = var.endpoint_public_access
+ k8s_version = var.k8s_version
+ log_retention_in_days = var.log_retention_in_days
+ name = module.cluster_name.full
+ private_subnet_ids = module.network.private_subnet_ids
+ public_subnet_ids = module.network.public_subnet_ids
+ tags = var.tags
+ vpc = module.network.vpc
depends_on = [module.node_role]
}
diff --git a/aws/cluster/modules/eks-cluster/README.md b/aws/cluster/modules/eks-cluster/README.md
index 91cf1a7..9e96667 100644
--- a/aws/cluster/modules/eks-cluster/README.md
+++ b/aws/cluster/modules/eks-cluster/README.md
@@ -31,6 +31,8 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [auth\_mode](#input\_auth\_mode) | Authentiation mode associated with the cluster Access config | `string` | `"API_AND_CONFIG_MAP"` | no |
+| [bootstrap\_cluster\_creator\_admin\_permission](#input\_bootstrap\_cluster\_creator\_admin\_permission) | Bootstrap access config values to the cluster | `bool` | `false` | no |
| [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | [
"api",
"audit"
]
| no |
| [endpoint\_private\_access](#input\_endpoint\_private\_access) | Enables the Amazon EKS private API server endpoint. | `bool` | `false` | no |
| [endpoint\_public\_access](#input\_endpoint\_public\_access) | Enables the Amazon EKS public API server endpoint. | `bool` | `true` | no |
diff --git a/aws/cluster/modules/eks-cluster/main.tf b/aws/cluster/modules/eks-cluster/main.tf
index bc51f4b..6c8dcc6 100644
--- a/aws/cluster/modules/eks-cluster/main.tf
+++ b/aws/cluster/modules/eks-cluster/main.tf
@@ -9,6 +9,11 @@ resource "aws_eks_cluster" "this" {
tags = var.tags
version = var.k8s_version
+ access_config {
+ authentication_mode = var.auth_mode
+ bootstrap_cluster_creator_admin_permissions = var.bootstrap_cluster_creator_admin_permission
+ }
+
vpc_config {
security_group_ids = [aws_security_group.control_plane.id]
subnet_ids = concat(var.private_subnet_ids, var.public_subnet_ids)
diff --git a/aws/cluster/modules/eks-cluster/variables.tf b/aws/cluster/modules/eks-cluster/variables.tf
index 015e5ae..b1373fc 100644
--- a/aws/cluster/modules/eks-cluster/variables.tf
+++ b/aws/cluster/modules/eks-cluster/variables.tf
@@ -1,3 +1,15 @@
+variable "auth_mode" {
+ type = string
+ description = "Authentiation mode associated with the cluster Access config"
+ default = "API_AND_CONFIG_MAP"
+}
+
+variable "bootstrap_cluster_creator_admin_permission" {
+ type = bool
+ description = "Bootstrap access config values to the cluster"
+ default = false
+}
+
variable "enabled_cluster_log_types" {
type = list(string)
default = ["api", "audit"]
diff --git a/aws/cluster/variables.tf b/aws/cluster/variables.tf
index f2818dc..c5823ab 100644
--- a/aws/cluster/variables.tf
+++ b/aws/cluster/variables.tf
@@ -1,3 +1,15 @@
+variable "auth_mode" {
+ type = string
+ description = "Authentiation mode associated with the cluster Access config"
+ default = "API_AND_CONFIG_MAP"
+}
+
+variable "bootstrap_cluster_creator_admin_permission" {
+ type = bool
+ description = "Bootstrap access config values to the cluster"
+ default = false
+}
+
variable "enabled_cluster_log_types" {
type = list(string)
default = []