Last active
February 27, 2021 13:42
-
-
Save NassK/d40674f227aa0377418c091a65ebec74 to your computer and use it in GitHub Desktop.
Terraform EKS cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Step 2: Configuring the EKS cluster | |
| resource "aws_eks_cluster" "cluster" { # Here we create the EKS cluster itself. | |
| name = var.cluster_name | |
| role_arn = aws_iam_role.eks_cluster.arn # The cluster needs an IAM role to gain some permission over your AWS account | |
| vpc_config { | |
| subnet_ids = concat(module.vpc.public_subnets, module.vpc.private_subnets) # We pass all 6 subnets (public and private ones). Retrieved from the AWS module before. | |
| endpoint_public_access = true # The cluster will have a public endpoint. We will be able to call it from the public internet. | |
| } | |
| enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] # We enable control plane components logging against Amazon Cloudwatch log group. | |
| # Ensure that IAM Role permissions are handled before the EKS Cluster. | |
| depends_on = [ | |
| aws_iam_role_policy_attachment.policy-AmazonEKSClusterPolicy, | |
| aws_iam_role_policy_attachment.policy-AmazonEKSVPCResourceController, | |
| aws_cloudwatch_log_group.eks_cluster_control_plane_components | |
| ] | |
| } | |
| resource "aws_iam_role" "eks_cluster" { | |
| name = "${var.cluster_name}_role" | |
| assume_role_policy = jsonencode({ | |
| Statement = [{ | |
| Action = "sts:AssumeRole" | |
| Effect = "Allow" | |
| Principal = { | |
| Service = "eks.amazonaws.com" | |
| } | |
| }] | |
| Version = "2012-10-17" | |
| }) | |
| } | |
| resource "aws_iam_role_policy_attachment" "policy-AmazonEKSClusterPolicy" { | |
| policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" | |
| role = aws_iam_role.eks_cluster.name | |
| } | |
| resource "aws_iam_role_policy_attachment" "policy-AmazonEKSVPCResourceController" { | |
| policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" | |
| role = aws_iam_role.eks_cluster.name | |
| } | |
| resource "aws_cloudwatch_log_group" "eks_cluster_control_plane_components" { # To log control plane components | |
| name = "/aws/eks/${var.cluster_name}/cluster" | |
| retention_in_days = 7 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "region" { | |
| description = "The AWS region" | |
| default = "eu-west-1" | |
| } | |
| variable "cluster_name" { | |
| description = "The name of the Amazon EKS cluster." | |
| default = "my-eks-cluster" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment