/terraform-aws-eks-auth

A Terraform module to manage cluster authentication (aws-auth) for an Elastic Kubernetes (EKS) cluster on AWS.

Primary LanguageHCLApache License 2.0Apache-2.0

Pre-Commit cookiecutter-tf-module StandWithUkraine

terraform-aws-eks-auth

A Terraform module to manage cluster authentication for an Elastic Kubernetes (EKS) cluster on AWS.

Assumptions

Usage

The map_roles, map_users, and map_accounts will be merged with the managed node group and fargate profile roles and added to the aws-auth configmap.

module "eks" {
  source = "terraform-aws-modules/eks/aws"
  # insert the 15 required variables here
}

module "eks_auth" {
  source = "aidanmelen/eks-auth/aws"
  eks    = module.eks

  map_roles = [
    {
      rolearn  = "arn:aws:iam::66666666666:role/role1"
      username = "role1"
      groups   = ["system:masters"]
    },
  ]

  map_users = [
    {
      userarn  = "arn:aws:iam::66666666666:user/user1"
      username = "user1"
      groups   = ["system:masters"]
    },
    {
      userarn  = "arn:aws:iam::66666666666:user/user2"
      username = "user2"
      groups   = ["system:masters"]
    },
  ]

  map_accounts = [
    "777777777777",
    "888888888888",
  ]
}

Please see the complete example for more information.

Requirements

Name Version
terraform >= 0.13.1
http >= 2.4.1
kubectl >= 1.13.1

Providers

Name Version
http >= 2.4.1
kubectl >= 1.13.1

Modules

No modules.

Resources

Name Type
kubectl_manifest.aws_auth resource
http_http.wait_for_cluster data source

Inputs

Name Description Type Default Required
eks The outputs from the terraform-aws-modules/terraform-aws-eks module. any n/a yes
map_accounts Additional AWS account numbers to add to the aws-auth configmap. list(string) [] no
map_roles Additional IAM roles to add to the aws-auth configmap. 
list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))
 [] no
map_users Additional IAM users to add to the aws-auth configmap. 
list(object({
    userarn  = string
    username = string
    groups   = list(string)
  }))
 [] no
wait_for_cluster_timeout A timeout (in seconds) to wait for cluster to be available. number 300 no

Outputs

Name Description
aws_auth_configmap_yaml Formatted yaml output for aws-auth configmap.
map_accounts The aws-auth map accounts.
map_roles The aws-auth map roles merged with the eks managed node group, self managed node groups and fargate profile roles.
map_users The aws-auth map users.

License

Apache 2 Licensed. See LICENSE for full details.