The terraform-aws-modules/eks/aws
v.18.20.0 release has brought back support aws-auth
configmap! For this reason, I highly encourage users to manage the aws-auth
configmap with the EKS module.
I am planning to archive this repo on May 1st, 2022. You are welcome to open an issue here if you are having trouble with the migration steps below and will do my best to help.
- Remove the
aidanmelen/eks-auth/aws
declaration for your terraform code. - Remove the
aidanmelen/eks-auth/aws
resources from terraform state.
- The
aws-auth
configmap should still exist on the cluster but will no longer be managed by this module. - A plan should show that there are no infrastructure changes to the EKS cluster.
- Upgrade the version of the EKS module:
version = ">= v18.20.0"
- Configure the
terraform-aws-modules/eks/aws
withmanage_aws_auth_configmap = true
. This version of the EKS module uses the newkubernetes_config_map_v1_data
resource to patchaws-auth
configmap data (just like the v1.0.0 version of this module). - Plan and Apply.
- The
aws-auth
configmap should now be managed by the EKS module.
Please see the complete example for more information.
A Terraform module to manage cluster authentication for an Elastic Kubernetes (EKS) cluster on AWS.
- You are using the terraform-aws-eks module.
Grant access to the AWS EKS cluster by adding map_roles
, map_user
or map_accounts
to the aws-auth
configmap.
module "eks" {
source = "terraform-aws-modules/eks/aws"
# insert the 15 required variables here
}
module "eks_auth" {
source = "aidanmelen/eks-auth/aws"
eks = module.eks
map_roles = [
{
rolearn = "arn:aws:iam::66666666666:role/role1"
username = "role1"
groups = ["system:masters"]
},
]
map_users = [
{
userarn = "arn:aws:iam::66666666666:user/user1"
username = "user1"
groups = ["system:masters"]
},
{
userarn = "arn:aws:iam::66666666666:user/user2"
username = "user2"
groups = ["system:masters"]
},
]
map_accounts = [
"777777777777",
"888888888888",
]
}
Please see the complete example for more information.
Name | Version |
---|---|
terraform | >= 0.14.8 |
http | >= 2.4.1 |
kubernetes | >= 2.10.0 |
Name | Version |
---|---|
http | >= 2.4.1 |
kubernetes | >= 2.10.0 |
No modules.
Name | Type |
---|---|
kubernetes_config_map_v1.aws_auth | resource |
kubernetes_config_map_v1_data.aws_auth | resource |
http_http.wait_for_cluster | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
eks | The outputs from the terraform-aws-modules/terraform-aws-eks module. |
any |
n/a | yes |
map_accounts | Additional AWS account numbers to add to the aws-auth configmap. | list(string) |
[] |
no |
map_roles | Additional IAM roles to add to the aws-auth configmap. | list(object({ |
[] |
no |
map_users | Additional IAM users to add to the aws-auth configmap. | list(object({ |
[] |
no |
wait_for_cluster_timeout | A timeout (in seconds) to wait for cluster to be available. | number |
300 |
no |
Name | Description |
---|---|
aws_auth_configmap_yaml | Formatted yaml output for aws-auth configmap. |
map_accounts | The aws-auth map accounts. |
map_roles | The aws-auth map roles merged with the eks managed node group, self managed node groups and fargate profile roles. |
map_users | The aws-auth map users. |
Apache 2 Licensed. See LICENSE for full details.