List of subnet ids to be used for launching EKS cluster
list(string)
n/a
yes
kms_deletion_window_in_days
Days after which KMS key to be deleted
number
30
no
kms_enable_key_rotation
Whether to enable automatic key rotation
bool
false
no
eks_version
Version of EKS cluster
string
""
no
enable_private_access
Whether to enable private access of EKS cluster
bool
true
no
enable_public_access
Whether to allow EKS cluster to be accessed publicly
bool
false
no
public_cidrs
List of CIDRs to be whitelisted if allowing public access
list(string)
[ "0.0.0.0/0" ]
no
eks_log_types
List of logs to be enabled for EKS cluster. These logs will be stored in CloudWatch Log Group. Valid values: api, audit, authenticator, controllerManager, scheduler
list(string)
[]
no
create_oidc_provider
Whether to create custom IAM OIDC provider for EKS cluster
bool
false
no
security_group_ids
List of security group IDs to associate with EKS cluster
list(string)
null
no
tags
Map of key value pair to associate with EKS cluster
map(string)
{}
no
Outputs
Name
Description
endpoint
Endpoint of EKS cluster
id
Name of EKS cluster
arn
ARN of EKS cluster
ca_data
Certificate data of EKS cluster in base64 format
oidc_url
Issuer URL for the OpenID Connect identity provider
sg_id
ID of security group created and attached to EKS cluster
role_name
Name of IAM role created for EKS cluster
role_arn
ARN of IAM role created for EKS cluster
kms_key_arn
ARN of KMS key created for encrypting K8s secrets
kms_key_alias
Alias of KMS key created for encrypting K8s secrets
status
Status of EKS cluster. Valid values: CREATING, ACTIVE, DELETING, FAILED
oidc_provider_arn
ARN of IAM OIDC provider for EKS cluster
Steps to generate initial kubeconfig
Run aws --version to ensure you have atleast 1.18.17 version installed
Run aws eks --region region-code update-kubeconfig --name cluster-name to generate initial kubeconfig file. Optionally, you can even pass --profile to use custom AWS profile for authentication and --kubeconfig to generate file with custom name and path. Note: You need to run this command using the same user identity using which the cluster was created