From 7eedafd5ec51e2cb02014464133220594e882f80 Mon Sep 17 00:00:00 2001 From: bottkars Date: Mon, 8 May 2023 09:40:20 +0200 Subject: [PATCH] updated dokus. eks preview --- terraforming-aws/README.md | 42 +++++++--- terraforming-aws/cr_variables.tf | 21 ++++- terraforming-aws/eks_variables.tf | 10 +++ terraforming-aws/main.tf | 47 +++++++++-- terraforming-aws/modules/ave/ave.tf | 4 + .../modules/ddve/atos_bucket_iam.tf | 17 ++-- terraforming-aws/modules/ddve/ddve.tf | 6 +- terraforming-aws/modules/ddve/sg.tf | 1 + terraforming-aws/modules/ddve/variables.tf | 59 +++++++------ terraforming-aws/modules/eks/eks-cluster.tf | 82 +++++++++++++++++++ terraforming-aws/modules/eks/eks-workers.tf | 58 +++++++++++++ terraforming-aws/modules/eks/variables.tf | 27 ++++++ terraforming-aws/modules/networks/subnets.tf | 4 +- .../modules/networks/variables.tf | 5 ++ terraforming-aws/modules/networks/vpc.tf | 2 +- terraforming-aws/modules/ppdm/ppdm.tf | 8 +- terraforming-aws/variables.tf | 17 +++- 17 files changed, 349 insertions(+), 61 deletions(-) create mode 100644 terraforming-aws/eks_variables.tf create mode 100644 terraforming-aws/modules/eks/eks-cluster.tf create mode 100644 terraforming-aws/modules/eks/eks-workers.tf create mode 100644 terraforming-aws/modules/eks/variables.tf diff --git a/terraforming-aws/README.md b/terraforming-aws/README.md index f7c578c..e6881e4 100644 --- a/terraforming-aws/README.md +++ b/terraforming-aws/README.md @@ -6,6 +6,7 @@ Instance Sizes and Disk Count/Size will be automatically evaluated my specifying Individual Modules will be called from main by evaluating Variables +## Requirements ## Requirements | Name | Version | @@ -15,6 +16,10 @@ Individual Modules will be called from main by evaluating Variables | [random](#requirement\_random) | ~> 3.1 | | [tls](#requirement\_tls) | ~> 3.1 | +## Providers + +No providers. + ## Modules | Name | Source | Version | @@ -23,8 +28,10 @@ Individual Modules will be called from main by evaluating Variables | [bastion](#module\_bastion) | ./modules/bastion | n/a | | [cr](#module\_cr) | ./modules/cr | n/a | | [crs\_client\_vpn](#module\_crs\_client\_vpn) | ./modules/client_vpn | n/a | +| [crs\_networks](#module\_crs\_networks) | ./modules/networks | n/a | | [crs\_s2s\_vpn](#module\_crs\_s2s\_vpn) | ./modules/s2s_vpn | n/a | | [ddve](#module\_ddve) | ./modules/ddve | n/a | +| [eks](#module\_eks) | ./modules/eks | n/a | | [networks](#module\_networks) | ./modules/networks | n/a | | [ppdm](#module\_ppdm) | ./modules/ppdm | n/a | | [s2s\_vpn](#module\_s2s\_vpn) | ./modules/s2s_vpn | n/a | @@ -47,15 +54,19 @@ No resources. | [create\_ave](#input\_create\_ave) | Do you want to create an AVE | `bool` | `false` | no | | [create\_bastion](#input\_create\_bastion) | Do you want to create an PPDM | `bool` | `false` | no | | [create\_crs\_client\_vpn](#input\_create\_crs\_client\_vpn) | Do you want to create a Cyber Vault | `bool` | `false` | no | +| [create\_crs\_networks](#input\_create\_crs\_networks) | Do you want to create a VPC | `bool` | `false` | no | | [create\_crs\_s2s\_vpn](#input\_create\_crs\_s2s\_vpn) | Do you want to create a Cyber Vault | `bool` | `false` | no | | [create\_networks](#input\_create\_networks) | Do you want to create a VPC | `bool` | `false` | no | | [create\_s2s\_vpn](#input\_create\_s2s\_vpn) | Do you want to create a Site 2 Site VPN for default VPN Device ( e.g. UBNT-UDM Pro) | `bool` | `false` | no | | [create\_vault](#input\_create\_vault) | Do you want to create a Cyber Vault | `bool` | `false` | no | +| [crs\_environment](#input\_crs\_environment) | will be added to many Resource Names / Tags, should be in lower case, abc123 and - | `string` | `"crs"` | no | | [crs\_open\_sesame](#input\_crs\_open\_sesame) | open 2051 to vault for creating replication context | `bool` | `false` | no | | [crs\_private\_route\_table](#input\_crs\_private\_route\_table) | Private Routing table for S2S VPN | `string` | `""` | no | +| [crs\_private\_subnets\_cidr](#input\_crs\_private\_subnets\_cidr) | cidr of the private subnets cidrs when creating the vpc | `list(any)` | n/a | yes | +| [crs\_public\_subnets\_cidr](#input\_crs\_public\_subnets\_cidr) | cidr of the public subnets cidrs when creating the vpc | `list(any)` | n/a | yes | | [crs\_subnet\_id](#input\_crs\_subnet\_id) | n/a | `any` | n/a | yes | | [crs\_tunnel1\_preshared\_key](#input\_crs\_tunnel1\_preshared\_key) | the preshared key for teh vpn tunnel when deploying S2S VPN | `string` | `""` | no | -| [crs\_vpc\_cidr\_block](#input\_crs\_vpc\_cidr\_block) | n/a | `any` | n/a | yes | +| [crs\_vpc\_cidr](#input\_crs\_vpc\_cidr) | n/a | `any` | n/a | yes | | [crs\_vpc\_id](#input\_crs\_vpc\_id) | id of the vpc when using existing networks/vpc | `string` | `""` | no | | [crs\_vpn\_destination\_cidr\_blocks](#input\_crs\_vpn\_destination\_cidr\_blocks) | the cidr blocks as string !!! for the destination route in you local network, when s2s\_vpn is deployed | `string` | `"[]"` | no | | [crs\_wan\_ip](#input\_crs\_wan\_ip) | The IP of your VPN Device if S2S VPN | `any` | n/a | yes | @@ -63,16 +74,19 @@ No resources. | [ddve\_type](#input\_ddve\_type) | DDVE Type, can be: '16 TB DDVE', '32 TB DDVE', '96 TB DDVE', '256 TB DDVE' | `string` | `"16 TB DDVE"` | no | | [ddve\_version](#input\_ddve\_version) | DDVE Version, can be: '7.10.0.0', '7.7.4.0', '7.9.0.0' | `string` | `"7.10.0.0"` | no | | [default\_sg\_id](#input\_default\_sg\_id) | id of default security group when using existing networks | `any` | `null` | no | +| [eks\_cluster\_name](#input\_eks\_cluster\_name) | the name ( prefix ) of the eks cluster | `string` | `"tfeks"` | no | +| [eks\_count](#input\_eks\_count) | the cout of eks clusters | `number` | `0` | no | | [environment](#input\_environment) | will be added to many Resource Names / Tags, should be in lower case, abc123 and - | `any` | n/a | yes | | [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | Machines to allow ingress, other than default SG ingress | `list(any)` | 
[
  "0.0.0.0/0"
]
| no | | [ppdm\_count](#input\_ppdm\_count) | Do you want to create an PPDM | `number` | `0` | no | -| [ppdm\_version](#input\_ppdm\_version) | VERSION Version, can be: '19.12', '19.13' | `string` | `"19.13"` | no | +| [ppdm\_version](#input\_ppdm\_version) | VERSION Version, can be: '19.12.0', '19.13.0' | `string` | `"19.13.0"` | no | | [private\_route\_table](#input\_private\_route\_table) | Private Routing table for S2S VPN | `string` | `""` | no | | [private\_subnets\_cidr](#input\_private\_subnets\_cidr) | cidr of the private subnets cidrs when creating the vpc | `list(any)` | n/a | yes | -| [public\_subnets\_cidr](#input\_public\_subnets\_cidr) | cidr of the public subnets cidrs when creating the vpc | `list(any)` | n/a | yes | +| [public\_subnets\_cidr](#input\_public\_subnets\_cidr) | cidr of the public subnets cidrs when creating the vpc. Public Cidr´(s) are most likely used for Bastion´s | `list(any)` | n/a | yes | | [region](#input\_region) | the region for deployment | `string` | n/a | yes | -| [subnet\_id](#input\_subnet\_id) | the subnet to deploy the machines in if vpc is not deployed automatically | `string` | `""` | no | -| [tags](#input\_tags) | Key/value tags to assign to all resources. | `map(string)` | `{}` | no | +| [subnet\_id](#input\_subnet\_id) | the subnet to deploy the machines in if vpc is not deployed automatically | `list(any)` | `[]` | no | +| [tags](#input\_tags) | Key/value tags to assign to resources. | `map(string)` | `{}` | no | +| [tags\_all](#input\_tags\_all) | Key/value for TopLevel Tagsntags to assign to all resources. | `map(string)` | `{}` | no | | [tunnel1\_preshared\_key](#input\_tunnel1\_preshared\_key) | the preshared key for teh vpn tunnel when deploying S2S VPN | `string` | `""` | no | | [vpc\_cidr](#input\_vpc\_cidr) | cidr of the vpc when creating the vpc | `any` | `null` | no | | [vpc\_id](#input\_vpc\_id) | id of the vpc when using existing networks/vpc | `string` | `""` | no | @@ -83,6 +97,7 @@ No resources. | Name | Description | |------|-------------| +| [PPDM\_FQDN](#output\_PPDM\_FQDN) | The private ip address for the DDVE Instance | | [atos\_bucket](#output\_atos\_bucket) | The S3 Bucket Name created for ATOS configuration | | [ave\_private\_ip](#output\_ave\_private\_ip) | The sprivate ip address for the AVE Instance | | [ave\_ssh\_private\_key](#output\_ave\_ssh\_private\_key) | The ssh private key for the AVE Instance | @@ -103,7 +118,6 @@ No resources. | [ddve\_ssh\_public\_key\_name](#output\_ddve\_ssh\_public\_key\_name) | The ssh public key name for the DDVE Instance | | [ppcr\_ssh\_private\_key](#output\_ppcr\_ssh\_private\_key) | The ssh private key for the DDVE Instance | | [ppdm\_instance\_id](#output\_ppdm\_instance\_id) | The instance id (initial password) for the DDVE Instance | -| [ppdm\_private\_ip](#output\_ppdm\_private\_ip) | The private ip address for the DDVE Instance | | [ppdm\_ssh\_private\_key](#output\_ppdm\_ssh\_private\_key) | The ssh private key for the DDVE Instance | | [ppdm\_ssh\_public\_key](#output\_ppdm\_ssh\_public\_key) | The ssh public key for the DDVE Instance | | [ppdm\_ssh\_public\_key\_name](#output\_ppdm\_ssh\_public\_key\_name) | The ssh public key name for the DDVE Instance | @@ -111,7 +125,6 @@ No resources. | [subnet\_ids](#output\_subnet\_ids) | The VPC subnet id´s | | [tunnel1\_address](#output\_tunnel1\_address) | The address for the VPN tunnel to configure your local device | | [vpc\_id](#output\_vpc\_id) | The VPC id | - ## Usage clone into the repo ```bash @@ -140,15 +153,19 @@ aws_profile = "" create_ave = false create_bastion = false create_crs_client_vpn = false +create_crs_networks = false create_crs_s2s_vpn = false create_networks = false create_s2s_vpn = false create_vault = false +crs_environment = "crs" crs_open_sesame = false crs_private_route_table = "" +crs_private_subnets_cidr = "" +crs_public_subnets_cidr = "" crs_subnet_id = "" crs_tunnel1_preshared_key = "" -crs_vpc_cidr_block = "" +crs_vpc_cidr = "" crs_vpc_id = "" crs_vpn_destination_cidr_blocks = "[]" crs_wan_ip = "" @@ -156,23 +173,26 @@ ddve_count = false ddve_type = "16 TB DDVE" ddve_version = "7.10.0.0" default_sg_id = "" +eks_cluster_name = "tfeks" +eks_count = 0 environment = "" ingress_cidr_blocks = [ "0.0.0.0/0" ] ppdm_count = 0 -ppdm_version = "19.13" +ppdm_version = "19.13.0" private_route_table = "" private_subnets_cidr = "" public_subnets_cidr = "" region = "" -subnet_id = "" +subnet_id = [] tags = {} +tags_all = {} tunnel1_preshared_key = "" vpc_cidr = "" vpc_id = "" vpn_destination_cidr_blocks = "[]" -wan_ip = "" +wan_ip ``` initialize Terraform Providers and Modules diff --git a/terraforming-aws/cr_variables.tf b/terraforming-aws/cr_variables.tf index 32385b8..f552922 100644 --- a/terraforming-aws/cr_variables.tf +++ b/terraforming-aws/cr_variables.tf @@ -23,7 +23,14 @@ variable "crs_vpc_id" { } variable "crs_subnet_id" {} - +variable "crs_environment" { + default = "crs" + description = "will be added to many Resource Names / Tags, should be in lower case, abc123 and -" + validation { + condition = can(regex("^([a-z0-9-]{3,7})$", var.crs_environment)) + error_message = "Variable environment must be 3 to 7 chars a-z, 0-9, - ." + } +} variable "crs_vpn_destination_cidr_blocks" { type = string default = "[]" @@ -37,10 +44,20 @@ variable "crs_tunnel1_preshared_key" { description = "the preshared key for teh vpn tunnel when deploying S2S VPN" } -variable "crs_vpc_cidr_block" {} +variable "crs_vpc_cidr" {} variable "crs_open_sesame" { default = false description = "open 2051 to vault for creating replication context" +} + +variable "crs_public_subnets_cidr" { + type = list(any) + # type = list(string) + description = "cidr of the public subnets cidrs when creating the vpc" +} +variable "crs_private_subnets_cidr" { + type = list(any) + description = "cidr of the private subnets cidrs when creating the vpc" } \ No newline at end of file diff --git a/terraforming-aws/eks_variables.tf b/terraforming-aws/eks_variables.tf new file mode 100644 index 0000000..1850f4f --- /dev/null +++ b/terraforming-aws/eks_variables.tf @@ -0,0 +1,10 @@ +variable "eks_count" { + description = "the cout of eks clusters" + type = number + default= 0 +} +variable "eks_cluster_name" { + description = "the name ( prefix ) of the eks cluster" + type = string + default = "tfeks" +} \ No newline at end of file diff --git a/terraforming-aws/main.tf b/terraforming-aws/main.tf index 8d8082a..e6f2e82 100644 --- a/terraforming-aws/main.tf +++ b/terraforming-aws/main.tf @@ -20,7 +20,9 @@ provider "aws" { profile = var.aws_profile region = "eu-central-1" shared_credentials_files = ["/home/bottk/.aws/credentials"] - +# default_tags { +# tags = var.tags_all +# } } locals { @@ -28,6 +30,7 @@ locals { } module "networks" { + vpc_name = "${var.environment}-vpc" count = var.create_networks ? 1 : 0 // terraform >=0.13 only networks_instance = count.index source = "./modules/networks" @@ -63,7 +66,7 @@ module "ave" { environment = var.environment ave_name = var.AVE_HOSTNAME default_sg_id = var.create_networks ? module.networks[0].default_sg_id : var.default_sg_id - subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id + subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id[0] availability_zone = local.production_availability_zones[0] vpc_id = var.create_networks ? module.networks[0].vpc_id : var.vpc_id ingress_cidr_blocks = var.ingress_cidr_blocks @@ -82,7 +85,7 @@ module "ddve" { ddve_name = var.DDVE_HOSTNAME ddve_version = var.ddve_version default_sg_id = var.create_networks ? module.networks[0].default_sg_id : var.default_sg_id - subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id + subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id[0] availability_zone = local.production_availability_zones[0] vpc_id = var.create_networks ? module.networks[0].vpc_id : var.vpc_id ingress_cidr_blocks = var.ingress_cidr_blocks @@ -92,6 +95,23 @@ module "ddve" { ddve_type = var.ddve_type } +module "eks" { + count = var.eks_count > 0 ? var.eks_count : 0 + eks_instance = count.index + 1 + source = "./modules/eks" + environment = var.environment + depends_on = [module.networks] + eks_cluster_name = var.eks_cluster_name + default_sg_id = var.create_networks ? module.networks[0].default_sg_id : var.default_sg_id + subnet_id = var.create_networks ? module.networks[0].private_subnets_id[*] : var.subnet_id[*] + availability_zone = local.production_availability_zones[0] + vpc_id = var.create_networks ? module.networks[0].vpc_id : var.vpc_id + ingress_cidr_blocks = var.ingress_cidr_blocks + public_subnets_cidr = var.public_subnets_cidr + region = var.region + tags = var.tags +} + module "ppdm" { count = var.ppdm_count > 0 ? var.ppdm_count : 0 ppdm_instance = count.index + 1 @@ -101,7 +121,7 @@ module "ppdm" { ppdm_name = var.PPDM_HOSTNAME ppdm_version = var.ppdm_version default_sg_id = var.create_networks ? module.networks[0].default_sg_id : var.default_sg_id - subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id + subnet_id = var.create_networks ? module.networks[0].private_subnets_id[0] : var.subnet_id[0] availability_zone = local.production_availability_zones[0] vpc_id = var.create_networks ? module.networks[0].vpc_id : var.vpc_id ingress_cidr_blocks = var.ingress_cidr_blocks @@ -118,7 +138,7 @@ module "bastion" { depends_on = [module.networks] bastion_name = var.BASTION_HOSTNAME default_sg_id = var.create_networks ? module.networks[0].default_sg_id : var.default_sg_id - subnet_id = var.create_networks ? module.networks[0].public_subnets_id[0] : var.subnet_id + subnet_id = var.create_networks ? module.networks[0].public_subnets_id[0] : var.subnet_id[0] availability_zone = local.production_availability_zones[0] vpc_id = var.create_networks ? module.networks[0].vpc_id : var.vpc_id region = var.region @@ -151,13 +171,28 @@ module "crs_s2s_vpn" { } +module "crs_networks" { + vpc_name = "${var.crs_environment}_PPCR VPC" + count = var.create_crs_networks ? 1 : 0 // terraform >=0.13 only + is_crs = true + networks_instance = count.index + source = "./modules/networks" + region = var.region + environment = var.environment + vpc_cidr = var.crs_vpc_cidr + public_subnets_cidr = var.crs_public_subnets_cidr + private_subnets_cidr = var.crs_private_subnets_cidr + availability_zones = local.production_availability_zones + tags = var.tags +} + module "crs_client_vpn" { count = var.create_crs_client_vpn ? 1 : 0 // terraform >=0.13 only source = "./modules/client_vpn" depends_on = [module.networks, module.crs_s2s_vpn] vpc_id = var.crs_vpc_id subnet_id = var.crs_subnet_id - target_vpc_cidr_block = var.crs_vpc_cidr_block + target_vpc_cidr_block = var.crs_vpc_cidr // private_route_table = var.crs_private_route_table // wan_ip = var.wan_ip environment = "crs_${var.environment}" diff --git a/terraforming-aws/modules/ave/ave.tf b/terraforming-aws/modules/ave/ave.tf index 69873ae..fbcc709 100644 --- a/terraforming-aws/modules/ave/ave.tf +++ b/terraforming-aws/modules/ave/ave.tf @@ -62,6 +62,10 @@ resource "aws_instance" "ave" { Name = var.ave_name } ) + lifecycle { + prevent_destroy = true + ignore_changes = [tags,tags_all,ami] + } } diff --git a/terraforming-aws/modules/ddve/atos_bucket_iam.tf b/terraforming-aws/modules/ddve/atos_bucket_iam.tf index 3434fc3..84cf4b3 100644 --- a/terraforming-aws/modules/ddve/atos_bucket_iam.tf +++ b/terraforming-aws/modules/ddve/atos_bucket_iam.tf @@ -1,11 +1,11 @@ data "aws_iam_policy_document" "atos-bucket-policy" { statement { - sid = "AtosbucketPolicy" - effect = "Allow" + sid = "AtosbucketPolicy" + effect = "Allow" actions = ["s3:PutObject", - "s3:GetObject", - "s3:ListBucket", - "s3:DeleteObject"] + "s3:GetObject", + "s3:ListBucket", + "s3:DeleteObject"] resources = [ aws_s3_bucket.atos-bucket.arn, "${aws_s3_bucket.atos-bucket.arn}/*" @@ -18,8 +18,8 @@ resource "aws_iam_policy" "atos-bucket" { policy = data.aws_iam_policy_document.atos-bucket-policy.json tags = merge( var.tags, - { - "environment" = var.environment + { + "environment" = var.environment }, ) } @@ -34,10 +34,11 @@ resource "aws_iam_instance_profile" "atos-bucket" { role = aws_iam_role.atos-bucket.name lifecycle { - ignore_changes = [name] + ignore_changes = [tags, tags_all, name] } } + resource "aws_iam_role" "atos-bucket" { name = "${var.environment}-atos-bucket-${var.ddve_instance}" diff --git a/terraforming-aws/modules/ddve/ddve.tf b/terraforming-aws/modules/ddve/ddve.tf index 7758c23..0933aa5 100644 --- a/terraforming-aws/modules/ddve/ddve.tf +++ b/terraforming-aws/modules/ddve/ddve.tf @@ -41,7 +41,7 @@ data "aws_ami" "ddve" { resource "aws_instance" "ddve" { ami = data.aws_ami.ddve.id instance_type = local.ddve_size[var.ddve_type].instance_type - vpc_security_group_ids = ["${aws_security_group.ddve_sg.id}", var.default_sg_id] + vpc_security_group_ids = ["${aws_security_group.ddve_sg[0].id}", var.default_sg_id] associate_public_ip_address = false subnet_id = var.subnet_id key_name = aws_key_pair.ddve.key_name @@ -54,6 +54,10 @@ resource "aws_instance" "ddve" { root_block_device { delete_on_termination = true } + lifecycle { + # prevent_destroy = true + ignore_changes = [tags,tags_all,ami] + } } resource "aws_ebs_volume" "nvram" { diff --git a/terraforming-aws/modules/ddve/sg.tf b/terraforming-aws/modules/ddve/sg.tf index e735fec..bb6cf87 100644 --- a/terraforming-aws/modules/ddve/sg.tf +++ b/terraforming-aws/modules/ddve/sg.tf @@ -1,4 +1,5 @@ resource "aws_security_group" "ddve_sg" { + count = var.is_crs ? 0 : 1 name = "ddve_sg-${var.ddve_instance}" vpc_id = var.vpc_id ingress { diff --git a/terraforming-aws/modules/ddve/variables.tf b/terraforming-aws/modules/ddve/variables.tf index d9c3a31..8b87e73 100644 --- a/terraforming-aws/modules/ddve/variables.tf +++ b/terraforming-aws/modules/ddve/variables.tf @@ -3,6 +3,39 @@ variable "tags" { default = {} type = map(string) } +variable "environment" {} +variable "vpc_id" {} +variable "region" {} + +variable "availability_zone" {} +variable "ingress_cidr_blocks" { + type = list(any) + default = [""] +} +variable "subnet_id" {} +variable "public_subnets_cidr" { + type = list(any) + description = "cidr of the public subnets cidrs when creating the vpc" +} +variable "default_sg_id" {} + + +variable "ddve_type" {} +variable "ddve_name" { + type = string + default = "ddve_terraform" +} + +variable "ddve_instance" { + type = number +} +variable "ddve_version" { + default = "7.10.0.0" +} +variable "is_crs" { + type = bool + default = false +} variable "ec2_device_names" { default = [ "/dev/sdc", @@ -30,30 +63,4 @@ variable "ec2_device_names" { "/dev/sdy", "/dev/sdz", ] -} -variable "ddve_type" {} -variable "region" {} -variable "vpc_id" {} -variable "ddve_name" { - type = string - default = "ddve_terraform" -} -variable "environment" {} - -variable "availability_zone" {} -variable "ingress_cidr_blocks" { - type = list(any) - default = [""] -} -variable "public_subnets_cidr" { - type = list(any) - description = "cidr of the public subnets cidrs when creating the vpc" -} -variable "subnet_id" {} -variable "default_sg_id" {} -variable "ddve_instance" { - type = number -} -variable "ddve_version" { - default = "7.9.0.0" } \ No newline at end of file diff --git a/terraforming-aws/modules/eks/eks-cluster.tf b/terraforming-aws/modules/eks/eks-cluster.tf new file mode 100644 index 0000000..ae45352 --- /dev/null +++ b/terraforming-aws/modules/eks/eks-cluster.tf @@ -0,0 +1,82 @@ +# +# EKS Cluster Resources +# * IAM Role to allow EKS service to manage other AWS services +# * EC2 Security Group to allow networking traffic with EKS cluster +# * EKS Cluster +# +locals { + + eks_cluster_name = "${var.eks_cluster_name}-${var.eks_instance}" +} +resource "aws_iam_role" "eks-cluster" { + name = "terraform-eks-cluster" + + assume_role_policy = <