This submodule is designed for use by both the parent eks module and by the user.
⚠️ Launch Configuration driven worker groups have been superceded by Launch Template driven worker groups
worker_groups is a map of maps. Key of first level will be used as unique value for for_each resources and in the aws_autoscaling_group and aws_launch_template name. Inner map can take the below values.
| Name | Version |
|---|---|
| aws | >= 2.52.0 |
| random | >= 2.1 |
| template | >= 2.1 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| attach_worker_cni_policy | Whether to attach the Amazon managed AmazonEKS_CNI_Policy IAM policy to the default worker groups IAM role. WARNING: If set false the permissions must be assigned to the aws-worker DaemonSet pods via another method or workers will not be able to join the cluster. |
bool |
true |
no |
| cluster_name | Name of the parent EKS cluster. | string |
n/a | yes |
| cluster_security_group_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | string |
n/a | yes |
| create_eks | Controls if EKS resources should be created (it affects almost all resources). | bool |
true |
no |
| iam_path | If provided, all IAM roles will be created on this path. | string |
"/" |
no |
| manage_worker_iam_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | bool |
true |
no |
| permissions_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string |
n/a | yes |
| subnets | A list of subnets to place the EKS cluster and workers within. | list(string) |
n/a | yes |
| tags | A map of tags to add to all resources. | map(string) |
n/a | yes |
| vpc_id | VPC where the cluster and workers will be deployed. | string |
n/a | yes |
| worker_additional_security_group_ids | A list of additional security group ids to attach to worker instances | list(string) |
[] |
no |
| worker_ami_name_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster_version' is used. | string |
"" |
no |
| worker_ami_name_filter_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster_version' is used. | string |
"" |
no |
| worker_ami_owner_id | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | string |
"602401143452" |
no |
| worker_ami_owner_id_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | string |
"801119661308" |
no |
| worker_create_initial_lifecycle_hooks | Whether to create initial lifecycle hooks provided in worker groups. | bool |
false |
no |
| worker_create_security_group | Whether to create a security group for the workers or attach the workers to worker_security_group_id. |
bool |
true |
no |
| worker_groups | Map of map of worker groups to create. See documentation above for more details. | any |
{} |
no |
| worker_groups_additional_policies | Additional policies to be added to worker groups. | list(string) |
[] |
no |
| worker_groups_defaults | Map of values to be applied to all worker groups. See documentation above for more details. | any |
{} |
no |
| worker_groups_role_name | User defined worker groups role name. | string |
"" |
no |
| worker_security_group_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | string |
"" |
no |
| worker_sg_ingress_from_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | number |
1025 |
no |
| workers_additional_policies | Additional policies to be added to workers | list(string) |
[] |
no |
| workers_role_name | User defined workers role name. | string |
"" |
no |
| Name | Description |
|---|---|
| aws_auth_roles | Roles for use in aws-auth ConfigMap |
| worker_iam_instance_profile_arns | default IAM instance profile ARN for EKS worker groups |
| worker_iam_instance_profile_names | default IAM instance profile name for EKS worker groups |
| worker_iam_role_arn | default IAM role ARN for EKS worker groups |
| worker_iam_role_name | default IAM role name for EKS worker groups |
| worker_security_group_id | Security group ID attached to the EKS workers. |
| workers_asg_arns | IDs of the autoscaling groups containing workers. |
| workers_asg_names | Names of the autoscaling groups containing workers. |
| workers_default_ami_id | ID of the default worker group AMI |
| workers_launch_template_arns | ARNs of the worker launch templates. |
| workers_launch_template_ids | IDs of the worker launch templates. |
| workers_launch_template_latest_versions | Latest versions of the worker launch templates. |
| workers_user_data | User data of worker groups |