Skip to content

Instantly share code, notes, and snippets.

@Chili-Man

Chili-Man/new-cluster.tfplan

Created December 7, 2018 03:52
Show Gist options
  • Save Chili-Man/75518f12a5963849ae888a5e2a197282 to your computer and use it in GitHub Desktop.
Save Chili-Man/75518f12a5963849ae888a5e2a197282 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
new-cluster.tfplan
tfplan����Plan�� Diff��Module��State��Vars��Targets��TerraformVersion ProviderSHA256s��Backend��Destroy��Diff��Modules��&��[]*terraform.ModuleDiff����1����Path�� Resources��Destroy��[]string�� 3��"map[string]*terraform.InstanceDiff�� ��f�� InstanceDiff��
Attributes��DestroyDestroyDeposedDestroyTaintedMeta��7��&map[string]*terraform.ResourceAttrDiff�� ��o����Old New  NewComputed
NewRemovedNewExtra RequiresNew SensitiveType'��map[string]interface {}�� 
����j��State��Version TFVersion SerialLineage Remote��Backend��Modules��.�� RemoteState��Type Config��!��map[string]string��  8�� BackendState��Type Config��Hash'��[]*terraform.ModuleState����P����Path��Locals��Outputs�� Resources�� Dependencies��2��!map[string]*terraform.OutputState�� ��-���� SensitiveType Value4��#map[string]*terraform.ResourceState�� ��N����Type  Dependencies��Primary��Deposed��Provider W��
InstanceState��ID 
Attributes�� Ephemeral��Meta��Tainted3��EphemeralState��ConnInfo��Type )��[]*terraform.InstanceState����"��map[string][]uint8�� 
�����rootrandom_string.suffix specialfalse min_upper0 min_numeric0uppertrueresultidlength8numbertrue min_special0 min_lower0lowertrue(aws_security_group.worker_group_mgmt_two ingress.#1owner_id ingress.2994905558.cidr_blocks.0192.168.0.0/16 descriptionManaged by Terraformingress.2994905558.descriptionvpc_id${module.vpc.vpc_id}egress.#ingress.2994905558.from_port22 ingress.2994905558.cidr_blocks.#1revoke_rules_on_deletefalse%ingress.2994905558.ipv6_cidr_blocks.#0ingress.2994905558.selffalseingress.2994905558.protocoltcpstring tcparningress.2994905558.to_port22$ingress.2994905558.prefix_list_ids.#0$ingress.2994905558.security_groups.#0 name_prefixworker_group_mgmt_twonameid$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0deleteint64�e��createint64�e��"aws_security_group.all_worker_mgmt%ingress.3024135210.ipv6_cidr_blocks.#0 ingress.3024135210.cidr_blocks.#3 name_prefixall_worker_management ingress.#1ingress.3024135210.descriptionowner_idvpc_id${module.vpc.vpc_id}ingress.3024135210.from_port22$ingress.3024135210.prefix_list_ids.#0 ingress.3024135210.cidr_blocks.2192.168.0.0/16 descriptionManaged by Terraform$ingress.3024135210.security_groups.#0nameingress.3024135210.protocoltcpstring tcprevoke_rules_on_deletefalsearn ingress.3024135210.cidr_blocks.0
10.0.0.0/8idegress.#ingress.3024135210.to_port22 ingress.3024135210.cidr_blocks.1
172.16.0.0/12ingress.3024135210.selffalse$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0deleteint64�e��createint64�e��(aws_security_group.worker_group_mgmt_one description%SG to be applied to all *nix machines$ingress.179083333.ipv6_cidr_blocks.#0idingress.179083333.protocoltcpstring tcpingress.179083333.from_port22#ingress.179083333.security_groups.#0revoke_rules_on_deletefalseingress.179083333.descriptioningress.179083333.cidr_blocks.0
10.0.0.0/8name name_prefixworker_group_mgmt_oneingress.179083333.cidr_blocks.#1#ingress.179083333.prefix_list_ids.#0arnowner_idingress.179083333.selffalseingress.179083333.to_port22 ingress.#1egress.#vpc_id${module.vpc.vpc_id}$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��rooteks&$null_resource.tags_as_list_of_maps.1triggers.propagate_at_launchtrue triggers.key GithubOrgtriggers.valueterraform-aws-modules
triggers.%3id@aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicyidrole${aws_iam_role.workers.name}
policy_arn1arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy5aws_security_group_rule.workers_ingress_cluster_https protocoltcpstring tcpsource_security_group_id"${local.cluster_security_group_id}id from_port443to_port443 descriptioniAllow pods running extension API servers on port 443 to receive communication from cluster control plane.typeingressselffalsesecurity_group_id ${aws_security_group.workers.id}2aws_iam_role_policy_attachment.workers_autoscaling
policy_arn(${aws_iam_policy.worker_autoscaling.arn}role${aws_iam_role.workers.name}iddata.template_file.userdata.0template�I#!/bin/bash -xe
# Allow user supplied pre userdata code
${pre_userdata}
# Bootstrap and join the cluster
/etc/eks/bootstrap.sh --b64-cluster-ca '${cluster_auth_base64}' --apiserver-endpoint '${endpoint}' --kubelet-extra-args '${kubelet_extra_args}' '${cluster_name}'
# Allow user supplied userdata code
${additional_userdata}
idvars.%renderedaws_autoscaling_group.workers.1health_check_grace_period300health_check_typewait_for_capacity_timeout10marnmetrics_granularity1Minutetarget_group_arns.# name_prefix[${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}launch_configuration>${element(aws_launch_configuration.workers.*.id, count.index)}desired_capacity0idavailability_zones.#tags.#min_size0service_linked_role_arnvpc_zone_identifier.#suspended_processes.# force_deletefalsedefault_cooldownload_balancers.#namemax_size0protect_from_scale_infalse$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��deleteint64�e��$null_resource.tags_as_list_of_maps.0idtriggers.propagate_at_launchtrue triggers.key Environment
triggers.%3triggers.valuetest=aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy
policy_arn.arn:aws:iam::aws:policy/AmazonEKSServicePolicyidrole${aws_iam_role.cluster.name}aws_iam_role.workers
path/max_session_duration3600arnassume_role_policy��{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSWorkerAssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
]
}force_detach_policiestrue create_dateid unique_idname name_prefix${aws_eks_cluster.this.name}"aws_iam_instance_profile.workers.0 create_datename name_prefix${aws_eks_cluster.this.name}path/roles.#rolen${lookup(var.worker_groups[count.index], "iam_role_id", lookup(local.workers_group_defaults, "iam_role_id"))}arnid unique_id(null_resource.update_config_map_aws_auth
triggers.%idaws_autoscaling_group.workers.0nameavailability_zones.# name_prefix[${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}launch_configuration>${element(aws_launch_configuration.workers.*.id, count.index)}suspended_processes.#health_check_typemax_size0default_cooldownwait_for_capacity_timeout10mload_balancers.#arnvpc_zone_identifier.#service_linked_role_arntags.#metrics_granularity1Minuteidmin_size0 force_deletefalsehealth_check_grace_period300protect_from_scale_infalsetarget_group_arns.#desired_capacity0$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��deleteint64�e��aws_eks_cluster.this
vpc_config.0.subnet_ids.#arnendpointname${var.cluster_name}role_arn${aws_iam_role.cluster.arn}version1.10 vpc_config.#1platform_versionidvpc_config.0.vpc_id!vpc_config.0.security_group_ids.#
created_atcertificate_authority.#$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64��\Pdeleteint64��\Paws_security_group.workers egress.#owner_idarnid ingress.#vpc_id
${var.vpc_id}tags.% description,Security group for all nodes in the cluster.name name_prefix${aws_eks_cluster.this.name}revoke_rules_on_deletefalse$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��local_file.kubeconfigidcontent)${data.template_file.kubeconfig.rendered}filename7${var.config_output_path}kubeconfig_${var.cluster_name}=aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy
policy_arn.arn:aws:iam::aws:policy/AmazonEKSClusterPolicyrole${aws_iam_role.cluster.name}idaws_security_group.cluster revoke_rules_on_deletefalse ingress.# name_prefix${var.cluster_name}owner_idegress.#tags.%vpc_id
${var.vpc_id}arn descriptionEKS cluster security group.idname$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0deleteint64�e��createint64�e��/aws_security_group_rule.cluster_egress_internet protocol-1string -1
cidr_blocks.#1
cidr_blocks.0 0.0.0.0/0typeegressto_port0 description,Allow cluster egress access to the Internet.idselffalsesource_security_group_id from_port0security_group_id ${aws_security_group.cluster.id},aws_security_group_rule.workers_ingress_self typeingressprotocol-1string -1idselffalse from_port0to_port65535security_group_id ${aws_security_group.workers.id} description*Allow node to communicate with each other.source_security_group_id ${aws_security_group.workers.id}data.template_file.userdata.1vars.%idrenderedtemplate�I#!/bin/bash -xe
# Allow user supplied pre userdata code
${pre_userdata}
# Bootstrap and join the cluster
/etc/eks/bootstrap.sh --b64-cluster-ca '${cluster_auth_base64}' --apiserver-endpoint '${endpoint}' --kubelet-extra-args '${kubelet_extra_args}' '${cluster_name}'
# Allow user supplied userdata code
${additional_userdata}
"aws_iam_instance_profile.workers.1 create_dateidrolen${lookup(var.worker_groups[count.index], "iam_role_id", lookup(local.workers_group_defaults, "iam_role_id"))}arnroles.# unique_idname name_prefix${aws_eks_cluster.this.name}path/%data.template_file.worker_role_arns.1template�� - rolearn: ${worker_role_arn}
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
vars.%renderedid%data.template_file.worker_role_arns.0renderedidtemplate�� - rolearn: ${worker_role_arn}
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
vars.%$null_resource.tags_as_list_of_maps.3triggers.valuedefault
triggers.%3triggers.propagate_at_launchtrueid triggers.key Workspace/data.aws_iam_policy_document.worker_autoscalingstatement.0.actions.#05)statement.1.condition.3636405986.variable9autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabledidstatement.0.resources.#01*statement.1.condition.~2944922886.variableJautoscaling:ResourceTag/kubernetes.io/cluster/${aws_eks_cluster.this.name}statement.1.condition.#02statement.0.actions.3701464416autoscaling:DescribeTagsstatement.0.actions.2555065653(autoscaling:DescribeLaunchConfigurationsstatement.1.actions.1536675971"autoscaling:UpdateAutoScalingGroupversion
2012-10-17statement.0.sideksWorkerAutoscalingAllstatement.0.actions.4281419483autoscaling:GetAsgForInstancestatement.0.actions.1274732150%autoscaling:DescribeAutoScalingGroupsstatement.0.effectAllow%statement.1.condition.3636405986.test StringEquals statement.#02statement.1.sideksWorkerAutoscalingOwnstatement.1.effectAllow)statement.1.condition.3636405986.values.#01&statement.1.condition.~2944922886.test StringEquals*statement.1.condition.~2944922886.values.#01statement.1.actions.3469696720/autoscaling:TerminateInstanceInAutoScalingGroup2statement.1.condition.3636405986.values.4043113848truejsonstatement.1.actions.557626329autoscaling:SetDesiredCapacitystatement.1.actions.#03statement.1.resources.#01 statement.0.resources.2679715827* statement.1.resources.2679715827*statement.0.actions.2448883636(autoscaling:DescribeAutoScalingInstances2statement.1.condition.~2944922886.values.653127311owned!aws_iam_policy.worker_autoscaling name_prefix3eks-worker-autoscaling-${aws_eks_cluster.this.name}arnid descriptionKEKS worker node autoscaling policy for cluster ${aws_eks_cluster.this.name}path/policy7${data.aws_iam_policy_document.worker_autoscaling.json}name;aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policyrole${aws_iam_role.workers.name}
policy_arn,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policyid"aws_launch_configuration.workers.1
spot_pricec${lookup(var.worker_groups[count.index], "spot_price", local.workers_group_defaults["spot_price"])}
ebs_optimizedfalse
instance_typei${lookup(var.worker_groups[count.index], "instance_type", local.workers_group_defaults["instance_type"])}security_groups.#nameroot_block_device.0.iops0iam_instance_profile>${element(aws_iam_instance_profile.workers.*.id, count.index)}key_name_${lookup(var.worker_groups[count.index], "key_name", local.workers_group_defaults["key_name"])}root_block_device.0.volume_typeo${lookup(var.worker_groups[count.index], "root_volume_type", local.workers_group_defaults["root_volume_type"])})root_block_device.0.delete_on_terminationtrueuser_data_base64M${base64encode(element(data.template_file.userdata.*.rendered, count.index))}associate_public_ip_addressfalseebs_block_device.#image_id[${lookup(var.worker_groups[count.index], "ami_id", local.workers_group_defaults["ami_id"])}root_block_device.#1enable_monitoringfalseplacement_tenancyq${lookup(var.worker_groups[count.index], "placement_tenancy", local.workers_group_defaults["placement_tenancy"])}idroot_block_device.0.volume_size0 name_prefix[${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}"aws_launch_configuration.workers.0associate_public_ip_addressfalse
ebs_optimizedfalseenable_monitoringfalsenamekey_name_${lookup(var.worker_groups[count.index], "key_name", local.workers_group_defaults["key_name"])})root_block_device.0.delete_on_terminationtrueroot_block_device.0.iops0root_block_device.0.volume_size0
instance_typei${lookup(var.worker_groups[count.index], "instance_type", local.workers_group_defaults["instance_type"])}ebs_block_device.#iam_instance_profile>${element(aws_iam_instance_profile.workers.*.id, count.index)}root_block_device.0.volume_typeo${lookup(var.worker_groups[count.index], "root_volume_type", local.workers_group_defaults["root_volume_type"])}
spot_pricec${lookup(var.worker_groups[count.index], "spot_price", local.workers_group_defaults["spot_price"])}placement_tenancyq${lookup(var.worker_groups[count.index], "placement_tenancy", local.workers_group_defaults["placement_tenancy"])} name_prefix[${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}security_groups.#user_data_base64M${base64encode(element(data.template_file.userdata.*.rendered, count.index))}image_id[${lookup(var.worker_groups[count.index], "ami_id", local.workers_group_defaults["ami_id"])}root_block_device.#1idlocal_file.config_map_aws_authcontent2${data.template_file.config_map_aws_auth.rendered}filenameE${var.config_output_path}config-map-aws-auth_${var.cluster_name}.yamlid$null_resource.tags_as_list_of_maps.2
triggers.%3id triggers.key
GithubRepotriggers.valueterraform-aws-ekstriggers.propagate_at_launchtrueaws_iam_role.cluster
name_prefix${var.cluster_name}assume_role_policy��{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSClusterAssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "eks.amazonaws.com"
}
}
]
}path/arn create_datemax_session_duration3600idforce_detach_policiestrue unique_idnamedata.template_file.kubeconfigvars.%renderedtemplate�NapiVersion: v1
preferences: {}
kind: Config
clusters:
- cluster:
server: ${endpoint}
certificate-authority-data: ${cluster_auth_base64}
name: ${kubeconfig_name}
contexts:
- context:
cluster: ${kubeconfig_name}
user: ${kubeconfig_name}
name: ${kubeconfig_name}
current-context: ${kubeconfig_name}
users:
- name: ${kubeconfig_name}
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: ${aws_authenticator_command}
args:
${aws_authenticator_command_args}
${aws_authenticator_additional_args}
${aws_authenticator_env_variables}
idIaws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly
policy_arn:arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnlyrole${aws_iam_role.workers.name}id/aws_security_group_rule.workers_egress_internet protocol-1string -1
cidr_blocks.0 0.0.0.0/0 from_port0selffalseto_port0 description'Allow nodes all egress to the Internet.idsource_security_group_id
cidr_blocks.#1typeegresssecurity_group_id ${aws_security_group.workers.id}4aws_security_group_rule.cluster_https_worker_ingress description3Allow pods to communicate with the EKS cluster API.selffalsetypeingress from_port443to_port443idprotocoltcpstring tcpsecurity_group_id ${aws_security_group.cluster.id}source_security_group_id!${local.worker_security_group_id}/aws_security_group_rule.workers_ingress_cluster from_port1025to_port65535protocoltcpstring tcptypeingresssource_security_group_id"${local.cluster_security_group_id}security_group_id ${aws_security_group.workers.id} descriptionXAllow workers Kubelets and pods to receive communication from the cluster control plane.selffalseid&data.template_file.config_map_aws_authtemplate��apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
${worker_role_arn}
${map_roles}
mapUsers: |
${map_users}
mapAccounts: |
${map_accounts}
vars.%renderedidrootvpcaws_route_table.publicidroute.#owner_idvpc_id${aws_vpc.this.id}tags.%aws_internet_gateway.thistags.%owner_ididvpc_id${aws_vpc.this.id}aws_subnet.public.2 owner_idipv6_cidr_blockipv6_cidr_block_association_id
cidr_block 10.0.6.0/24availability_zone
us-west-2carnassign_ipv6_address_on_creationfalseavailability_zone_idvpc_id${aws_vpc.this.id}idmap_public_ip_on_launchtruetags.%$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��aws_nat_gateway.thisid
allocation_idM${element(local.nat_gateway_ips, (var.single_nat_gateway ? 0 : count.index))} subnet_idN${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}network_interface_id
private_ip public_iptags.%aws_route.private_nat_gateway.0 route_table_id5${element(aws_route_table.private.*.id, count.index)}network_interface_idorigininstance_owner_idegress_only_gateway_idstateidnat_gateway_id2${element(aws_nat_gateway.this.*.id, count.index)} instance_id
gateway_iddestination_cidr_block 0.0.0.0/0destination_prefix_list_id$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��.createint64�7�`deleteint64����paws_route.private_nat_gateway.2 network_interface_idroute_table_id5${element(aws_route_table.private.*.id, count.index)}stateoriginegress_only_gateway_iddestination_prefix_list_id
gateway_idinstance_owner_iddestination_cidr_block 0.0.0.0/0nat_gateway_id2${element(aws_nat_gateway.this.*.id, count.index)} instance_idid$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��.createint64�7�`deleteint64����p%aws_route_table_association.private.2 subnet_id0${element(aws_subnet.private.*.id, count.index)}route_table_id5${element(aws_route_table.private.*.id, count.index)}id aws_vpc.thisdefault_network_acl_iddhcp_options_idinstance_tenancydefaulttags.%enable_dns_supporttruearndefault_security_group_id
cidr_block 10.0.0.0/16enable_classiclinkowner_idenable_dns_hostnamesfalseiddefault_route_table_idenable_classiclink_dns_supportmain_route_table_idipv6_association_id assign_generated_ipv6_cidr_blockfalseipv6_cidr_blockaws_subnet.private.1 idipv6_cidr_blockvpc_id${aws_vpc.this.id}availability_zone
us-west-2bowner_idavailability_zone_idtags.%map_public_ip_on_launchfalseassign_ipv6_address_on_creationfalseipv6_cidr_block_association_id
cidr_block 10.0.2.0/24arn$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0deleteint64�e��createint64�e��aws_subnet.public.1 owner_idmap_public_ip_on_launchtrueipv6_cidr_block_association_idavailability_zone
us-west-2bavailability_zone_idid
cidr_block 10.0.5.0/24tags.%arnvpc_id${aws_vpc.this.id}ipv6_cidr_blockassign_ipv6_address_on_creationfalse$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��aws_subnet.private.2 owner_idassign_ipv6_address_on_creationfalseavailability_zone_idmap_public_ip_on_launchfalseipv6_cidr_block_association_idtags.%vpc_id${aws_vpc.this.id}
cidr_block 10.0.3.0/24availability_zone
us-west-2carnidipv6_cidr_block$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��aws_route_table.private.0tags.%route.#owner_idvpc_id${aws_vpc.this.id}idaws_route_table.private.1owner_idvpc_id${aws_vpc.this.id}tags.%route.#id$aws_route_table_association.public.1route_table_id${aws_route_table.public.id}id subnet_id/${element(aws_subnet.public.*.id, count.index)}aws_route.private_nat_gateway.1
gateway_idoriginroute_table_id5${element(aws_route_table.private.*.id, count.index)}iddestination_prefix_list_idstatenetwork_interface_iddestination_cidr_block 0.0.0.0/0nat_gateway_id2${element(aws_nat_gateway.this.*.id, count.index)}instance_owner_idegress_only_gateway_id instance_id$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��.createint64�7�`deleteint64����p aws_eip.nat
allocation_iddomainvpctruenetwork_interfaceinstance public_ip
private_ipassociation_ididpublic_ipv4_pool$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��Creadint64��\Pupdateint64����pdeleteint64�SѬaws_subnet.private.0 availability_zone_idassign_ipv6_address_on_creationfalseipv6_cidr_blockipv6_cidr_block_association_id
cidr_block 10.0.1.0/24tags.%map_public_ip_on_launchfalsearnavailability_zone
us-west-2aidowner_idvpc_id${aws_vpc.this.id}$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0deleteint64�e��createint64�e��aws_subnet.public.0 tags.%owner_idipv6_cidr_blockvpc_id${aws_vpc.this.id}
cidr_block 10.0.4.0/24ipv6_cidr_block_association_idarnavailability_zone_idmap_public_ip_on_launchtrueidavailability_zone
us-west-2aassign_ipv6_address_on_creationfalse$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��0createint64�e��deleteint64�e��aws_route_table.private.2route.#owner_idvpc_id${aws_vpc.this.id}idtags.%!aws_route.public_internet_gateway
gateway_id${aws_internet_gateway.this.id}instance_owner_id instance_idnetwork_interface_idnat_gateway_idroute_table_id${aws_route_table.public.id}destination_cidr_block 0.0.0.0/0stateoriginegress_only_gateway_iddestination_prefix_list_idid$e2bfb730-ecaa-11e6-8f88-34363bc7c4c0map[string]interface {}��.deleteint64����pcreateint64�7�`$aws_route_table_association.public.0 subnet_id/${element(aws_subnet.public.*.id, count.index)}route_table_id${aws_route_table.public.id}id%aws_route_table_association.private.1route_table_id5${element(aws_route_table.private.*.id, count.index)}id subnet_id0${element(aws_subnet.private.*.id, count.index)}$aws_route_table_association.public.2 subnet_id/${element(aws_subnet.public.*.id, count.index)}route_table_id${aws_route_table.public.id}id%aws_route_table_association.private.0 subnet_id0${element(aws_subnet.private.*.id, count.index)}idroute_table_id5${element(aws_route_table.private.*.id, count.index)}�%�B��treeGob��Config��Children��Name Path������Config�� Dir  Terraform��Atlas��Modules��ProviderConfigs�� Resources�� Variables��Locals��Outputs��8�� Terraform��RequiredVersion Backend��6��Backend��Type  RawConfig��Hash
����'��map[string]interface {}��  �������� <�� AtlasConfig��Name Include��Exclude����[]string�� ��[]*config.Module����J����Name Source Version  Providers�� RawConfig��!��map[string]string��  '��[]*config.ProviderConfig����:����Name Alias Version  RawConfig��!��[]*config.Resource���������� ModeName Type RawCount�� RawConfig�� Provisioners��Provider  DependsOn�� Lifecycle��$��[]*config.Provisioner����I����Type  RawConfig��ConnInfo��When OnFailure]��ResourceLifecycle��CreateBeforeDestroyPreventDestroy
IgnoreChanges��!��[]*config.Variable����B����Name  DeclaredType Default Description ��[]*config.Local����$����Name  RawConfig����[]*config.Output����Q����Name  DependsOn�� Description  Sensitive RawConfig��(��map[string]*module.Tree�� ��
�������B/home/habanero/opengov/terraform-aws-eks/examples/eks_test_fixture >= 0.11.8vpcterraform-aws-modules/vpc/aws1.14.0��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� $�azs[]interface {}�����Y����string 31${data.aws_availability_zones.available.names[0]}string 31${data.aws_availability_zones.available.names[1]}string 31${data.aws_availability_zones.available.names[2]}enable_nat_gatewaystring 1single_nat_gatewaystring 1namestring
test-vpccidrstring
10.0.0.0/16private_subnets[]interface {}��Dstring
10.0.1.0/24string
10.0.2.0/24string
10.0.3.0/24public_subnets[]interface {}��Dstring
10.0.4.0/24string
10.0.5.0/24string
10.0.6.0/24tagsstring TR${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}eks../..��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �_� map_roles_countstring ${var.map_roles_count}tagsstring 
${local.tags}
worker_groupsstring ${local.worker_groups}vpc_idstring ${module.vpc.vpc_id} map_accountsstring ${var.map_accounts} map_rolesstring ${var.map_roles} map_usersstring ${var.map_users}worker_group_countstring 2subnets[]interface {}��������*string ${module.vpc.private_subnets}map_users_countstring ${var.map_users_count}$worker_additional_security_group_ids[]interface {}��5string *(${aws_security_group.all_worker_mgmt.id} cluster_namestring ${local.cluster_name}aws >= 1.24.0{,�� gobRawConfig�Key Raw��'��map[string]interface {}�� %�regionstring 
${var.region}random= 1.3.1\,�� gobRawConfig�Key Raw��'��map[string]interface {}�� � availableaws_availability_zonesu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1\,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �suffix
random_stringu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1|,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�lengthintspecialboolworker_group_mgmt_oneaws_security_groupu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Z�vpc_idstring ${module.vpc.vpc_id}ingress[]map[string]interface {}����������Qto_portint,protocolstring tcp cidr_blocks[]interface {}����,��string
10.0.0.0/8 from_portint, name_prefixstring worker_group_mgmt_one descriptionstring '%SG to be applied to all *nix machinesworker_group_mgmt_twoaws_security_groupu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�d,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 4�ingress[]map[string]interface {}����������c from_portint,to_portint,protocolstring tcp cidr_blocks[]interface {}������string 192.168.0.0/16 name_prefixstring worker_group_mgmt_twovpc_idstring ${module.vpc.vpc_id}all_worker_mgmtaws_security_groupu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Z�vpc_idstring ${module.vpc.vpc_id}ingress[]map[string]interface {}����������c from_portint,to_portint,protocolstring tcp cidr_blocks[]interface {}����K��Hstring
10.0.0.0/8string 
172.16.0.0/12string 192.168.0.0/16 name_prefixstring all_worker_managementregionstring us-west-2 map_accountslist[]interface {}�����R��0string  777777777777string  888888888888@Additional AWS account numbers to add to the aws-auth configmap. map_roleslist[]interface {}����map[string]interface {}��qgroupstring system:mastersrole_arnstring %#arn:aws:iam::66666666666:role/role1usernamestring role16Additional IAM roles to add to the aws-auth configmap.map_roles_countstringstring 1)The count of roles in the map_roles list. map_userslist[]interface {}���map[string]interface {}��qusernamestring user1groupstring system:mastersuser_arnstring %#arn:aws:iam::66666666666:user/user1map[string]interface {}��quser_arnstring %#arn:aws:iam::66666666666:user/user2usernamestring user2groupstring system:masters6Additional IAM users to add to the aws-auth configmap.map_users_countstringstring 1)The count of roles in the map_users list. cluster_name��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� >�valuestring )'test-eks-${random_string.suffix.result}
worker_groups�X,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����������map[string]interface {}����additional_userdatastring  echo foo barsubnetsstring *(${join(",", module.vpc.private_subnets)}
instance_typestring
t2.smallmap[string]interface {}���
instance_typestring
t2.smalladditional_userdatastring  echo foo barsubnetsstring *(${join(",", module.vpc.private_subnets)}additional_security_group_idsstring _]${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}tags�),�� gobRawConfig�Key Raw��'��map[string]interface {}�� 2�value[]map[string]interface {}������������ Environmentstring test
GithubRepostring terraform-aws-eks GithubOrgstring terraform-aws-modules Workspacestring ${terraform.workspace}cluster_endpointEndpoint for EKS control plane.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 5�valuestring ${module.eks.cluster_endpoint}cluster_security_group_id9Security group ids attached to the cluster control plane.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� >�valuestring )'${module.eks.cluster_security_group_id}kubectl_config*kubectl config as generated by the module.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� /�valuestring ${module.eks.kubeconfig}config_map_aws_auth��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 8�valuestring #!${module.eks.config_map_aws_auth}region AWS region.z,�� gobRawConfig�Key Raw��'��map[string]interface {}�� $�valuestring 
${var.region}vpc�l�B��treeGob��Config��Children��Name Path������Config�� Dir  Terraform��Atlas��Modules��ProviderConfigs�� Resources�� Variables��Locals��Outputs��8�� Terraform��RequiredVersion Backend��6��Backend��Type  RawConfig��Hash
����'��map[string]interface {}��  �������� <�� AtlasConfig��Name Include��Exclude����[]string�� ��[]*config.Module����J����Name Source Version  Providers�� RawConfig��!��map[string]string��  '��[]*config.ProviderConfig����:����Name Alias Version  RawConfig��!��[]*config.Resource���������� ModeName Type RawCount�� RawConfig�� Provisioners��Provider  DependsOn�� Lifecycle��$��[]*config.Provisioner����I����Type  RawConfig��ConnInfo��When OnFailure]��ResourceLifecycle��CreateBeforeDestroyPreventDestroy
IgnoreChanges��!��[]*config.Variable����B����Name  DeclaredType Default Description ��[]*config.Local����$����Name  RawConfig����[]*config.Output����Q����Name  DependsOn�� Description  Sensitive RawConfig��(��map[string]*module.Tree�� ��
�����=�����/home/habanero/opengov/terraform-aws-eks/examples/eks_test_fixture/.terraform/modules/bced2707848d2d05a45e61034c8091d8/terraform-aws-modules-terraform-aws-vpc-c1d5143 >= 0.10.3 s3aws_vpc_endpoint_service��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.enable_s3_endpoint}q,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �servicestring s3dynamodbaws_vpc_endpoint_service��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${var.enable_dynamodb_endpoint}w,�� gobRawConfig�Key Raw��'��map[string]interface {}�� !�servicestring
dynamodbthisaws_vpcu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�y,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �!�
cidr_blockstring
${var.cidr}instance_tenancystring ${var.instance_tenancy}enable_dns_hostnamesstring ${var.enable_dns_hostnames}enable_dns_supportstring ${var.enable_dns_support}tagsstring GE${merge(var.tags, var.vpc_tags, map("Name", format("%s", var.name)))}thisaws_vpc_dhcp_options��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�countcountstring $"${var.enable_dhcp_options ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� domain_namestring !${var.dhcp_options_domain_name}domain_name_serversstring )'${var.dhcp_options_domain_name_servers} ntp_serversstring !${var.dhcp_options_ntp_servers}netbios_name_serversstring *(${var.dhcp_options_netbios_name_servers}netbios_node_typestring '%${var.dhcp_options_netbios_node_type}tagsstring PN${merge(var.tags, var.dhcp_options_tags, map("Name", format("%s", var.name)))}this aws_vpc_dhcp_options_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�countcountstring $"${var.enable_dhcp_options ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� d�vpc_idstring ${aws_vpc.this.id}dhcp_options_idstring !${aws_vpc_dhcp_options.this.id}thisaws_internet_gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� G�countcountstring +)${length(var.public_subnets) > 0 ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� q�tagsstring 97${merge(var.tags, map("Name", format("%s", var.name)))}vpc_idstring ${aws_vpc.this.id}publicaws_route_table��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� G�countcountstring +)${length(var.public_subnets) > 0 ? 1 : 0}�G,�� gobRawConfig�Key Raw��'��map[string]interface {}�� U�vpc_idstring ${aws_vpc.this.id}propagating_vgws[]interface {}��������+string ${var.public_propagating_vgws}tagsstring ][${merge(var.tags, var.public_route_table_tags, map("Name", format("%s-public", var.name)))}public_internet_gateway aws_route��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� G�countcountstring +)${length(var.public_subnets) > 0 ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���route_table_idstring ${aws_route_table.public.id}destination_cidr_blockstring 0.0.0.0/0
gateway_idstring !${aws_internet_gateway.this.id}privateaws_route_table��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���countcountstring ����${max(length(var.private_subnets), length(var.elasticache_subnets), length(var.database_subnets), length(var.redshift_subnets))}�m,�� gobRawConfig�Key Raw��'��map[string]interface {}�� U�vpc_idstring ${aws_vpc.this.id}propagating_vgws[]interface {}��������,string !${var.private_propagating_vgws}tagsstring ��${merge(var.tags, var.private_route_table_tags, map("Name", format("%s-private-%s", var.name, element(var.azs, count.index))))}propagating_vgwspublic
aws_subnet��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ;�countcountstring ${length(var.public_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �h�tagsstring zx${merge(var.tags, var.public_subnet_tags, map("Name", format("%s-public-%s", var.name, element(var.azs, count.index))))}vpc_idstring ${aws_vpc.this.id}
cidr_blockstring $"${var.public_subnets[count.index]}availability_zonestring " ${element(var.azs, count.index)}map_public_ip_on_launchstring ${var.map_public_ip_on_launch}private
aws_subnet��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� <�countcountstring ${length(var.private_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �*�availability_zonestring " ${element(var.azs, count.index)}tagsstring |z${merge(var.tags, var.private_subnet_tags, map("Name", format("%s-private-%s", var.name, element(var.azs, count.index))))}vpc_idstring ${aws_vpc.this.id}
cidr_blockstring %#${var.private_subnets[count.index]}database
aws_subnet��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${length(var.database_subnets)}�,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �'�vpc_idstring ${aws_vpc.this.id}
cidr_blockstring &$${var.database_subnets[count.index]}availability_zonestring " ${element(var.azs, count.index)}tagsstring xv${merge(var.tags, var.database_subnet_tags, map("Name", format("%s-db-%s", var.name, element(var.azs, count.index))))}databaseaws_db_subnet_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� m�countcountstring QO${length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0}�M,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���namestring
${var.name} descriptionstring '%Database subnet group for ${var.name}
subnet_ids[]interface {}����s��(string ${aws_subnet.database.*.id}tagsstring 97${merge(var.tags, map("Name", format("%s", var.name)))}redshift
aws_subnet��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${length(var.redshift_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �-�availability_zonestring " ${element(var.azs, count.index)}tagsstring ~|${merge(var.tags, var.redshift_subnet_tags, map("Name", format("%s-redshift-%s", var.name, element(var.azs, count.index))))}vpc_idstring ${aws_vpc.this.id}
cidr_blockstring &$${var.redshift_subnets[count.index]}redshiftaws_redshift_subnet_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� I�countcountstring -+${length(var.redshift_subnets) > 0 ? 1 : 0}�M,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���tagsstring 97${merge(var.tags, map("Name", format("%s", var.name)))}namestring
${var.name} descriptionstring '%Redshift subnet group for ${var.name}
subnet_ids[]interface {}����,��(string ${aws_subnet.redshift.*.id} elasticache
aws_subnet��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�countcountstring $"${length(var.elasticache_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �8�vpc_idstring ${aws_vpc.this.id}
cidr_blockstring )'${var.elasticache_subnets[count.index]}availability_zonestring " ${element(var.azs, count.index)}tagsstring ����${merge(var.tags, var.elasticache_subnet_tags, map("Name", format("%s-elasticache-%s", var.name, element(var.azs, count.index))))} elasticacheaws_elasticache_subnet_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� L�countcountstring 0.${length(var.elasticache_subnets) > 0 ? 1 : 0}� ,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���namestring
${var.name} descriptionstring *(ElastiCache subnet group for ${var.name}
subnet_ids[]interface {}����/��+string ${aws_subnet.elasticache.*.id}nataws_eip��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���countcountstring hf${(var.enable_nat_gateway && !var.reuse_nat_ips) ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}i,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �vpcboolthisaws_nat_gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� l�countcountstring PN${var.enable_nat_gateway ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �W�
allocation_idstring OM${element(local.nat_gateway_ips, (var.single_nat_gateway ? 0 : count.index))} subnet_idstring PN${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}tagsstring zx${merge(var.tags, map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))))}aws_internet_gateway.thisprivate_nat_gateway aws_route��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Y�countcountstring =;${var.enable_nat_gateway ? length(var.private_subnets) : 0}�#,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���route_table_idstring 75${element(aws_route_table.private.*.id, count.index)}destination_cidr_blockstring 0.0.0.0/0nat_gateway_idstring 42${element(aws_nat_gateway.this.*.id, count.index)}s3aws_vpc_endpoint��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.enable_s3_endpoint}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� r�vpc_idstring ${aws_vpc.this.id} service_namestring 20${data.aws_vpc_endpoint_service.s3.service_name}
private_s3(aws_vpc_endpoint_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Y�countcountstring =;${var.enable_s3_endpoint ? length(var.private_subnets) : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���vpc_endpoint_idstring ${aws_vpc_endpoint.s3.id}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)} public_s3(aws_vpc_endpoint_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� X�countcountstring <:${var.enable_s3_endpoint ? length(var.public_subnets) : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� p�vpc_endpoint_idstring ${aws_vpc_endpoint.s3.id}route_table_idstring ${aws_route_table.public.id}dynamodbaws_vpc_endpoint��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${var.enable_dynamodb_endpoint}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� x�vpc_idstring ${aws_vpc.this.id} service_namestring 86${data.aws_vpc_endpoint_service.dynamodb.service_name}private_dynamodb(aws_vpc_endpoint_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� _�countcountstring CA${var.enable_dynamodb_endpoint ? length(var.private_subnets) : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���vpc_endpoint_idstring !${aws_vpc_endpoint.dynamodb.id}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)}public_dynamodb(aws_vpc_endpoint_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ^�countcountstring B@${var.enable_dynamodb_endpoint ? length(var.public_subnets) : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� v�vpc_endpoint_idstring !${aws_vpc_endpoint.dynamodb.id}route_table_idstring ${aws_route_table.public.id}privateaws_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� <�countcountstring ${length(var.private_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� subnet_idstring 20${element(aws_subnet.private.*.id, count.index)}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)}databaseaws_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${length(var.database_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� subnet_idstring 31${element(aws_subnet.database.*.id, count.index)}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)}redshiftaws_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${length(var.redshift_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� subnet_idstring 31${element(aws_subnet.redshift.*.id, count.index)}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)} elasticacheaws_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�countcountstring $"${length(var.elasticache_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� subnet_idstring 64${element(aws_subnet.elasticache.*.id, count.index)}route_table_idstring 75${element(aws_route_table.private.*.id, count.index)}publicaws_route_table_association��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ;�countcountstring ${length(var.public_subnets)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� subnet_idstring 1/${element(aws_subnet.public.*.id, count.index)}route_table_idstring ${aws_route_table.public.id}thisaws_vpn_gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ?�countcountstring #!${var.enable_vpn_gateway ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� q�vpc_idstring ${aws_vpc.this.id}tagsstring 97${merge(var.tags, map("Name", format("%s", var.name)))}&namestring 2Name to be used on all the resources as identifiercidrstring The CIDR block for the VPCinstance_tenancystring default4A tenancy option for instances launched into the VPCpublic_subnets[]interface {}�����)��'A list of public subnets inside the VPCprivate_subnets[]interface {}��(A list of private subnets inside the VPCdatabase_subnetslist[]interface {}��A list of database subnetsredshift_subnetslist[]interface {}��A list of redshift subnetselasticache_subnetslist[]interface {}��A list of elasticache subnetscreate_database_subnet_groupstring 13Controls if database subnet group should be createdazs[]interface {}��*A list of availability zones in the regionenable_dns_hostnamesstring 01Should be true to enable DNS hostnames in the VPCenable_dns_supportstring 1/Should be true to enable DNS support in the VPCenable_nat_gatewaystring 0VShould be true if you want to provision NAT Gateways for each of your private networkssingle_nat_gatewaystring 0gShould be true if you want to provision a single shared NAT Gateway across all of your private networks
reuse_nat_ipsstring 0��Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variableexternal_nat_ip_idslist[]interface {}��[List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)enable_dynamodb_endpointstring 0FShould be true if you want to provision a DynamoDB endpoint to the VPCenable_s3_endpointstring 0AShould be true if you want to provision an S3 endpoint to the VPCmap_public_ip_on_launchstring 1EShould be false if you do not want to auto-assign public IP on launchenable_vpn_gatewaystring 0XShould be true if you want to create a new VPN Gateway resource and attach it to the VPCprivate_propagating_vgws[]interface {}��7A list of VGWs the private route table should propagatepublic_propagating_vgws[]interface {}��6A list of VGWs the public route table should propagatetagsmap[string]interface {}��%A map of tags to add to all resourcesvpc_tagsmap[string]interface {}��Additional tags for the VPCpublic_subnet_tagsmap[string]interface {}��&Additional tags for the public subnetsprivate_subnet_tagsmap[string]interface {}��'Additional tags for the private subnetspublic_route_table_tagsmap[string]interface {}��+Additional tags for the public route tablesprivate_route_table_tagsmap[string]interface {}��,Additional tags for the private route tablesdatabase_subnet_tagsmap[string]interface {}��(Additional tags for the database subnetsredshift_subnet_tagsmap[string]interface {}��(Additional tags for the redshift subnetselasticache_subnet_tagsmap[string]interface {}��+Additional tags for the elasticache subnetsdhcp_options_tagsmap[string]interface {}��'Additional tags for the DHCP option setenable_dhcp_optionsstring 0��Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server typedhcp_options_domain_namestring 'Specifies DNS name for DHCP options set dhcp_options_domain_name_serverslist[]interface {}��string AmazonProvidedDNSTSpecify a list of DNS server addresses for DHCP options set, default to AWS provideddhcp_options_ntp_serverslist[]interface {}��2Specify a list of NTP servers for DHCP options set!dhcp_options_netbios_name_serverslist[]interface {}��6Specify a list of netbios servers for DHCP options setdhcp_options_netbios_node_typestring .Specify netbios node_type for DHCP options setnat_gateway_ips��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� |�valuestring ge${split(",", (var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id)))}vpc_idThe ID of the VPC,�� gobRawConfig�Key Raw��'��map[string]interface {}�� )�valuestring ${aws_vpc.this.id}vpc_cidr_blockThe CIDR block of the VPC��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 1�valuestring ${aws_vpc.this.cidr_block}default_security_group_id?The ID of the security group created by default on VPC creation��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�valuestring +)${aws_vpc.this.default_security_group_id}default_network_acl_id!The ID of the default network ACL��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�valuestring (&${aws_vpc.this.default_network_acl_id}default_route_table_id!The ID of the default route table��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�valuestring (&${aws_vpc.this.default_route_table_id}private_subnetsList of IDs of private subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����+��'string ${aws_subnet.private.*.id}private_subnets_cidr_blocks&List of cidr_blocks of private subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����3��/string $"${aws_subnet.private.*.cidr_block}public_subnetsList of IDs of public subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����*��&string ${aws_subnet.public.*.id}public_subnets_cidr_blocks%List of cidr_blocks of public subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����2��.string #!${aws_subnet.public.*.cidr_block}database_subnetsList of IDs of database subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����,��(string ${aws_subnet.database.*.id}database_subnets_cidr_blocks'List of cidr_blocks of database subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����4��0string %#${aws_subnet.database.*.cidr_block}database_subnet_groupID of database subnet group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Y�valuestring DB${element(concat(aws_db_subnet_group.database.*.id, list("")), 0)}redshift_subnetsList of IDs of redshift subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����,��(string ${aws_subnet.redshift.*.id}redshift_subnets_cidr_blocks'List of cidr_blocks of redshift subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����4��0string %#${aws_subnet.redshift.*.cidr_block}redshift_subnet_groupID of redshift subnet group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� _�valuestring JH${element(concat(aws_redshift_subnet_group.redshift.*.id, list("")), 0)}elasticache_subnets"List of IDs of elasticache subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����/��+string ${aws_subnet.elasticache.*.id}elasticache_subnets_cidr_blocks*List of cidr_blocks of elasticache subnets��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����7��3string (&${aws_subnet.elasticache.*.cidr_block}elasticache_subnet_groupID of elasticache subnet group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� e�valuestring PN${element(concat(aws_elasticache_subnet_group.elasticache.*.id, list("")), 0)}public_route_table_ids"List of IDs of public route tables��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����/��+string ${aws_route_table.public.*.id}private_route_table_ids#List of IDs of private route tables��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����0��,string !${aws_route_table.private.*.id}nat_ids@List of allocation ID of Elastic IPs created for AWS NAT Gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����$�� string ${aws_eip.nat.*.id}nat_public_ips6List of public Elastic IPs created for AWS NAT Gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����+��'string ${aws_eip.nat.*.public_ip} natgw_idsList of NAT Gateway IDs��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����-��)string ${aws_nat_gateway.this.*.id}igw_idThe ID of the Internet Gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� V�valuestring A?${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}vpc_endpoint_s3_idThe ID of VPC endpoint for S3��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� P�valuestring ;9${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}vpc_endpoint_s3_pl_id(The prefix list for the S3 VPC endpoint.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� \�valuestring GE${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}vpc_endpoint_dynamodb_id#The ID of VPC endpoint for DynamoDB��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� V�valuestring A?${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}vgw_idThe ID of the VPN Gateway��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Q�valuestring <:${element(concat(aws_vpn_gateway.this.*.id, list("")), 0)}vpc_endpoint_dynamodb_pl_id.The prefix list for the DynamoDB VPC endpoint.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� b�valuestring MK${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}vpcvpceks��;B��treeGob��Config��Children��Name Path������Config�� Dir  Terraform��Atlas��Modules��ProviderConfigs�� Resources�� Variables��Locals��Outputs��8�� Terraform��RequiredVersion Backend��6��Backend��Type  RawConfig��Hash
����'��map[string]interface {}��  �������� <�� AtlasConfig��Name Include��Exclude����[]string�� ��[]*config.Module����J����Name Source Version  Providers�� RawConfig��!��map[string]string��  '��[]*config.ProviderConfig����:����Name Alias Version  RawConfig��!��[]*config.Resource���������� ModeName Type RawCount�� RawConfig�� Provisioners��Provider  DependsOn�� Lifecycle��$��[]*config.Provisioner����I����Type  RawConfig��ConnInfo��When OnFailure]��ResourceLifecycle��CreateBeforeDestroyPreventDestroy
IgnoreChanges��!��[]*config.Variable����B����Name  DeclaredType Default Description ��[]*config.Local����$����Name  RawConfig����[]*config.Output����Q����Name  DependsOn�� Description  Sensitive RawConfig��(��map[string]*module.Tree�� ��
�����j6��v/home/habanero/opengov/terraform-aws-eks/examples/eks_test_fixture/.terraform/modules/6bf75b6abd39a12c43aa0cd7ef9b2257'currentaws_caller_identityu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1\,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �worker_role_arns
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.worker_group_count}�v,�� gobRawConfig�Key Raw��'��map[string]interface {}�� x�templatestring 53${file("${path.module}/templates/worker-role.tpl")}vars[]map[string]interface {}������������worker_role_arnstring ����arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${element(aws_iam_instance_profile.workers.*.role, count.index)}config_map_aws_auth
template_fileu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�),�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���templatestring B@${file("${path.module}/templates/config-map-aws-auth.yaml.tpl")}vars[]map[string]interface {}�������J���D map_rolesstring 64${join("", data.template_file.map_roles.*.rendered)} map_accountsstring 97${join("", data.template_file.map_accounts.*.rendered)}worker_role_arnstring GE${join("", distinct(data.template_file.worker_role_arns.*.rendered))} map_usersstring 64${join("", data.template_file.map_users.*.rendered)} map_users
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 4�countcountstring ${var.map_users_count}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���templatestring LJ${file("${path.module}/templates/config-map-aws-auth-map_users.yaml.tpl")}vars[]map[string]interface {}������������user_arnstring 31${lookup(var.map_users[count.index], "user_arn")}usernamestring 31${lookup(var.map_users[count.index], "username")}groupstring 0.${lookup(var.map_users[count.index], "group")} map_roles
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 4�countcountstring ${var.map_roles_count}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���templatestring LJ${file("${path.module}/templates/config-map-aws-auth-map_roles.yaml.tpl")}vars[]map[string]interface {}������������role_arnstring 31${lookup(var.map_roles[count.index], "role_arn")}usernamestring 31${lookup(var.map_roles[count.index], "username")}groupstring 0.${lookup(var.map_roles[count.index], "group")} map_accounts
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 9�countcountstring ${length(var.map_accounts)}�4,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���templatestring OM${file("${path.module}/templates/config-map-aws-auth-map_accounts.yaml.tpl")}vars[]map[string]interface {}������J��Faccount_numberstring +)${element(var.map_accounts, count.index)}config_map_aws_auth
local_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� <�countcountstring ${var.manage_aws_auth ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���filenamestring GE${var.config_output_path}config-map-aws-auth_${var.cluster_name}.yamlcontentstring 42${data.template_file.config_map_aws_auth.rendered}update_config_map_aws_auth
null_resource��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� <�countcountstring ${var.manage_aws_auth ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 5�triggers[]map[string]interface {}������X��Tconfig_map_renderedstring 42${data.template_file.config_map_aws_auth.rendered}
local-exec�<,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���commandstring ����for i in {1..5}; do kubectl apply -f ${var.config_output_path}config-map-aws-auth_${var.cluster_name}.yaml --kubeconfig ${var.config_output_path}kubeconfig_${var.cluster_name} && break || sleep 10; doneZ,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �aws_eks_cluster.thisthisaws_eks_clusteru,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�2,�� gobRawConfig�Key Raw��'��map[string]interface {}�� `�versionstring ${var.cluster_version}
vpc_config[]map[string]interface {}�������y��1security_group_ids[]interface {}����j��/string $"${local.cluster_security_group_id}
subnet_ids[]interface {}��string ${var.subnets}timeouts[]map[string]interface {}��acreatestring ${var.cluster_create_timeout}deletestring ${var.cluster_delete_timeout}namestring ${var.cluster_name}role_arnstring ${aws_iam_role.cluster.arn}=aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy=aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicyclusteraws_security_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� L�countcountstring 0.${var.cluster_security_group_id == "" ? 1 : 0}�-,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� name_prefixstring ${var.cluster_name} descriptionstring EKS cluster security group.vpc_idstring 
${var.vpc_id}tagsstring GE${merge(var.tags, map("Name", "${var.cluster_name}-eks_cluster_sg"))}cluster_egress_internetaws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� L�countcountstring 0.${var.cluster_security_group_id == "" ? 1 : 0}�l,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� descriptionstring .,Allow cluster egress access to the Internet.protocolstring -1security_group_idstring " ${aws_security_group.cluster.id} cidr_blocks[]interface {}����R��string 0.0.0.0/0 from_portintto_portinttypestring egresscluster_https_worker_ingressaws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� L�countcountstring 0.${var.cluster_security_group_id == "" ? 1 : 0}�~,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �&�security_group_idstring " ${aws_security_group.cluster.id}source_security_group_idstring #!${local.worker_security_group_id} from_portint�vto_portint�vtypestring ingress descriptionstring 53Allow pods to communicate with the EKS cluster API.protocolstring tcpcluster aws_iam_roleu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� name_prefixstring ${var.cluster_name}assume_role_policystring A?${data.aws_iam_policy_document.cluster_assume_role_policy.json}force_detach_policiesboolcluster_AmazonEKSClusterPolicyaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� v�
policy_arnstring 0.arn:aws:iam::aws:policy/AmazonEKSClusterPolicyrolestring ${aws_iam_role.cluster.name}cluster_AmazonEKSServicePolicyaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� v�rolestring ${aws_iam_role.cluster.name}
policy_arnstring 0.arn:aws:iam::aws:policy/AmazonEKSServicePolicycurrent
aws_regionu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1\,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �workers_assume_role_policyaws_iam_policy_documentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�x,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 6� statement[]map[string]interface {}����������Hsidstring EKSWorkerAssumeRoleactions[]interface {}��������string sts:AssumeRole
principals[]map[string]interface {}��Vtypestring Service identifiers[]interface {}��string ec2.amazonaws.com
eks_workeraws_amiu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�1,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 3�filter[]map[string]interface {}����������9namestring namevalues[]interface {}����!��string amazon-eks-node-* most_recentboolowners[]interface {}��string  602401143452cluster_assume_role_policyaws_iam_policy_documentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�y,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 6� statement[]map[string]interface {}����������Isidstring EKSClusterAssumeRoleactions[]interface {}��������string sts:AssumeRole
principals[]map[string]interface {}��Vtypestring Service identifiers[]interface {}��string eks.amazonaws.com
kubeconfig
template_fileu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� w�templatestring 42${file("${path.module}/templates/kubeconfig.tpl")}vars[]map[string]interface {}�����������cluster_auth_base64string 64${aws_eks_cluster.this.certificate_authority.0.data}aws_authenticator_commandstring -+${var.kubeconfig_aws_authenticator_command}aws_authenticator_command_argsstring ���${length(var.kubeconfig_aws_authenticator_command_args) > 0 ? " - ${join("\n - ", var.kubeconfig_aws_authenticator_command_args)}" : " - ${join("\n - ", formatlist("\"%s\"", list("token", "-i", aws_eks_cluster.this.name)))}"}!aws_authenticator_additional_argsstring ����${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? " - ${join("\n - ", var.kubeconfig_aws_authenticator_additional_args)}" : ""}aws_authenticator_env_variablesstring ����${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? " env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}kubeconfig_namestring ${local.kubeconfig_name}endpointstring " ${aws_eks_cluster.this.endpoint}regionstring !${data.aws_region.current.name}aws_authenticator_env_variables
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� W�countcountstring ;9${length(var.kubeconfig_aws_authenticator_env_variables)}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 1�vars[]map[string]interface {}������� ����valuestring QO${element(values(var.kubeconfig_aws_authenticator_env_variables), count.index)}keystring OM${element(keys(var.kubeconfig_aws_authenticator_env_variables), count.index)}templatestring 53 - name: $${key}
value: $${value}
userdata
template_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.worker_group_count}�9,�� gobRawConfig�Key Raw��'��map[string]interface {}�� x�templatestring 53${file("${path.module}/templates/userdata.sh.tpl")}vars[]map[string]interface {}�������h���bkubelet_extra_argsstring us${lookup(var.worker_groups[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])} cluster_namestring ${aws_eks_cluster.this.name}endpointstring " ${aws_eks_cluster.this.endpoint}cluster_auth_base64string 64${aws_eks_cluster.this.certificate_authority.0.data} pre_userdatastring ig${lookup(var.worker_groups[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}additional_userdatastring wu${lookup(var.worker_groups[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}
kubeconfig
local_file��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�countcountstring !${var.write_kubeconfig ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���contentstring +)${data.template_file.kubeconfig.rendered}filenamestring 97${var.config_output_path}kubeconfig_${var.cluster_name}worker_autoscalingaws_iam_policy_documentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 6� statement[]map[string]interface {}����������csidstring eksWorkerAutoscalingAlleffectstring Allowactions[]interface {}����������string '%autoscaling:DescribeAutoScalingGroupsstring *(autoscaling:DescribeAutoScalingInstancesstring *(autoscaling:DescribeLaunchConfigurationsstring autoscaling:DescribeTagsstring autoscaling:GetAsgForInstance resources[]interface {}��string *sidstring eksWorkerAutoscalingOwneffectstring Allowactions[]interface {}����string autoscaling:SetDesiredCapacitystring 1/autoscaling:TerminateInstanceInAutoScalingGroupstring $"autoscaling:UpdateAutoScalingGroup resources[]interface {}��string * condition[]map[string]interface {}���<teststring  StringEqualsvariablestring LJautoscaling:ResourceTag/kubernetes.io/cluster/${aws_eks_cluster.this.name}values[]interface {}��string ownedteststring  StringEqualsvariablestring ;9autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabledvalues[]interface {}��string trueworkersaws_autoscaling_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.worker_group_count}�,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���
desired_capacitystring yw${lookup(var.worker_groups[count.index], "asg_desired_capacity", local.workers_group_defaults["asg_desired_capacity"])}max_sizestring ig${lookup(var.worker_groups[count.index], "asg_max_size", local.workers_group_defaults["asg_max_size"])}min_sizestring ig${lookup(var.worker_groups[count.index], "asg_min_size", local.workers_group_defaults["asg_min_size"])}target_group_arns[]interface {}����������string ����${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "target_group_arns", ""), local.workers_group_defaults["target_group_arns"])))}launch_configurationstring @>${element(aws_launch_configuration.workers.*.id, count.index)}vpc_zone_identifier[]interface {}����string yw${split(",", coalesce(lookup(var.worker_groups[count.index], "subnets", ""), local.workers_group_defaults["subnets"]))}suspended_processes[]interface {}����string ����${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "suspended_processes", ""), local.workers_group_defaults["suspended_processes"])))}tags[]interface {}���Tstring �G�C${concat(
list(
map("key", "Name", "value", "${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}-eks_asg", "propagate_at_launch", true),
map("key", "kubernetes.io/cluster/${aws_eks_cluster.this.name}", "value", "owned", "propagate_at_launch", true),
map("key", "k8s.io/cluster-autoscaler/${lookup(var.worker_groups[count.index], "autoscaling_enabled", local.workers_group_defaults["autoscaling_enabled"]) == 1 ? "enabled" : "disabled" }", "value", "true", "propagate_at_launch", false)
),
local.asg_tags)
} name_prefixstring ][${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}protect_from_scale_instring {y${lookup(var.worker_groups[count.index], "protect_from_scale_in", local.workers_group_defaults["protect_from_scale_in"])}desired_capacityworkersaws_launch_configuration��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.worker_group_count}� ,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���
key_namestring a_${lookup(var.worker_groups[count.index], "key_name", local.workers_group_defaults["key_name"])}
ebs_optimizedstring ����${lookup(var.worker_groups[count.index], "ebs_optimized", lookup(local.ebs_optimized, lookup(var.worker_groups[count.index], "instance_type", local.workers_group_defaults["instance_type"]), false))}enable_monitoringstring sq${lookup(var.worker_groups[count.index], "enable_monitoring", local.workers_group_defaults["enable_monitoring"])}placement_tenancystring sq${lookup(var.worker_groups[count.index], "placement_tenancy", local.workers_group_defaults["placement_tenancy"])}
instance_typestring ki${lookup(var.worker_groups[count.index], "instance_type", local.workers_group_defaults["instance_type"])}user_data_base64string OM${base64encode(element(data.template_file.userdata.*.rendered, count.index))}root_block_device[]map[string]interface {}������������ volume_typestring qo${lookup(var.worker_groups[count.index], "root_volume_type", local.workers_group_defaults["root_volume_type"])}iopsstring ca${lookup(var.worker_groups[count.index], "root_iops", local.workers_group_defaults["root_iops"])}delete_on_terminationbool volume_sizestring qo${lookup(var.worker_groups[count.index], "root_volume_size", local.workers_group_defaults["root_volume_size"])}image_idstring ][${lookup(var.worker_groups[count.index], "ami_id", local.workers_group_defaults["ami_id"])}associate_public_ip_addressstring ca${lookup(var.worker_groups[count.index], "public_ip", local.workers_group_defaults["public_ip"])}security_groups[]interface {}�����\���
string #!${local.worker_security_group_id}string -+${var.worker_additional_security_group_ids}string ����${compact(split(",",lookup(var.worker_groups[count.index],"additional_security_group_ids", local.workers_group_defaults["additional_security_group_ids"])))}iam_instance_profilestring @>${element(aws_iam_instance_profile.workers.*.id, count.index)}
spot_pricestring ec${lookup(var.worker_groups[count.index], "spot_price", local.workers_group_defaults["spot_price"])} name_prefixstring ][${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}workersaws_security_group��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�countcountstring /-${var.worker_security_group_id == "" ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �<� name_prefixstring ${aws_eks_cluster.this.name} descriptionstring .,Security group for all nodes in the cluster.vpc_idstring 
${var.vpc_id}tagsstring ����${merge(var.tags, map("Name", "${aws_eks_cluster.this.name}-eks_worker_sg", "kubernetes.io/cluster/${aws_eks_cluster.this.name}", "owned"
))}workers_egress_internetaws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�countcountstring /-${var.worker_security_group_id == "" ? 1 : 0}�g,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���to_portinttypestring egress descriptionstring )'Allow nodes all egress to the Internet.protocolstring -1security_group_idstring " ${aws_security_group.workers.id} cidr_blocks[]interface {}����,��string 0.0.0.0/0 from_portintworkers_ingress_selfaws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�countcountstring /-${var.worker_security_group_id == "" ? 1 : 0}�r,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �� from_portintto_portint���typestring ingress descriptionstring ,*Allow node to communicate with each other.protocolstring -1security_group_idstring " ${aws_security_group.workers.id}source_security_group_idstring " ${aws_security_group.workers.id}workers_ingress_clusteraws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�countcountstring /-${var.worker_security_group_id == "" ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �p� descriptionstring ZXAllow workers Kubelets and pods to receive communication from the cluster control plane.protocolstring tcpsecurity_group_idstring " ${aws_security_group.workers.id}source_security_group_idstring $"${local.cluster_security_group_id} from_portstring $"${var.worker_sg_ingress_from_port}to_portint���typestring ingressworkers_ingress_cluster_httpsaws_security_group_rule��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�countcountstring /-${var.worker_security_group_id == "" ? 1 : 0}��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �]�typestring ingress descriptionstring kiAllow pods running extension API servers on port 443 to receive communication from cluster control plane.protocolstring tcpsecurity_group_idstring " ${aws_security_group.workers.id}source_security_group_idstring $"${local.cluster_security_group_id} from_portint�vto_portint�vworkers aws_iam_roleu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1� ,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ��� name_prefixstring ${aws_eks_cluster.this.name}assume_role_policystring A?${data.aws_iam_policy_document.workers_assume_role_policy.json}force_detach_policiesboolworkersaws_iam_instance_profile��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${var.worker_group_count}�,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���rolestring pn${lookup(var.worker_groups[count.index], "iam_role_id", lookup(local.workers_group_defaults, "iam_role_id"))} name_prefixstring ${aws_eks_cluster.this.name}!workers_AmazonEKSWorkerNodePolicyaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� y�
policy_arnstring 31arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicyrolestring ${aws_iam_role.workers.name}workers_AmazonEKS_CNI_Policyaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� t�
policy_arnstring .,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policyrolestring ${aws_iam_role.workers.name}*workers_AmazonEC2ContainerRegistryReadOnlyaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���
policy_arnstring <:arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnlyrolestring ${aws_iam_role.workers.name}tags_as_list_of_maps
null_resource��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�countcountstring ${length(keys(var.tags))}�(,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 5�triggers[]map[string]interface {}������������keystring )'${element(keys(var.tags), count.index)}valuestring +)${element(values(var.tags), count.index)}propagate_at_launchstring trueworkers_autoscalingaws_iam_role_policy_attachmentu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� p�rolestring ${aws_iam_role.workers.name}
policy_arnstring *(${aws_iam_policy.worker_autoscaling.arn}worker_autoscalingaws_iam_policyu,�� gobRawConfig�Key Raw��'��map[string]interface {}�� �countcountstring 1�R,�� gobRawConfig�Key Raw��'��map[string]interface {}�� ���policystring 97${data.aws_iam_policy_document.worker_autoscaling.json} name_prefixstring 53eks-worker-autoscaling-${aws_eks_cluster.this.name} descriptionstring MKEKS worker node autoscaling policy for cluster ${aws_eks_cluster.this.name} cluster_nameMName of the EKS cluster. Also used as a prefix in names of related resources.cluster_security_group_idstring ��If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32.cluster_versionstring 1.10.Kubernetes version to use for the EKS cluster.config_output_pathstring ./iWhere to save the Kubectl config file (if `write_kubeconfig = true`). Should end in a forward slash `/` .write_kubeconfigstring 1kWhether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`.manage_aws_authstring 17Whether to write and apply the aws-auth configmap file. map_accountslist[]interface {}�����(g��Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. map_roleslist[]interface {}��uAdditional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format.map_roles_countstringstring 0)The count of roles in the map_roles list. map_userslist[]interface {}��uAdditional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format.map_users_countstringstring 0)The count of roles in the map_users list.subnetslist>A list of subnets to place the EKS cluster and workers within.tagsmapmap[string]interface {}��&A map of tags to add to all resources.vpc_id3VPC where the cluster and workers will be deployed.
worker_groupslist[]interface {}��6map[string]interface {}��namestring default_A list of maps defining worker group configurations. See workers_group_defaults for valid keys.worker_group_countstringstring 1;The number of maps contained within the worker_groups list.workers_group_defaultsmapmap[string]interface {}��kOverride default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys.worker_security_group_idstring ��If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster.$worker_additional_security_group_idslist[]interface {}��EA list of additional security group ids to attach to worker instancesworker_sg_ingress_from_portstring 1025��Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443).$kubeconfig_aws_authenticator_commandstring aws-iam-authenticator/Command to use to to fetch AWS EKS credentials.)kubeconfig_aws_authenticator_command_argslist[]interface {}��\Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name].,kubeconfig_aws_authenticator_additional_argslist[]interface {}��kAny additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"].*kubeconfig_aws_authenticator_env_variablesmapmap[string]interface {}��hEnvironment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}.kubeconfig_namestring 4Override the default name used for items kubeconfig.cluster_create_timeoutstring 15m,Timeout value when creating the EKS cluster.cluster_delete_timeoutstring 15m,Timeout value when deleting the EKS cluster.asg_tags��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� &�value[]interface {}����A��=string 20${null_resource.tags_as_list_of_maps.*.triggers}cluster_security_group_id��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� l�valuestring WU${coalesce(join("", aws_security_group.cluster.*.id), var.cluster_security_group_id)}worker_security_group_id��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� k�valuestring VT${coalesce(join("", aws_security_group.workers.*.id), var.worker_security_group_id)}default_iam_role_id��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� Q�valuestring <:${element(concat(aws_iam_role.workers.*.id, list("")), 0)}kubeconfig_name��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� e�valuestring PN${var.kubeconfig_name == "" ? "eks_${var.cluster_name}" : var.kubeconfig_name}workers_group_defaults_defaults��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 2�value[]map[string]interface {}������������target_group_arnsstring  asg_max_sizestring 3root_volume_typestring gp2subnetsstring ${join(",", var.subnets)}suspended_processesstring  pre_userdatastring additional_userdatastring 
ebs_optimizedboolenable_monitoringbool asg_min_sizestring 1
spot_pricestring root_volume_sizestring 100 root_iopsstring 0 public_ipboolautoscaling_enabledboolprotect_from_scale_inbool iam_role_idstring ${local.default_iam_role_id}kubelet_extra_argsstring additional_security_group_idsstring namestring
count.indexami_idstring ${data.aws_ami.eks_worker.id}asg_desired_capacitystring 1
instance_typestring
m4.largeplacement_tenancystring key_namestring workers_group_defaults��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� b�valuestring MK${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}
ebs_optimized�
,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 2�value[]map[string]interface {}������� ���� }{c4.largebool
r3.4xlargebool
g3.4xlargebool g3.16xlargebool
i2.8xlargebool t2.xlargeboolt3.microbool c1.xlargebool
m3.2xlargebool p2.16xlargeboolt3.smallbool c5d.4xlargebool
f1.2xlargebool
f1.4xlargebool m2.xlargebool m5d.largebool
m5d.xlargebool
p2.8xlargeboolr4.largebool r4.xlargeboolt2.nanobool c4.xlargebool
d2.4xlargebool p3.16xlargebool x1e.2xlargeboolc3.largebool
c5.4xlargebool
d2.8xlargebool i3.xlargebool
i3.2xlargebool
r4.2xlargebool r4.16xlargebool
g2.8xlargebool
c3.8xlargebool
c5.2xlargebooli3.metalbool
c3.2xlargebool c5d.18xlargebool
p3.8xlargebool
r4.8xlargebool
c4.4xlargebool
c5d.xlargebool i2.xlargebool i3.16xlargebool r3.xlargebool
r3.8xlargebool
h1.2xlargeboolt2.microbool
x1e.xlargebool
i2.4xlargebool m4.16xlargebool x1e.16xlargeboolt1.microbool t2.mediumbool
m2.4xlargebool cc2.8xlargebool
i3.4xlargebool m5.xlargebool
m5.2xlargebool x1.16xlargebool
c5.9xlargebool m1.xlargebool
m2.2xlargebool m3.mediumbool c1.mediumboolm1.largebool m4.xlargebool
m4.4xlargebool m5d.4xlargebool x1e.4xlargebool c5.xlargebool f1.16xlargebool
g2.2xlargebool
m5.4xlargeboolt2.largebool x1e.32xlargebool c5.18xlargebool
h1.4xlargeboolm3.largebool m3.xlargebool
h1.8xlargeboolm4.largebool
t2.2xlargebool m4.10xlargebool c3.xlargebool
c4.8xlargebool m1.mediumboolm5.largebool
r3.2xlargebool x1.32xlargebool x1e.8xlargebool
m4.2xlargebool
m5.9xlargebool m5d.12xlargebool m5d.24xlargebool
t3.2xlargebool m5.18xlargebool m5d.2xlargebool p2.xlargeboolt2.smallbool t3.xlargebool
c3.4xlargebool
i3.8xlargeboolt3.nanoboolt3.largebool hs1.8xlargebooli3.largebool c5d.2xlargebool h1.16xlargebool
p3.2xlargebool t3.mediumbool
c4.2xlargebool c5d.9xlargebool cr1.8xlargebool
i2.2xlargeboolc5.largebool
g3.8xlargebool
r4.4xlargebool c5d.largebool d2.xlargebool
d2.2xlargeboolm1.smallboolr3.largebool 
cluster_idThe name/id of the EKS cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 1�valuestring ${aws_eks_cluster.this.id}"cluster_certificate_authority_data��Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� K�valuestring 64${aws_eks_cluster.this.certificate_authority.0.data}cluster_endpoint)The endpoint for your EKS Kubernetes API.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 7�valuestring " ${aws_eks_cluster.this.endpoint}cluster_version2The Kubernetes server version for the EKS cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 6�valuestring !${aws_eks_cluster.this.version}cluster_security_group_id.Security group ID attached to the EKS cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 9�valuestring $"${local.cluster_security_group_id}config_map_aws_auth?A kubernetes configuration to authenticate to this EKS cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� I�valuestring 42${data.template_file.config_map_aws_auth.rendered}
kubeconfig2kubectl config file contents for this EKS cluster.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� @�valuestring +)${data.template_file.kubeconfig.rendered}workers_asg_arns1IDs of the autoscaling groups containing workers.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� =�valuestring (&${aws_autoscaling_group.workers.*.arn}workers_asg_names3Names of the autoscaling groups containing workers.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� <�valuestring '%${aws_autoscaling_group.workers.*.id}worker_security_group_id.Security group ID attached to the EKS workers.��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 8�valuestring #!${local.worker_security_group_id}worker_iam_role_name+default IAM role name for EKS worker groups��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 3�valuestring ${aws_iam_role.workers.name}worker_iam_role_arn*default IAM role ARN for EKS worker groups��,�� gobRawConfig�Key Raw��'��map[string]interface {}�� 2�valuestring ${aws_iam_role.workers.arn}ekseks0.11.10$b2f54da3-04ae-5524-6605-44113eaf0c3croot
worker_groupsstring &$74D93920-ED26-11E3-AC10-0800200C9A66tags[]map[string]interface {}�������"����� Environmentstring test
GithubRepostring terraform-aws-eks GithubOrgstring terraform-aws-modules Workspacestring default cluster_namestring &$74D93920-ED26-11E3-AC10-0800200C9A66regionstringstring us-west-2%data.aws_availability_zones.availableaws_availability_zones'2018-12-07 03:20:54.742319816 +0000 UTC names.2
us-west-2cnames.#3
zone_ids.0usw2-az2
zone_ids.#3
zone_ids.2usw2-az3
zone_ids.1usw2-az1names.0
us-west-2anames.1
us-west-2bid'2018-12-07 03:20:54.742319816 +0000 UTC provider.awsrooteksdefault_iam_role_idstring &$74D93920-ED26-11E3-AC10-0800200C9A66workers_group_defaults_defaultsstring &$74D93920-ED26-11E3-AC10-0800200C9A66workers_group_defaultsstring &$74D93920-ED26-11E3-AC10-0800200C9A66
ebs_optimized[]map[string]interface {}��� }{ r4.xlargebool
h1.8xlargebool h1.16xlargebool m4.10xlargebool
c4.4xlargebooli3.largeboolt3.nanobool x1e.32xlargebool
c4.8xlargebool
r3.2xlargebool p2.xlargebool
r4.4xlargebool
r3.8xlargebool
i3.4xlargebool
m2.2xlargebool c5d.4xlargebool
i2.2xlargebool p2.16xlargebool
c4.2xlargebool
h1.2xlargebool
m5d.xlargebool
c5.4xlargebool i3.xlargebool
m5.4xlargebool hs1.8xlargeboolt2.microbool t2.mediumboolt3.smallbool c5d.9xlargebool
x1e.xlargebool c1.xlargebool x1e.2xlargebool r3.xlargebool
t3.2xlargebool
p3.2xlargebool c5d.18xlargebool m4.xlargebool
m5.9xlargebool
p3.8xlargebool
r4.8xlargeboolm1.largebool c5d.2xlargebool r4.16xlargebool i3.16xlargeboolc4.largebool m5d.largebool t3.xlargebool c5d.largebool
f1.4xlargeboolr4.largebool
r4.2xlargebool
g2.8xlargebool
i2.4xlargebool x1.16xlargebool
c3.8xlargebooli3.metalbool
d2.8xlargebool
c5d.xlargebool g3.16xlargeboolc3.largebool
g2.2xlargeboolm3.largebool x1e.16xlargebool c5.xlargebool m5.18xlargeboolt2.smallboolt2.nanobool
d2.4xlargebool m1.xlargebool
m4.4xlargebool
i3.8xlargeboolr3.largebool m5.xlargebool
h1.4xlargeboolc5.largeboolt3.microbool
c5.2xlargebool m3.mediumbool
m4.2xlargeboolm1.smallbool
m3.2xlargeboolt2.largebool c5.18xlargebool c3.xlargebool m5d.2xlargebool
r3.4xlargebool
f1.2xlargebool c1.mediumbool m5d.4xlargebool m2.xlargebool c4.xlargebool
c3.2xlargebool m5d.12xlargebool cr1.8xlargebool
m2.4xlargeboolm4.largebool x1e.4xlargebool m3.xlargebool m1.mediumboolt3.largebool
g3.4xlargebool p3.16xlargeboolt1.microbool cc2.8xlargebool i2.xlargebool
c3.4xlargebool t2.xlargebool
m5.2xlargebool x1.32xlargebool
d2.2xlargebool
i3.2xlargebool m4.16xlargeboolm5.largebool
t2.2xlargebool t3.mediumbool d2.xlargebool
i2.8xlargebool
p2.8xlargebool
c5.9xlargebool x1e.8xlargebool m5d.24xlargebool f1.16xlargebool
g3.8xlargeboolasg_tagsstring &$74D93920-ED26-11E3-AC10-0800200C9A66kubeconfig_namestring &$74D93920-ED26-11E3-AC10-0800200C9A66cluster_security_group_idstring &$74D93920-ED26-11E3-AC10-0800200C9A66worker_security_group_idstring &$74D93920-ED26-11E3-AC10-0800200C9A66 7data.aws_iam_policy_document.cluster_assume_role_policyaws_iam_policy_document
2764486067/statement.0.principals.2705940588.identifiers.#1&statement.0.principals.2705940588.typeServicestatement.0.actions.#1statement.0.condition.#0statement.0.resources.#0statement.0.actions.2528466339sts:AssumeRolejson��{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSClusterAssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "eks.amazonaws.com"
}
}
]
}statement.0.not_principals.#0statement.0.not_actions.#0 statement.#1statement.0.effectAllowversion
2012-10-178statement.0.principals.2705940588.identifiers.3220076542eks.amazonaws.comstatement.0.sidEKSClusterAssumeRolestatement.0.not_resources.#0statement.0.principals.#1id
2764486067 provider.awsdata.aws_region.current
aws_region us-west-2currenttrueid us-west-2endpointec2.us-west-2.amazonaws.com descriptionUS West (Oregon)name us-west-2 provider.aws!data.template_file.map_accounts.0
template_file@226a3b583da00941b3138e820d4ef8b6371ccdbf0d00fb4a1b05d99638e81c27rendered - "777777777777"
id@226a3b583da00941b3138e820d4ef8b6371ccdbf0d00fb4a1b05d99638e81c27template - "${account_number}"
vars.account_number 777777777777vars.%1provider.templatedata.template_file.map_users
template_file@ece00a9c0d194c657f4e6113c0e770a6ec4dec1a92af8d9d14a52ac8797dad9fvars.%3id@ece00a9c0d194c657f4e6113c0e770a6ec4dec1a92af8d9d14a52ac8797dad9frenderedp - userarn: arn:aws:iam::66666666666:user/user1
username: user1
groups:
- system:masters
templateX - userarn: ${user_arn}
username: ${username}
groups:
- ${group}
vars.groupsystem:masters
vars.user_arn#arn:aws:iam::66666666666:user/user1
vars.usernameuser1provider.template data.aws_caller_identity.currentaws_caller_identity'2018-12-07 03:20:55.065784979 +0000 UTCid'2018-12-07 03:20:55.065784979 +0000 UTC
account_id 774331681746arnOarn:aws:sts::774331681746:assumed-role/Okta-Admin-Access/drodriguez@opengov.comuser_id,AROAJIYDYTIAC6EUMYOC4:drodriguez@opengov.com provider.aws7data.aws_iam_policy_document.workers_assume_role_policyaws_iam_policy_document
3778018924json��{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSWorkerAssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
]
}statement.0.principals.#1&statement.0.principals.1134724139.typeService8statement.0.principals.1134724139.identifiers.3655884555ec2.amazonaws.comstatement.0.not_principals.#0statement.0.actions.#1statement.0.not_resources.#0statement.0.condition.#0/statement.0.principals.1134724139.identifiers.#1statement.0.sidEKSWorkerAssumeRole statement.#1statement.0.actions.2528466339sts:AssumeRolestatement.0.resources.#0statement.0.not_actions.#0version
2012-10-17id
3778018924statement.0.effectAllow provider.awsdata.aws_ami.eks_workeraws_amiami-0f54a2f7d2e9c88b3()block_device_mappings.3798922657.ebs.iops0sriov_net_supportsimplestate_reason.messageUNSET:block_device_mappings.3798922657.ebs.delete_on_terminationtrueimage_idami-0f54a2f7d2e9c88b3*block_device_mappings.3798922657.no_devicefilter.655774675.values.#10block_device_mappings.3798922657.ebs.snapshot_idsnap-0b0fcd300478c9b2cstate_reason.%2nameamazon-eks-node-v25-block_device_mappings.3798922657.virtual_nameblock_device_mappings.#1 architecturex86_64filter.655774675.namename&block_device_mappings.3798922657.ebs.%6filter.655774675.values.0amazon-eks-node-*
hypervisorxenroot_device_typeebs0block_device_mappings.3798922657.ebs.volume_size20owner_id 602401143452idami-0f54a2f7d2e9c88b3.block_device_mappings.3798922657.ebs.encryptedfalse,block_device_mappings.3798922657.device_name /dev/xvdaimage_location 602401143452/amazon-eks-node-v25virtualization_typehvmfilter.#1product_codes.#0tags.%0state available description1EKS Kubernetes Worker AMI with AmazonLinux2 imageowners.0 602401143452owners.#1state_reason.codeUNSET
image_typemachine
creation_date2018-10-23T20:47:02.000Zroot_snapshot_idsnap-0b0fcd300478c9b2cpublictrueroot_device_name /dev/xvda0block_device_mappings.3798922657.ebs.volume_typegp2 most_recenttrue provider.awsdata.template_file.map_roles
template_file@576bba8c362205541f183ea8c2333468cbfa4dd1df27a4a1cee60640194f1d60renderedp - rolearn: arn:aws:iam::66666666666:role/role1
username: role1
groups:
- system:masters
templateX - rolearn: ${role_arn}
username: ${username}
groups:
- ${group}
vars.role_arn#arn:aws:iam::66666666666:role/role1
vars.usernamerole1
vars.groupsystem:mastersvars.%3id@576bba8c362205541f183ea8c2333468cbfa4dd1df27a4a1cee60640194f1d60provider.template!data.template_file.map_accounts.1
template_file@22743cdf39aa189592908e24cec07150461b9178b7c2f2f6d8f8db26e3c2da6frendered - "888888888888"
template - "${account_number}"
id@22743cdf39aa189592908e24cec07150461b9178b7c2f2f6d8f8db26e3c2da6fvars.account_number 888888888888vars.%1provider.templaterootvpcnat_gateway_ipsstring &$74D93920-ED26-11E3-AC10-0800200C9A66database_subnets_cidr_blockslist[]interface {}��������elasticache_subnets_cidr_blockslist[]interface {}��redshift_subnet_groupstringstring vpc_endpoint_dynamodb_idstringstring vpc_endpoint_s3_pl_idstringstring vpc_endpoint_dynamodb_pl_idstringstring elasticache_subnetslist[]interface {}��redshift_subnetslist[]interface {}��vgw_idstringstring redshift_subnets_cidr_blockslist[]interface {}��database_subnetslist[]interface {}��elasticache_subnet_groupstringstring database_subnet_groupstringstring vpc_endpoint_s3_idstringstring  map_roles[]interface {}����map[string]interface {}��qusernamestring role1groupstring system:mastersrole_arnstring %#arn:aws:iam::66666666666:role/role1map_roles_countstring 1 map_users[]interface {}���map[string]interface {}��quser_arnstring %#arn:aws:iam::66666666666:user/user1usernamestring user1groupstring system:mastersmap[string]interface {}��quser_arnstring %#arn:aws:iam::66666666666:user/user2usernamestring user2groupstring system:mastersmap_users_countstring 1regionstring us-west-2 map_accounts[]interface {}��0string  777777777777string  8888888888880.11.10null �\���9�CCNWR���8��5��/N�Q͂�random τ�Vg[��l�
��)�.���3�s���T�template ���s���!�ވX�b��[F<�J,��u�?�aws �.|(��zoo3Fܜ %F�:��\a*���local J�g��0e�CcHۗ�HB�~��elv[��
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment