Skip to content

Instantly share code, notes, and snippets.

@kerin

kerin/gist:f1208b2f62a3b7a80253359e79472531

Created August 26, 2021 10:25
Show Gist options
  • Save kerin/f1208b2f62a3b7a80253359e79472531 to your computer and use it in GitHub Desktop.
Save kerin/f1208b2f62a3b7a80253359e79472531 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
# module.vpc.aws_eip.nat[0]:
resource "aws_eip" "nat" {
domain = "vpc"
id = "eipalloc-0019409e6a452d71f"
network_border_group = "eu-west-1"
public_dns = "ec2-54-194-159-48.eu-west-1.compute.amazonaws.com"
public_ip = "54.194.159.48"
public_ipv4_pool = "amazon"
tags = {
"Name" = "eks-test-eu-west-1a"
}
tags_all = {
"Name" = "eks-test-eu-west-1a"
}
vpc = true
}
# module.vpc.aws_internet_gateway.this[0]:
resource "aws_internet_gateway" "this" {
arn = "arn:aws:ec2:eu-west-1:908197663318:internet-gateway/igw-0a339f61817e85fd6"
id = "igw-0a339f61817e85fd6"
owner_id = "908197663318"
tags = {
"Name" = "eks-test"
}
tags_all = {
"Name" = "eks-test"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_nat_gateway.this[0]:
resource "aws_nat_gateway" "this" {
allocation_id = "eipalloc-0019409e6a452d71f"
connectivity_type = "public"
id = "nat-0f8aff259c1ab771f"
network_interface_id = "eni-0167d446d2a7c0175"
private_ip = "10.0.101.176"
public_ip = "54.194.159.48"
subnet_id = "subnet-095e362cb1654c57d"
tags = {
"Name" = "eks-test-eu-west-1a"
}
tags_all = {
"Name" = "eks-test-eu-west-1a"
}
}
# module.vpc.aws_route.private_nat_gateway[0]:
resource "aws_route" "private_nat_gateway" {
destination_cidr_block = "0.0.0.0/0"
id = "r-rtb-0c69e6e9030cd1e751080289494"
nat_gateway_id = "nat-0f8aff259c1ab771f"
origin = "CreateRoute"
route_table_id = "rtb-0c69e6e9030cd1e75"
state = "active"
timeouts {
create = "5m"
}
}
# module.vpc.aws_route.public_internet_gateway[0]:
resource "aws_route" "public_internet_gateway" {
destination_cidr_block = "0.0.0.0/0"
gateway_id = "igw-0a339f61817e85fd6"
id = "r-rtb-081f4017c10b2d1e71080289494"
origin = "CreateRoute"
route_table_id = "rtb-081f4017c10b2d1e7"
state = "active"
timeouts {
create = "5m"
}
}
# module.vpc.aws_route_table.private[0]:
resource "aws_route_table" "private" {
arn = "arn:aws:ec2:eu-west-1:908197663318:route-table/rtb-0c69e6e9030cd1e75"
id = "rtb-0c69e6e9030cd1e75"
owner_id = "908197663318"
propagating_vgws = []
route = []
tags = {
"Name" = "eks-test-private"
}
tags_all = {
"Name" = "eks-test-private"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_route_table.public[0]:
resource "aws_route_table" "public" {
arn = "arn:aws:ec2:eu-west-1:908197663318:route-table/rtb-081f4017c10b2d1e7"
id = "rtb-081f4017c10b2d1e7"
owner_id = "908197663318"
propagating_vgws = []
route = []
tags = {
"Name" = "eks-test-public"
}
tags_all = {
"Name" = "eks-test-public"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_route_table_association.private[0]:
resource "aws_route_table_association" "private" {
id = "rtbassoc-0f47c7246703b7d60"
route_table_id = "rtb-0c69e6e9030cd1e75"
subnet_id = "subnet-0dc4d5c2198372b64"
}
# module.vpc.aws_route_table_association.private[1]:
resource "aws_route_table_association" "private" {
id = "rtbassoc-02a9d7f04a701e7e6"
route_table_id = "rtb-0c69e6e9030cd1e75"
subnet_id = "subnet-0f16df45eb1d05294"
}
# module.vpc.aws_route_table_association.private[2]:
resource "aws_route_table_association" "private" {
id = "rtbassoc-0603f98d47123155a"
route_table_id = "rtb-0c69e6e9030cd1e75"
subnet_id = "subnet-0106be880448dd046"
}
# module.vpc.aws_route_table_association.public[2]:
resource "aws_route_table_association" "public" {
id = "rtbassoc-009befc57fc36de04"
route_table_id = "rtb-081f4017c10b2d1e7"
subnet_id = "subnet-0647cda3ecec7bcc0"
}
# module.vpc.aws_route_table_association.public[0]:
resource "aws_route_table_association" "public" {
id = "rtbassoc-0e7386035127840d6"
route_table_id = "rtb-081f4017c10b2d1e7"
subnet_id = "subnet-095e362cb1654c57d"
}
# module.vpc.aws_route_table_association.public[1]:
resource "aws_route_table_association" "public" {
id = "rtbassoc-01f1f4a1a6ee704ec"
route_table_id = "rtb-081f4017c10b2d1e7"
subnet_id = "subnet-0b34a7460e2079c57"
}
# module.vpc.aws_subnet.private[0]:
resource "aws_subnet" "private" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-0dc4d5c2198372b64"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1a"
availability_zone_id = "euw1-az2"
cidr_block = "10.0.1.0/24"
id = "subnet-0dc4d5c2198372b64"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = false
owner_id = "908197663318"
tags = {
"Name" = "eks-test-private-eu-west-1a"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
tags_all = {
"Name" = "eks-test-private-eu-west-1a"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_subnet.private[1]:
resource "aws_subnet" "private" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-0f16df45eb1d05294"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1b"
availability_zone_id = "euw1-az1"
cidr_block = "10.0.2.0/24"
id = "subnet-0f16df45eb1d05294"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = false
owner_id = "908197663318"
tags = {
"Name" = "eks-test-private-eu-west-1b"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
tags_all = {
"Name" = "eks-test-private-eu-west-1b"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_subnet.private[2]:
resource "aws_subnet" "private" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-0106be880448dd046"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1c"
availability_zone_id = "euw1-az3"
cidr_block = "10.0.3.0/24"
id = "subnet-0106be880448dd046"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = false
owner_id = "908197663318"
tags = {
"Name" = "eks-test-private-eu-west-1c"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
tags_all = {
"Name" = "eks-test-private-eu-west-1c"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_subnet.public[1]:
resource "aws_subnet" "public" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-0b34a7460e2079c57"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1b"
availability_zone_id = "euw1-az1"
cidr_block = "10.0.102.0/24"
id = "subnet-0b34a7460e2079c57"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = true
owner_id = "908197663318"
tags = {
"Name" = "eks-test-public-eu-west-1b"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
tags_all = {
"Name" = "eks-test-public-eu-west-1b"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_subnet.public[2]:
resource "aws_subnet" "public" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-0647cda3ecec7bcc0"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1c"
availability_zone_id = "euw1-az3"
cidr_block = "10.0.103.0/24"
id = "subnet-0647cda3ecec7bcc0"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = true
owner_id = "908197663318"
tags = {
"Name" = "eks-test-public-eu-west-1c"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
tags_all = {
"Name" = "eks-test-public-eu-west-1c"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_subnet.public[0]:
resource "aws_subnet" "public" {
arn = "arn:aws:ec2:eu-west-1:908197663318:subnet/subnet-095e362cb1654c57d"
assign_ipv6_address_on_creation = false
availability_zone = "eu-west-1a"
availability_zone_id = "euw1-az2"
cidr_block = "10.0.101.0/24"
id = "subnet-095e362cb1654c57d"
map_customer_owned_ip_on_launch = false
map_public_ip_on_launch = true
owner_id = "908197663318"
tags = {
"Name" = "eks-test-public-eu-west-1a"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
tags_all = {
"Name" = "eks-test-public-eu-west-1a"
"kubernetes.io/cluster/eks-test" = "shared"
"kubernetes.io/role/elb" = "1"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.vpc.aws_vpc.this[0]:
resource "aws_vpc" "this" {
arn = "arn:aws:ec2:eu-west-1:908197663318:vpc/vpc-0b47010594b87e398"
assign_generated_ipv6_cidr_block = false
cidr_block = "10.0.0.0/16"
default_network_acl_id = "acl-0c187822002680819"
default_route_table_id = "rtb-0575b772f12770c7b"
default_security_group_id = "sg-0d46e5a5f1b9cf5a7"
dhcp_options_id = "dopt-5eaea03b"
enable_classiclink = false
enable_classiclink_dns_support = false
enable_dns_hostnames = true
enable_dns_support = true
id = "vpc-0b47010594b87e398"
instance_tenancy = "default"
main_route_table_id = "rtb-0575b772f12770c7b"
owner_id = "908197663318"
tags = {
"Name" = "eks-test"
}
tags_all = {
"Name" = "eks-test"
}
}
# data.aws_availability_zones.current:
data "aws_availability_zones" "current" {
group_names = [
"eu-west-1",
]
id = "eu-west-1"
names = [
"eu-west-1a",
"eu-west-1b",
"eu-west-1c",
]
zone_ids = [
"euw1-az2",
"euw1-az1",
"euw1-az3",
]
}
# data.aws_eks_cluster.cluster:
data "aws_eks_cluster" "cluster" {
arn = "arn:aws:eks:eu-west-1:908197663318:cluster/eks-test"
certificate_authority = [
{
data = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EZ3lOakE1TkRRME0xb1hEVE14TURneU5EQTVORFEwTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNOCmtvTHFWMlljSTgvM3ovbjZjRUozOUx4aXQ2enlrdG40b05HQlArbENGM2xMVHdTcGxGTVcvU2JxOGFRTjU3bVkKRzVpMm9aeFlLRVFkN0xMWkl4aWJPWThic0x2amk1dWNYRms2dUlHbUIrV3dvbk1IMHlUa0VUQzVScnBKOUlRNwpubGNNamZ1NExhTVZMWEVqZi9HRUlTY3NtQXh1RVZuZytlZzJ6N0I4eDFyaUc4ZWpBQVc5Tm1mWFJnRXJuczBFCmYzd3NMVXZncmUwNllkaXhJeUE1K1kwa28xVzlvdnBRbWNIZVQwTnZXZkMzZHRqYWFXZU5MS3NveThwZE5pZ3AKTDF3a2xLajg4SlFtUDBqQ2lSYWNRSGFDZnRRU0pTV1drUG5JdVpYanZMUHpoMk9vaWkwQWZ2cmdTZkVndUlUaApiLytKdHhHcjJrTU0vVTV4enprQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZKNXlmNjJrdUVSemFZNkQzbDVJcjRRMER0TWJNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdkQrSHZZZjdRaldLcDBmeHl5aDZJRWp3QzlIRFhlampVTTB3SWRBdmhLRThNYisxRApQNkhkblQrQ09NNWxXQ0dQQnVQSno0V3dDNC8xOGN0dEJDaUM2ZTZkdDhKR0ZFM0RHRkJxTldnRloyUXFxZy9xCkFYSEJKZ2NIYVpjUE1xMURiOFh6MzcxZHNpRlJVWkh4ck1JWkpGZmRsV21vNWxHNGxadlljbFZ2ZzJ4OFAwWWoKNkl1VlVZWjF3L1A5REl3SkZFODBaT1d5dE9OY0M4QlVuQzlTWmRwaVh5aUZqMzNxVEl1Sy9RSzcwT1RlV1VuNQpiOW0wZlpHL01rYmVhY0txbnFqTnNqSUNvREQxS0VVRmFnY0V0a0g4UnMrQU9jN3RWdnhyM0JyV1h6RWNNTXdFCm1LVzlpaUlGeHd3YWpIRWVmcitpRXlpN05BbU9wallURnNuZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
},
]
created_at = "2021-08-26 09:38:20.558 +0000 UTC"
enabled_cluster_log_types = []
endpoint = "https://D17369FE68611E699E94CF7E0BCF0E11.sk1.eu-west-1.eks.amazonaws.com"
id = "eks-test"
identity = [
{
oidc = [
{
issuer = "https://oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
},
]
},
]
kubernetes_network_config = [
{
service_ipv4_cidr = "172.20.0.0/16"
},
]
name = "eks-test"
platform_version = "eks.2"
role_arn = "arn:aws:iam::908197663318:role/eks-test20210826093803983000000002"
status = "ACTIVE"
tags = {}
version = "1.21"
vpc_config = [
{
cluster_security_group_id = "sg-0b0db2cfa6af87466"
endpoint_private_access = false
endpoint_public_access = true
public_access_cidrs = [
"0.0.0.0/0",
]
security_group_ids = [
"sg-0804c37e8426788a9",
]
subnet_ids = [
"subnet-0106be880448dd046",
"subnet-0dc4d5c2198372b64",
"subnet-0f16df45eb1d05294",
]
vpc_id = "vpc-0b47010594b87e398"
},
]
}
# data.aws_eks_cluster_auth.cluster:
data "aws_eks_cluster_auth" "cluster" {
id = "eks-test"
name = "eks-test"
token = (sensitive value)
}
# module.cluster.aws_autoscaling_group.workers[0]:
resource "aws_autoscaling_group" "workers" {
arn = "arn:aws:autoscaling:eu-west-1:908197663318:autoScalingGroup:d636463a-96a0-4b35-8835-38d1f1854d7e:autoScalingGroupName/eks-test-02021082609493882990000000f"
availability_zones = [
"eu-west-1a",
"eu-west-1b",
"eu-west-1c",
]
capacity_rebalance = false
default_cooldown = 300
desired_capacity = 3
force_delete = false
force_delete_warm_pool = false
health_check_grace_period = 300
health_check_type = "EC2"
id = "eks-test-02021082609493882990000000f"
launch_configuration = "eks-test-02021082609492981710000000e"
max_instance_lifetime = 0
max_size = 3
metrics_granularity = "1Minute"
min_size = 3
name = "eks-test-02021082609493882990000000f"
name_prefix = "eks-test-0"
protect_from_scale_in = false
service_linked_role_arn = "arn:aws:iam::908197663318:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
suspended_processes = [
"AZRebalance",
]
termination_policies = []
vpc_zone_identifier = [
"subnet-0106be880448dd046",
"subnet-0dc4d5c2198372b64",
"subnet-0f16df45eb1d05294",
]
wait_for_capacity_timeout = "10m"
tag {
key = "Name"
propagate_at_launch = true
value = "eks-test-0-eks_asg"
}
tag {
key = "k8s.io/cluster/eks-test"
propagate_at_launch = true
value = "owned"
}
tag {
key = "kubernetes.io/cluster/eks-test"
propagate_at_launch = true
value = "owned"
}
}
# module.cluster.aws_eks_cluster.this[0]:
resource "aws_eks_cluster" "this" {
arn = "arn:aws:eks:eu-west-1:908197663318:cluster/eks-test"
certificate_authority = [
{
data = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EZ3lOakE1TkRRME0xb1hEVE14TURneU5EQTVORFEwTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNOCmtvTHFWMlljSTgvM3ovbjZjRUozOUx4aXQ2enlrdG40b05HQlArbENGM2xMVHdTcGxGTVcvU2JxOGFRTjU3bVkKRzVpMm9aeFlLRVFkN0xMWkl4aWJPWThic0x2amk1dWNYRms2dUlHbUIrV3dvbk1IMHlUa0VUQzVScnBKOUlRNwpubGNNamZ1NExhTVZMWEVqZi9HRUlTY3NtQXh1RVZuZytlZzJ6N0I4eDFyaUc4ZWpBQVc5Tm1mWFJnRXJuczBFCmYzd3NMVXZncmUwNllkaXhJeUE1K1kwa28xVzlvdnBRbWNIZVQwTnZXZkMzZHRqYWFXZU5MS3NveThwZE5pZ3AKTDF3a2xLajg4SlFtUDBqQ2lSYWNRSGFDZnRRU0pTV1drUG5JdVpYanZMUHpoMk9vaWkwQWZ2cmdTZkVndUlUaApiLytKdHhHcjJrTU0vVTV4enprQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZKNXlmNjJrdUVSemFZNkQzbDVJcjRRMER0TWJNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdkQrSHZZZjdRaldLcDBmeHl5aDZJRWp3QzlIRFhlampVTTB3SWRBdmhLRThNYisxRApQNkhkblQrQ09NNWxXQ0dQQnVQSno0V3dDNC8xOGN0dEJDaUM2ZTZkdDhKR0ZFM0RHRkJxTldnRloyUXFxZy9xCkFYSEJKZ2NIYVpjUE1xMURiOFh6MzcxZHNpRlJVWkh4ck1JWkpGZmRsV21vNWxHNGxadlljbFZ2ZzJ4OFAwWWoKNkl1VlVZWjF3L1A5REl3SkZFODBaT1d5dE9OY0M4QlVuQzlTWmRwaVh5aUZqMzNxVEl1Sy9RSzcwT1RlV1VuNQpiOW0wZlpHL01rYmVhY0txbnFqTnNqSUNvREQxS0VVRmFnY0V0a0g4UnMrQU9jN3RWdnhyM0JyV1h6RWNNTXdFCm1LVzlpaUlGeHd3YWpIRWVmcitpRXlpN05BbU9wallURnNuZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
},
]
created_at = "2021-08-26 09:38:20.558 +0000 UTC"
endpoint = "https://D17369FE68611E699E94CF7E0BCF0E11.sk1.eu-west-1.eks.amazonaws.com"
id = "eks-test"
identity = [
{
oidc = [
{
issuer = "https://oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
},
]
},
]
name = "eks-test"
platform_version = "eks.2"
role_arn = "arn:aws:iam::908197663318:role/eks-test20210826093803983000000002"
status = "ACTIVE"
tags_all = {}
version = "1.21"
encryption_config {
resources = [
"secrets",
]
provider {
key_arn = "arn:aws:kms:eu-west-1:908197663318:key/22aa1760-8637-41e2-80d0-46ca01040030"
}
}
kubernetes_network_config {
service_ipv4_cidr = "172.20.0.0/16"
}
timeouts {
create = "30m"
delete = "15m"
}
vpc_config {
cluster_security_group_id = "sg-0b0db2cfa6af87466"
endpoint_private_access = false
endpoint_public_access = true
public_access_cidrs = [
"0.0.0.0/0",
]
security_group_ids = [
"sg-0804c37e8426788a9",
]
subnet_ids = [
"subnet-0106be880448dd046",
"subnet-0dc4d5c2198372b64",
"subnet-0f16df45eb1d05294",
]
vpc_id = "vpc-0b47010594b87e398"
}
}
# module.cluster.aws_iam_instance_profile.workers[0]:
resource "aws_iam_instance_profile" "workers" {
arn = "arn:aws:iam::908197663318:instance-profile/eks-test2021082609492865530000000a"
create_date = "2021-08-26T09:49:29Z"
id = "eks-test2021082609492865530000000a"
name = "eks-test2021082609492865530000000a"
name_prefix = "eks-test"
path = "/"
role = "eks-test20210826094927147700000009"
tags_all = {}
unique_id = "AIPA5G5GMSJLEXGHUHCBN"
}
# module.cluster.aws_iam_openid_connect_provider.oidc_provider[0]:
resource "aws_iam_openid_connect_provider" "oidc_provider" {
arn = "arn:aws:iam::908197663318:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
client_id_list = [
"sts.amazonaws.com",
]
id = "arn:aws:iam::908197663318:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
tags = {
"Name" = "eks-test-eks-irsa"
}
tags_all = {
"Name" = "eks-test-eks-irsa"
}
thumbprint_list = [
"9e99a48a9960b14926bb7f3b02e22da2b0ab7280",
]
url = "oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
}
# module.cluster.aws_iam_policy.cluster_elb_sl_role_creation[0]:
resource "aws_iam_policy" "cluster_elb_sl_role_creation" {
arn = "arn:aws:iam::908197663318:policy/eks-test-elb-sl-role-creation20210826093803982800000001"
description = "Permissions for EKS to create AWSServiceRoleForElasticLoadBalancing service-linked role"
id = "arn:aws:iam::908197663318:policy/eks-test-elb-sl-role-creation20210826093803982800000001"
name = "eks-test-elb-sl-role-creation20210826093803982800000001"
name_prefix = "eks-test-elb-sl-role-creation"
path = "/"
policy = jsonencode(
{
Statement = [
{
Action = [
"ec2:DescribeInternetGateways",
"ec2:DescribeAddresses",
"ec2:DescribeAccountAttributes",
]
Effect = "Allow"
Resource = "*"
Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA5G5GMSJLLGMIF3F6J"
tags_all = {}
}
# module.cluster.aws_iam_role.cluster[0]:
resource "aws_iam_role" "cluster" {
arn = "arn:aws:iam::908197663318:role/eks-test20210826093803983000000002"
assume_role_policy = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "eks.amazonaws.com"
}
Sid = "EKSClusterAssumeRole"
},
]
Version = "2012-10-17"
}
)
create_date = "2021-08-26T09:38:04Z"
force_detach_policies = true
id = "eks-test20210826093803983000000002"
managed_policy_arns = []
max_session_duration = 3600
name = "eks-test20210826093803983000000002"
name_prefix = "eks-test"
path = "/"
tags_all = {}
unique_id = "AROA5G5GMSJLGDA4HLDJ6"
inline_policy {}
}
# module.cluster.aws_iam_role.workers[0]:
resource "aws_iam_role" "workers" {
arn = "arn:aws:iam::908197663318:role/eks-test20210826094927147700000009"
assume_role_policy = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
Sid = "EKSWorkerAssumeRole"
},
]
Version = "2012-10-17"
}
)
create_date = "2021-08-26T09:49:27Z"
force_detach_policies = true
id = "eks-test20210826094927147700000009"
managed_policy_arns = []
max_session_duration = 3600
name = "eks-test20210826094927147700000009"
name_prefix = "eks-test"
path = "/"
tags_all = {}
unique_id = "AROA5G5GMSJLF4IES7GOM"
inline_policy {}
}
# module.cluster.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0]:
resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
id = "eks-test20210826093803983000000002-20210826093805891300000004"
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = "eks-test20210826093803983000000002"
}
# module.cluster.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy[0]:
resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
id = "eks-test20210826093803983000000002-20210826093805895400000006"
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
role = "eks-test20210826093803983000000002"
}
# module.cluster.aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy[0]:
resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSVPCResourceControllerPolicy" {
id = "eks-test20210826093803983000000002-20210826093805893600000005"
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
role = "eks-test20210826093803983000000002"
}
# module.cluster.aws_iam_role_policy_attachment.cluster_elb_sl_role_creation[0]:
resource "aws_iam_role_policy_attachment" "cluster_elb_sl_role_creation" {
id = "eks-test20210826093803983000000002-20210826093805882600000003"
policy_arn = "arn:aws:iam::908197663318:policy/eks-test-elb-sl-role-creation20210826093803982800000001"
role = "eks-test20210826093803983000000002"
}
# module.cluster.aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly[0]:
resource "aws_iam_role_policy_attachment" "workers_AmazonEC2ContainerRegistryReadOnly" {
id = "eks-test20210826094927147700000009-2021082609492903590000000d"
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = "eks-test20210826094927147700000009"
}
# module.cluster.aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy[0]:
resource "aws_iam_role_policy_attachment" "workers_AmazonEKSWorkerNodePolicy" {
id = "eks-test20210826094927147700000009-2021082609492903400000000b"
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = "eks-test20210826094927147700000009"
}
# module.cluster.aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy[0]:
resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" {
id = "eks-test20210826094927147700000009-2021082609492903430000000c"
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = "eks-test20210826094927147700000009"
}
# module.cluster.aws_launch_configuration.workers[0]:
resource "aws_launch_configuration" "workers" {
arn = "arn:aws:autoscaling:eu-west-1:908197663318:launchConfiguration:08c4b64f-0583-41e6-b2b3-99cbe004718a:launchConfigurationName/eks-test-02021082609492981710000000e"
associate_public_ip_address = false
ebs_optimized = true
enable_monitoring = true
iam_instance_profile = "eks-test2021082609492865530000000a"
id = "eks-test-02021082609492981710000000e"
image_id = "ami-0b1c217770f6cd7ca"
instance_type = "t3.small"
name = "eks-test-02021082609492981710000000e"
name_prefix = "eks-test-0"
security_groups = [
"sg-0b823b63b771b5c76",
]
user_data_base64 = "IyEvYmluL2Jhc2ggLWUKCiMgQWxsb3cgdXNlciBzdXBwbGllZCBwcmUgdXNlcmRhdGEgY29kZQoKCiMgQm9vdHN0cmFwIGFuZCBqb2luIHRoZSBjbHVzdGVyCi9ldGMvZWtzL2Jvb3RzdHJhcC5zaCAtLWI2NC1jbHVzdGVyLWNhICdMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VNMWVrTkRRV01yWjBGM1NVSkJaMGxDUVVSQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFRldUVkpOZDBWUldVUldVVkZFUlhkd2NtUlhTbXdLWTIwMWJHUkhWbnBOUWpSWVJGUkplRTFFWjNsT2FrRTFUa1JSTUUweGIxaEVWRTE0VFVSbmVVNUVRVFZPUkZFd1RURnZkMFpVUlZSTlFrVkhRVEZWUlFwQmVFMUxZVE5XYVZwWVNuVmFXRkpzWTNwRFEwRlRTWGRFVVZsS1MyOWFTV2gyWTA1QlVVVkNRbEZCUkdkblJWQkJSRU5EUVZGdlEyZG5SVUpCVEdOT0NtdHZUSEZXTWxsalNUZ3ZNM292YmpaalJVb3pPVXg0YVhRMmVubHJkRzQwYjA1SFFsQXJiRU5HTTJ4TVZIZFRjR3hHVFZjdlUySnhPR0ZSVGpVM2JWa0tSelZwTW05YWVGbExSVkZrTjB4TVdrbDRhV0pQV1RoaWMweDJhbWsxZFdOWVJtczJkVWxIYlVJclYzZHZiazFJTUhsVWEwVlVRelZTY25CS09VbFJOd3B1YkdOTmFtWjFORXhoVFZaTVdFVnFaaTlIUlVsVFkzTnRRWGgxUlZadVp5dGxaeko2TjBJNGVERnlhVWM0WldwQlFWYzVUbTFtV0ZKblJYSnVjekJGQ21ZemQzTk1WWFpuY21Vd05sbGthWGhKZVVFMUsxa3dhMjh4VnpsdmRuQlJiV05JWlZRd1RuWlhaa016WkhScVlXRlhaVTVNUzNOdmVUaHdaRTVwWjNBS1RERjNhMnhMYWpnNFNsRnRVREJxUTJsU1lXTlJTR0ZEWm5SUlUwcFRWMWRyVUc1SmRWcFlhblpNVUhwb01rOXZhV2t3UVdaMmNtZFRaa1ZuZFVsVWFBcGlMeXRLZEhoSGNqSnJUVTB2VlRWNGVucHJRMEYzUlVGQllVNURUVVZCZDBSbldVUldVakJRUVZGSUwwSkJVVVJCWjB0clRVRTRSMEV4VldSRmQwVkNDaTkzVVVaTlFVMUNRV1k0ZDBoUldVUldVakJQUWtKWlJVWktOWGxtTmpKcmRVVlNlbUZaTmtRemJEVkpjalJSTUVSMFRXSk5RVEJIUTFOeFIxTkpZak1LUkZGRlFrTjNWVUZCTkVsQ1FWRkNka1FyU0haWlpqZFJhbGRMY0RCbWVIbDVhRFpKUldwM1F6bElSRmhsYW1wVlRUQjNTV1JCZG1oTFJUaE5ZaXN4UkFwUU5raGtibFFyUTA5Tk5XeFhRMGRRUW5WUVNubzBWM2RETkM4eE9HTjBkRUpEYVVNMlpUWmtkRGhLUjBaRk0wUkhSa0p4VGxkblJsb3lVWEZ4Wnk5eENrRllTRUpLWjJOSVlWcGpVRTF4TVVSaU9GaDZNemN4WkhOcFJsSlZXa2g0Y2sxSldrcEdabVJzVjIxdk5XeEhOR3hhZGxsamJGWjJaeko0T0ZBd1dXb0tOa2wxVmxWWldqRjNMMUE1UkVsM1NrWkZPREJhVDFkNWRFOU9ZME00UWxWdVF6bFRXbVJ3YVZoNWFVWnFNek54VkVsMVN5OVJTemN3VDFSbFYxVnVOUXBpT1cwd1pscEhMMDFyWW1WaFkwdHhibkZxVG5OcVNVTnZSRVF4UzBWVlJtRm5ZMFYwYTBnNFVuTXJRVTlqTjNSV2RuaHlNMEp5VjFoNlJXTk5UWGRGQ20xTFZ6bHBhVWxHZUhkM1lXcElSV1ZtY2l0cFJYbHBOMDVCYlU5d2FsbFVSbk51WmdvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PScgLS1hcGlzZXJ2ZXItZW5kcG9pbnQgJ2h0dHBzOi8vRDE3MzY5RkU2ODYxMUU2OTlFOTRDRjdFMEJDRjBFMTEuc2sxLmV1LXdlc3QtMS5la3MuYW1hem9uYXdzLmNvbScgIC0ta3ViZWxldC1leHRyYS1hcmdzICIiICdla3MtdGVzdCcKCiMgQWxsb3cgdXNlciBzdXBwbGllZCB1c2VyZGF0YSBjb2RlCgo="
metadata_options {
http_endpoint = "enabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
}
root_block_device {
delete_on_termination = true
encrypted = false
iops = 0
throughput = 0
volume_size = 100
volume_type = "gp2"
}
}
# module.cluster.aws_security_group.cluster[0]:
resource "aws_security_group" "cluster" {
arn = "arn:aws:ec2:eu-west-1:908197663318:security-group/sg-0804c37e8426788a9"
description = "EKS cluster security group."
egress = []
id = "sg-0804c37e8426788a9"
ingress = []
name = "eks-test20210826093816521300000008"
name_prefix = "eks-test"
owner_id = "908197663318"
revoke_rules_on_delete = false
tags = {
"Name" = "eks-test-eks_cluster_sg"
}
tags_all = {
"Name" = "eks-test-eks_cluster_sg"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.cluster.aws_security_group.workers[0]:
resource "aws_security_group" "workers" {
arn = "arn:aws:ec2:eu-west-1:908197663318:security-group/sg-0b823b63b771b5c76"
description = "Security group for all nodes in the cluster."
egress = []
id = "sg-0b823b63b771b5c76"
ingress = []
name = "eks-test20210826093815961000000007"
name_prefix = "eks-test"
owner_id = "908197663318"
revoke_rules_on_delete = false
tags = {
"Name" = "eks-test-eks_worker_sg"
"kubernetes.io/cluster/eks-test" = "owned"
}
tags_all = {
"Name" = "eks-test-eks_worker_sg"
"kubernetes.io/cluster/eks-test" = "owned"
}
vpc_id = "vpc-0b47010594b87e398"
}
# module.cluster.aws_security_group_rule.cluster_egress_internet[0]:
resource "aws_security_group_rule" "cluster_egress_internet" {
cidr_blocks = [
"0.0.0.0/0",
]
description = "Allow cluster egress access to the Internet."
from_port = 0
id = "sgrule-380666626"
protocol = "-1"
security_group_id = "sg-0804c37e8426788a9"
self = false
to_port = 0
type = "egress"
}
# module.cluster.aws_security_group_rule.cluster_https_worker_ingress[0]:
resource "aws_security_group_rule" "cluster_https_worker_ingress" {
description = "Allow pods to communicate with the EKS cluster API."
from_port = 443
id = "sgrule-2248505601"
protocol = "tcp"
security_group_id = "sg-0804c37e8426788a9"
self = false
source_security_group_id = "sg-0b823b63b771b5c76"
to_port = 443
type = "ingress"
}
# module.cluster.aws_security_group_rule.workers_egress_internet[0]:
resource "aws_security_group_rule" "workers_egress_internet" {
cidr_blocks = [
"0.0.0.0/0",
]
description = "Allow nodes all egress to the Internet."
from_port = 0
id = "sgrule-1231839037"
protocol = "-1"
security_group_id = "sg-0b823b63b771b5c76"
self = false
to_port = 0
type = "egress"
}
# module.cluster.aws_security_group_rule.workers_ingress_cluster[0]:
resource "aws_security_group_rule" "workers_ingress_cluster" {
description = "Allow workers pods to receive communication from the cluster control plane."
from_port = 1025
id = "sgrule-3703879795"
protocol = "tcp"
security_group_id = "sg-0b823b63b771b5c76"
self = false
source_security_group_id = "sg-0804c37e8426788a9"
to_port = 65535
type = "ingress"
}
# module.cluster.aws_security_group_rule.workers_ingress_cluster_https[0]:
resource "aws_security_group_rule" "workers_ingress_cluster_https" {
description = "Allow pods running extension API servers on port 443 to receive communication from cluster control plane."
from_port = 443
id = "sgrule-4009699383"
protocol = "tcp"
security_group_id = "sg-0b823b63b771b5c76"
self = false
source_security_group_id = "sg-0804c37e8426788a9"
to_port = 443
type = "ingress"
}
# module.cluster.aws_security_group_rule.workers_ingress_self[0]:
resource "aws_security_group_rule" "workers_ingress_self" {
description = "Allow node to communicate with each other."
from_port = 0
id = "sgrule-603670105"
protocol = "-1"
security_group_id = "sg-0b823b63b771b5c76"
self = false
source_security_group_id = "sg-0b823b63b771b5c76"
to_port = 65535
type = "ingress"
}
# module.cluster.data.aws_ami.eks_worker[0]:
data "aws_ami" "eks_worker" {
architecture = "x86_64"
arn = "arn:aws:ec2:eu-west-1::image/ami-0b1c217770f6cd7ca"
block_device_mappings = [
{
device_name = "/dev/xvda"
ebs = {
"delete_on_termination" = "true"
"encrypted" = "false"
"iops" = "0"
"snapshot_id" = "snap-068b7fcffebfd1ca3"
"throughput" = "0"
"volume_size" = "20"
"volume_type" = "gp2"
}
no_device = ""
virtual_name = ""
},
]
creation_date = "2021-08-13T17:45:15.000Z"
description = "EKS Kubernetes Worker AMI with AmazonLinux2 image, (k8s: 1.21.2, docker: 19.03.13ce-1.amzn2, containerd: 1.4.6-2.amzn2)"
ena_support = true
hypervisor = "xen"
id = "ami-0b1c217770f6cd7ca"
image_id = "ami-0b1c217770f6cd7ca"
image_location = "amazon/amazon-eks-node-1.21-v20210813"
image_owner_alias = "amazon"
image_type = "machine"
most_recent = true
name = "amazon-eks-node-1.21-v20210813"
owner_id = "602401143452"
owners = [
"amazon",
]
platform_details = "Linux/UNIX"
product_codes = []
public = true
root_device_name = "/dev/xvda"
root_device_type = "ebs"
root_snapshot_id = "snap-068b7fcffebfd1ca3"
sriov_net_support = "simple"
state = "available"
state_reason = {
"code" = "UNSET"
"message" = "UNSET"
}
tags = {}
usage_operation = "RunInstances"
virtualization_type = "hvm"
filter {
name = "name"
values = [
"amazon-eks-node-1.21-v*",
]
}
}
# module.cluster.data.aws_caller_identity.current:
data "aws_caller_identity" "current" {
account_id = "908197663318"
arn = "arn:aws:iam::908197663318:user/kerin"
id = "908197663318"
user_id = "AIDAITGJQXJFIRITARVJG"
}
# module.cluster.data.aws_iam_policy_document.cluster_assume_role_policy:
data "aws_iam_policy_document" "cluster_assume_role_policy" {
id = "2764486067"
json = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "eks.amazonaws.com"
}
Sid = "EKSClusterAssumeRole"
},
]
Version = "2012-10-17"
}
)
version = "2012-10-17"
statement {
actions = [
"sts:AssumeRole",
]
effect = "Allow"
not_actions = []
not_resources = []
resources = []
sid = "EKSClusterAssumeRole"
principals {
identifiers = [
"eks.amazonaws.com",
]
type = "Service"
}
}
}
# module.cluster.data.aws_iam_policy_document.cluster_elb_sl_role_creation[0]:
data "aws_iam_policy_document" "cluster_elb_sl_role_creation" {
id = "3709839417"
json = jsonencode(
{
Statement = [
{
Action = [
"ec2:DescribeInternetGateways",
"ec2:DescribeAddresses",
"ec2:DescribeAccountAttributes",
]
Effect = "Allow"
Resource = "*"
Sid = ""
},
]
Version = "2012-10-17"
}
)
version = "2012-10-17"
statement {
actions = [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
]
effect = "Allow"
not_actions = []
not_resources = []
resources = [
"*",
]
}
}
# module.cluster.data.aws_iam_policy_document.workers_assume_role_policy:
data "aws_iam_policy_document" "workers_assume_role_policy" {
id = "3778018924"
json = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
Sid = "EKSWorkerAssumeRole"
},
]
Version = "2012-10-17"
}
)
version = "2012-10-17"
statement {
actions = [
"sts:AssumeRole",
]
effect = "Allow"
not_actions = []
not_resources = []
resources = []
sid = "EKSWorkerAssumeRole"
principals {
identifiers = [
"ec2.amazonaws.com",
]
type = "Service"
}
}
}
# module.cluster.data.aws_partition.current:
data "aws_partition" "current" {
dns_suffix = "amazonaws.com"
id = "aws"
partition = "aws"
reverse_dns_prefix = "com.amazonaws"
}
# module.cluster.data.http.wait_for_cluster[0]:
data "http" "wait_for_cluster" {
body = "ok"
ca_certificate = <<-EOT
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIxMDgyNjA5NDQ0M1oXDTMxMDgyNDA5NDQ0M1owFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcN
koLqV2YcI8/3z/n6cEJ39Lxit6zyktn4oNGBP+lCF3lLTwSplFMW/Sbq8aQN57mY
G5i2oZxYKEQd7LLZIxibOY8bsLvji5ucXFk6uIGmB+WwonMH0yTkETC5RrpJ9IQ7
nlcMjfu4LaMVLXEjf/GEIScsmAxuEVng+eg2z7B8x1riG8ejAAW9NmfXRgErns0E
f3wsLUvgre06YdixIyA5+Y0ko1W9ovpQmcHeT0NvWfC3dtjaaWeNLKsoy8pdNigp
L1wklKj88JQmP0jCiRacQHaCftQSJSWWkPnIuZXjvLPzh2Ooii0AfvrgSfEguITh
b/+JtxGr2kMM/U5xzzkCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFJ5yf62kuERzaY6D3l5Ir4Q0DtMbMA0GCSqGSIb3
DQEBCwUAA4IBAQBvD+HvYf7QjWKp0fxyyh6IEjwC9HDXejjUM0wIdAvhKE8Mb+1D
P6HdnT+COM5lWCGPBuPJz4WwC4/18cttBCiC6e6dt8JGFE3DGFBqNWgFZ2Qqqg/q
AXHBJgcHaZcPMq1Db8Xz371dsiFRUZHxrMIZJFfdlWmo5lG4lZvYclVvg2x8P0Yj
6IuVUYZ1w/P9DIwJFE80ZOWytONcC8BUnC9SZdpiXyiFj33qTIuK/QK70OTeWUn5
b9m0fZG/MkbeacKqnqjNsjICoDD1KEUFagcEtkH8Rs+AOc7tVvxr3BrWXzEcMMwE
mKW9iiIFxwwajHEefr+iEyi7NAmOpjYTFsnf
-----END CERTIFICATE-----
EOT
id = "https://D17369FE68611E699E94CF7E0BCF0E11.sk1.eu-west-1.eks.amazonaws.com/healthz"
insecure = false
response_headers = {
"Cache-Control" = "no-cache, private"
"Content-Length" = "2"
"Content-Type" = "text/plain; charset=utf-8"
"Date" = "Thu, 26 Aug 2021 09:49:27 GMT"
"X-Content-Type-Options" = "nosniff"
"X-Kubernetes-Pf-Flowschema-Uid" = "c2bf0ba2-916e-4e96-be1e-ade16d8dd939"
"X-Kubernetes-Pf-Prioritylevel-Uid" = "9b351283-4e16-47e7-ae6a-1b70d6bfac5e"
}
timeout = 300
url = "https://D17369FE68611E699E94CF7E0BCF0E11.sk1.eu-west-1.eks.amazonaws.com/healthz"
}
# module.cluster.kubernetes_config_map.aws_auth[0]:
resource "kubernetes_config_map" "aws_auth" {
data = {
"mapAccounts" = jsonencode([])
"mapRoles" = <<-EOT
- "groups":
- "system:bootstrappers"
- "system:nodes"
"rolearn": "arn:aws:iam::908197663318:role/eks-test20210826094927147700000009"
"username": "system:node:{{EC2PrivateDNSName}}"
EOT
"mapUsers" = jsonencode([])
}
id = "kube-system/aws-auth"
metadata {
generation = 0
labels = {
"app.kubernetes.io/managed-by" = "Terraform"
"terraform.io/module" = "terraform-aws-modules.eks.aws"
}
name = "aws-auth"
namespace = "kube-system"
resource_version = "761"
uid = "9e28a145-1697-4645-8527-3647c206caa1"
}
}
# module.irsa.aws_iam_role.nginx_deployment:
resource "aws_iam_role" "nginx_deployment" {
arn = "arn:aws:iam::908197663318:role/K8sNginxDeploymentRole"
assume_role_policy = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRoleWithWebIdentity"
Condition = {
StringEquals = {
oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11:sub = "system:serviceaccount:default:nginx-deployment"
}
}
Effect = "Allow"
Principal = {
Federated = "arn:aws:iam::908197663318:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/D17369FE68611E699E94CF7E0BCF0E11"
}
},
]
Version = "2012-10-17"
}
)
create_date = "2021-08-26T09:49:27Z"
force_detach_policies = false
id = "K8sNginxDeploymentRole"
managed_policy_arns = []
max_session_duration = 3600
name = "K8sNginxDeploymentRole"
path = "/"
tags_all = {}
unique_id = "AROA5G5GMSJLK3IPD5OAN"
inline_policy {
name = "K8sNginxDeploymentPolicy"
policy = jsonencode(
{
Statement = [
{
Action = [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
]
Effect = "Allow"
Resource = [
"arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97",
"arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8",
]
},
]
Version = "2012-10-17"
}
)
}
}
# module.irsa.data.aws_caller_identity.current:
data "aws_caller_identity" "current" {
account_id = "908197663318"
arn = "arn:aws:iam::908197663318:user/kerin"
id = "908197663318"
user_id = "AIDAITGJQXJFIRITARVJG"
}
# module.kms.aws_kms_key.eks:
resource "aws_kms_key" "eks" {
arn = "arn:aws:kms:eu-west-1:908197663318:key/22aa1760-8637-41e2-80d0-46ca01040030"
customer_master_key_spec = "SYMMETRIC_DEFAULT"
description = "EKS Secret Encryption Key"
enable_key_rotation = false
id = "22aa1760-8637-41e2-80d0-46ca01040030"
is_enabled = true
key_id = "22aa1760-8637-41e2-80d0-46ca01040030"
key_usage = "ENCRYPT_DECRYPT"
policy = jsonencode(
{
Id = "key-default-1"
Statement = [
{
Action = "kms:*"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::908197663318:root"
}
Resource = "*"
Sid = "Enable IAM User Permissions"
},
]
Version = "2012-10-17"
}
)
tags_all = {}
}
# module.kms.aws_kms_key.secrets_manager:
resource "aws_kms_key" "secrets_manager" {
arn = "arn:aws:kms:eu-west-1:908197663318:key/60216583-44e9-49c9-b447-9ddef2cabcf9"
customer_master_key_spec = "SYMMETRIC_DEFAULT"
description = "Secrets Manager key"
enable_key_rotation = false
id = "60216583-44e9-49c9-b447-9ddef2cabcf9"
is_enabled = true
key_id = "60216583-44e9-49c9-b447-9ddef2cabcf9"
key_usage = "ENCRYPT_DECRYPT"
policy = jsonencode(
{
Id = "auto-secretsmanager-1"
Statement = [
{
Action = [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:CreateGrant",
"kms:DescribeKey",
]
Condition = {
StringEquals = {
kms:CallerAccount = "908197663318"
kms:ViaService = "secretsmanager.eu-west-1.amazonaws.com"
}
}
Effect = "Allow"
Principal = {
AWS = "*"
}
Resource = "*"
Sid = "Allow access through AWS Secrets Manager for all principals in the account that are authorized to use AWS Secrets Manager"
},
{
Action = "kms:*"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::908197663318:root"
}
Resource = "*"
Sid = "Allow direct access to key metadata to the account"
},
]
Version = "2012-10-17"
}
)
tags_all = {}
}
# module.kms.data.aws_caller_identity.current:
data "aws_caller_identity" "current" {
account_id = "908197663318"
arn = "arn:aws:iam::908197663318:user/kerin"
id = "908197663318"
user_id = "AIDAITGJQXJFIRITARVJG"
}
# module.kms.data.aws_region.current:
data "aws_region" "current" {
description = "Europe (Ireland)"
endpoint = "ec2.eu-west-1.amazonaws.com"
id = "eu-west-1"
name = "eu-west-1"
}
# module.secrets.aws_secretsmanager_secret.json:
resource "aws_secretsmanager_secret" "json" {
arn = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8"
force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8"
kms_key_id = "arn:aws:kms:eu-west-1:908197663318:key/60216583-44e9-49c9-b447-9ddef2cabcf9"
name = "nginx/json"
recovery_window_in_days = 0
rotation_enabled = false
tags_all = {}
}
# module.secrets.aws_secretsmanager_secret.simple:
resource "aws_secretsmanager_secret" "simple" {
arn = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97"
force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97"
kms_key_id = "arn:aws:kms:eu-west-1:908197663318:key/60216583-44e9-49c9-b447-9ddef2cabcf9"
name = "nginx/simple"
recovery_window_in_days = 0
rotation_enabled = false
tags_all = {}
}
# module.secrets.aws_secretsmanager_secret_version.json:
resource "aws_secretsmanager_secret_version" "json" {
arn = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8"
id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8|3895E3D9-1200-4688-AE5C-275CC5DE60DE"
secret_id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/json-2NQmg8"
secret_string = (sensitive value)
version_id = "3895E3D9-1200-4688-AE5C-275CC5DE60DE"
version_stages = [
"AWSCURRENT",
]
}
# module.secrets.aws_secretsmanager_secret_version.simple:
resource "aws_secretsmanager_secret_version" "simple" {
arn = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97"
id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97|67101380-D2D7-405C-B317-48AA6A71BA13"
secret_id = "arn:aws:secretsmanager:eu-west-1:908197663318:secret:nginx/simple-FPXS97"
secret_string = (sensitive value)
version_id = "67101380-D2D7-405C-B317-48AA6A71BA13"
version_stages = [
"AWSCURRENT",
]
}
Outputs:
cluster_arn = "arn:aws:eks:eu-west-1:908197663318:cluster/eks-test"
cluster_endpoint = "https://D17369FE68611E699E94CF7E0BCF0E11.sk1.eu-west-1.eks.amazonaws.com"
cluster_name = "eks-test"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment