stormsilver/eks_cert_authority.tf Secret

## eks_cert_authority.tf
terraform {
  required_version = ">= 1.0.4"

  required_providers {
    sdm = {
      source = "strongdm/sdm"
      version = "1.0.27"
    }
    aws = {
      source = "hashicorp/aws"
      version = "3.56.0"
    }
  }
}

provider "sdm" {}
provider "aws" {
  region = "us-east-2"
}


locals {
  cluster_name = "sdm-eks-test-no-cert-authority"
}


data "aws_region" "current" {}


resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "example1" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "us-east-2a"

  tags = {
    Name = "example1"
  }
}
resource "aws_subnet" "example2" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.2.0/24"
  availability_zone = "us-east-2b"

  tags = {
    Name = "example2"
  }
}


resource "aws_iam_role" "example" {
  name = "eks-cluster-example"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = aws_iam_role.example.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSVPCResourceController" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
  role       = aws_iam_role.example.name
}
resource "aws_eks_cluster" "cluster" {
  name     = local.cluster_name
  role_arn = aws_iam_role.example.arn

  vpc_config {
    subnet_ids = [aws_subnet.example1.id, aws_subnet.example2.id]
  }
  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
    aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
  ]
}

resource "aws_iam_user" "sdm-admin" {
  name = "sdm-${local.cluster_name}"
}
resource "aws_iam_access_key" "sdm-admin" {
  user = aws_iam_user.sdm-admin.name
}

resource "sdm_resource" "cluster" {
  amazon_eks {
    access_key            = aws_iam_access_key.sdm-admin.id
    certificate_authority = base64decode(aws_eks_cluster.cluster.certificate_authority.0.data)
    cluster_name          = local.cluster_name
    endpoint              = aws_eks_cluster.cluster.endpoint
    name                  = "cluster-${local.cluster_name}"
    region                = data.aws_region.current.name
    secret_access_key     = aws_iam_access_key.sdm-admin.secret
  }
}
	terraform {
	required_version = ">= 1.0.4"

	required_providers {
	sdm = {
	source = "strongdm/sdm"
	version = "1.0.27"
	}
	aws = {
	source = "hashicorp/aws"
	version = "3.56.0"
	}
	}
	}

	provider "sdm" {}
	provider "aws" {
	region = "us-east-2"
	}


	locals {
	cluster_name = "sdm-eks-test-no-cert-authority"
	}


	data "aws_region" "current" {}


	resource "aws_vpc" "main" {
	cidr_block = "10.0.0.0/16"
	}
	resource "aws_subnet" "example1" {
	vpc_id = aws_vpc.main.id
	cidr_block = "10.0.1.0/24"
	availability_zone = "us-east-2a"

	tags = {
	Name = "example1"
	}
	}
	resource "aws_subnet" "example2" {
	vpc_id = aws_vpc.main.id
	cidr_block = "10.0.2.0/24"
	availability_zone = "us-east-2b"

	tags = {
	Name = "example2"
	}
	}


	resource "aws_iam_role" "example" {
	name = "eks-cluster-example"

	assume_role_policy = <<POLICY
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"Service": "eks.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}
	POLICY
	}
	resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
	policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
	role = aws_iam_role.example.name
	}
	resource "aws_iam_role_policy_attachment" "example-AmazonEKSVPCResourceController" {
	policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
	role = aws_iam_role.example.name
	}
	resource "aws_eks_cluster" "cluster" {
	name = local.cluster_name
	role_arn = aws_iam_role.example.arn

	vpc_config {
	subnet_ids = [aws_subnet.example1.id, aws_subnet.example2.id]
	}
	depends_on = [
	aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
	aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
	]
	}

	resource "aws_iam_user" "sdm-admin" {
	name = "sdm-${local.cluster_name}"
	}
	resource "aws_iam_access_key" "sdm-admin" {
	user = aws_iam_user.sdm-admin.name
	}

	resource "sdm_resource" "cluster" {
	amazon_eks {
	access_key = aws_iam_access_key.sdm-admin.id
	certificate_authority = base64decode(aws_eks_cluster.cluster.certificate_authority.0.data)
	cluster_name = local.cluster_name
	endpoint = aws_eks_cluster.cluster.endpoint
	name = "cluster-${local.cluster_name}"
	region = data.aws_region.current.name
	secret_access_key = aws_iam_access_key.sdm-admin.secret
	}
	}