Skip to content

Amazon EKS Blueprints Addons

Terraform module to deploy Kubernetes addons on Amazon EKS clusters.

Usage

module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"
  version = "~> 1.0" #ensure to update this to the latest/desired version

  cluster_name      = module.eks.cluster_name
  cluster_endpoint  = module.eks.cluster_endpoint
  cluster_version   = module.eks.cluster_version
  oidc_provider_arn = module.eks.oidc_provider_arn

  eks_addons = {
    aws-ebs-csi-driver = {
      most_recent = true
    }
    coredns = {
      most_recent = true
    }
    vpc-cni = {
      most_recent = true
    }
    kube-proxy = {
      most_recent = true
    }
  }

  enable_aws_load_balancer_controller    = true
  enable_cluster_proportional_autoscaler = true
  enable_karpenter                       = true
  enable_kube_prometheus_stack           = true
  enable_metrics_server                  = true
  enable_external_dns                    = true
  enable_cert_manager                    = true
  cert_manager_route53_hosted_zone_arns  = ["arn:aws:route53:::hostedzone/XXXXXXXXXXXXX"]

  tags = {
    Environment = "dev"
  }
}

module "eks" {
  source = "terraform-aws-modules/eks/aws"

  cluster_name    = "my-cluster"
  cluster_version = "1.29"

  ... truncated for brevity
}

Requirements

Name Version
terraform >= 1.0
aws >= 5.0
helm >= 2.9
kubernetes >= 2.20
time >= 0.9

Providers

Name Version
aws >= 5.0
helm >= 2.9
kubernetes >= 2.20
time >= 0.9

Modules

Name Source Version
argo_events aws-ia/eks-blueprints-addon/aws 1.1.1
argo_rollouts aws-ia/eks-blueprints-addon/aws 1.1.1
argo_workflows aws-ia/eks-blueprints-addon/aws 1.1.1
argocd aws-ia/eks-blueprints-addon/aws 1.1.1
aws_cloudwatch_metrics aws-ia/eks-blueprints-addon/aws 1.1.1
aws_efs_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1
aws_for_fluentbit aws-ia/eks-blueprints-addon/aws 1.1.1
aws_fsx_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1
aws_gateway_api_controller aws-ia/eks-blueprints-addon/aws 1.1.1
aws_load_balancer_controller aws-ia/eks-blueprints-addon/aws 1.1.1
aws_node_termination_handler aws-ia/eks-blueprints-addon/aws 1.1.1
aws_node_termination_handler_sqs terraform-aws-modules/sqs/aws 4.0.1
aws_privateca_issuer aws-ia/eks-blueprints-addon/aws 1.1.1
bottlerocket_shadow aws-ia/eks-blueprints-addon/aws ~> 1.1.1
bottlerocket_update_operator aws-ia/eks-blueprints-addon/aws ~> 1.1.1
cert_manager aws-ia/eks-blueprints-addon/aws 1.1.1
cluster_autoscaler aws-ia/eks-blueprints-addon/aws 1.1.1
cluster_proportional_autoscaler aws-ia/eks-blueprints-addon/aws 1.1.1
external_dns aws-ia/eks-blueprints-addon/aws 1.1.1
external_secrets aws-ia/eks-blueprints-addon/aws 1.1.1
gatekeeper aws-ia/eks-blueprints-addon/aws 1.1.1
ingress_nginx aws-ia/eks-blueprints-addon/aws 1.1.1
karpenter aws-ia/eks-blueprints-addon/aws 1.1.1
karpenter_sqs terraform-aws-modules/sqs/aws 4.0.1
kube_prometheus_stack aws-ia/eks-blueprints-addon/aws 1.1.1
metrics_server aws-ia/eks-blueprints-addon/aws 1.1.1
secrets_store_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1
secrets_store_csi_driver_provider_aws aws-ia/eks-blueprints-addon/aws 1.1.1
velero aws-ia/eks-blueprints-addon/aws 1.1.1
vpa aws-ia/eks-blueprints-addon/aws 1.1.1

Resources

Name Type
aws_autoscaling_group_tag.aws_node_termination_handler resource
aws_autoscaling_lifecycle_hook.aws_node_termination_handler resource
aws_cloudwatch_event_rule.aws_node_termination_handler resource
aws_cloudwatch_event_rule.karpenter resource
aws_cloudwatch_event_target.aws_node_termination_handler resource
aws_cloudwatch_event_target.karpenter resource
aws_cloudwatch_log_group.aws_for_fluentbit resource
aws_cloudwatch_log_group.fargate_fluentbit resource
aws_eks_addon.this resource
aws_iam_instance_profile.karpenter resource
aws_iam_policy.fargate_fluentbit resource
aws_iam_role.karpenter resource
aws_iam_role_policy_attachment.additional resource
aws_iam_role_policy_attachment.karpenter resource
helm_release.this resource
kubernetes_config_map_v1.aws_logging resource
kubernetes_config_map_v1_data.aws_for_fluentbit_containerinsights resource
kubernetes_namespace_v1.aws_observability resource
time_sleep.this resource
aws_caller_identity.current data source
aws_eks_addon_version.this data source
aws_iam_policy_document.aws_efs_csi_driver data source
aws_iam_policy_document.aws_for_fluentbit data source
aws_iam_policy_document.aws_fsx_csi_driver data source
aws_iam_policy_document.aws_gateway_api_controller data source
aws_iam_policy_document.aws_load_balancer_controller data source
aws_iam_policy_document.aws_node_termination_handler data source
aws_iam_policy_document.aws_privateca_issuer data source
aws_iam_policy_document.cert_manager data source
aws_iam_policy_document.cluster_autoscaler data source
aws_iam_policy_document.external_dns data source
aws_iam_policy_document.external_secrets data source
aws_iam_policy_document.fargate_fluentbit data source
aws_iam_policy_document.karpenter data source
aws_iam_policy_document.karpenter_assume_role data source
aws_iam_policy_document.velero data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
argo_events Argo Events add-on configuration values any {} no
argo_rollouts Argo Rollouts add-on configuration values any {} no
argo_workflows Argo Workflows add-on configuration values any {} no
argocd ArgoCD add-on configuration values any {} no
aws_cloudwatch_metrics Cloudwatch Metrics add-on configuration values any {} no
aws_efs_csi_driver EFS CSI Driver add-on configuration values any {} no
aws_for_fluentbit AWS Fluentbit add-on configurations any {} no
aws_for_fluentbit_cw_log_group AWS Fluentbit CloudWatch Log Group configurations any {} no
aws_fsx_csi_driver FSX CSI Driver add-on configuration values any {} no
aws_gateway_api_controller AWS Gateway API Controller add-on configuration values any {} no
aws_load_balancer_controller AWS Load Balancer Controller add-on configuration values any {} no
aws_node_termination_handler AWS Node Termination Handler add-on configuration values any {} no
aws_node_termination_handler_asg_arns List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events list(string) [] no
aws_node_termination_handler_sqs AWS Node Termination Handler SQS queue configuration values any {} no
aws_privateca_issuer AWS PCA Issuer add-on configurations any {} no
bottlerocket_shadow Bottlerocket Update Operator CRDs configuration values any {} no
bottlerocket_update_operator Bottlerocket Update Operator add-on configuration values any {} no
cert_manager cert-manager add-on configuration values any {} no
cert_manager_route53_hosted_zone_arns List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records list(string) 
[
  "arn:aws:route53:::hostedzone/*"
]
 no
cluster_autoscaler Cluster Autoscaler add-on configuration values any {} no
cluster_endpoint Endpoint for your Kubernetes API server string n/a yes
cluster_name Name of the EKS cluster string n/a yes
cluster_proportional_autoscaler Cluster Proportional Autoscaler add-on configurations any {} no
cluster_version Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24) string n/a yes
create_delay_dependencies Dependency attribute which must be resolved before starting the create_delay_duration list(string) [] no
create_delay_duration The duration to wait before creating resources string "30s" no
create_kubernetes_resources Create Kubernetes resource with Helm or Kubernetes provider bool true no
eks_addons Map of EKS add-on configurations to enable for the cluster. Add-on name can be the map keys or set with name any {} no
eks_addons_timeouts Create, update, and delete timeout configurations for the EKS add-ons map(string) {} no
enable_argo_events Enable Argo Events add-on bool false no
enable_argo_rollouts Enable Argo Rollouts add-on bool false no
enable_argo_workflows Enable Argo workflows add-on bool false no
enable_argocd Enable Argo CD Kubernetes add-on bool false no
enable_aws_cloudwatch_metrics Enable AWS Cloudwatch Metrics add-on for Container Insights bool false no
enable_aws_efs_csi_driver Enable AWS EFS CSI Driver add-on bool false no
enable_aws_for_fluentbit Enable AWS for FluentBit add-on bool false no
enable_aws_fsx_csi_driver Enable AWS FSX CSI Driver add-on bool false no
enable_aws_gateway_api_controller Enable AWS Gateway API Controller add-on bool false no
enable_aws_load_balancer_controller Enable AWS Load Balancer Controller add-on bool false no
enable_aws_node_termination_handler Enable AWS Node Termination Handler add-on bool false no
enable_aws_privateca_issuer Enable AWS PCA Issuer bool false no
enable_bottlerocket_update_operator Enable Bottlerocket Update Operator add-on bool false no
enable_cert_manager Enable cert-manager add-on bool false no
enable_cluster_autoscaler Enable Cluster autoscaler add-on bool false no
enable_cluster_proportional_autoscaler Enable Cluster Proportional Autoscaler bool false no
enable_eks_fargate Identifies whether or not respective addons should be modified to support deployment on EKS Fargate bool false no
enable_external_dns Enable external-dns operator add-on bool false no
enable_external_secrets Enable External Secrets operator add-on bool false no
enable_fargate_fluentbit Enable Fargate FluentBit add-on bool false no
enable_gatekeeper Enable Gatekeeper add-on bool false no
enable_ingress_nginx Enable Ingress Nginx bool false no
enable_karpenter Enable Karpenter controller add-on bool false no
enable_kube_prometheus_stack Enable Kube Prometheus Stack bool false no
enable_metrics_server Enable metrics server add-on bool false no
enable_secrets_store_csi_driver Enable CSI Secrets Store Provider bool false no
enable_secrets_store_csi_driver_provider_aws Enable AWS CSI Secrets Store Provider bool false no
enable_velero Enable Kubernetes Dashboard add-on bool false no
enable_vpa Enable Vertical Pod Autoscaler add-on bool false no
external_dns external-dns add-on configuration values any {} no
external_dns_route53_zone_arns List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53) list(string) [] no
external_secrets External Secrets add-on configuration values any {} no
external_secrets_kms_key_arns List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:kms:::key/*"
]
 no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no
fargate_fluentbit Fargate fluentbit add-on config any {} no
fargate_fluentbit_cw_log_group AWS Fargate Fluentbit CloudWatch Log Group configurations any {} no
gatekeeper Gatekeeper add-on configuration any {} no
helm_releases A map of Helm releases to create. This provides the ability to pass in an arbitrary map of Helm chart definitions to create any {} no
ingress_nginx Ingress Nginx add-on configurations any {} no
karpenter Karpenter add-on configuration values any {} no
karpenter_enable_instance_profile_creation Determines whether Karpenter will be allowed to create the IAM instance profile (v1beta1) or if Terraform will (v1alpha1) bool true no
karpenter_enable_spot_termination Determines whether to enable native node termination handling bool true no
karpenter_node Karpenter IAM role and IAM instance profile configuration values any {} no
karpenter_sqs Karpenter SQS queue for native node termination handling configuration values any {} no
kube_prometheus_stack Kube Prometheus Stack add-on configurations any {} no
metrics_server Metrics Server add-on configurations any {} no
oidc_provider_arn The ARN of the cluster OIDC Provider string n/a yes
secrets_store_csi_driver CSI Secrets Store Provider add-on configurations any {} no
secrets_store_csi_driver_provider_aws CSI Secrets Store Provider add-on configurations any {} no
tags A map of tags to add to all resources map(string) {} no
velero Velero add-on configuration values any {} no
vpa Vertical Pod Autoscaler add-on configuration values any {} no

Outputs

Name Description
argo_events Map of attributes of the Helm release created
argo_rollouts Map of attributes of the Helm release created
argo_workflows Map of attributes of the Helm release created
argocd Map of attributes of the Helm release created
aws_cloudwatch_metrics Map of attributes of the Helm release and IRSA created
aws_efs_csi_driver Map of attributes of the Helm release and IRSA created
aws_for_fluentbit Map of attributes of the Helm release and IRSA created
aws_fsx_csi_driver Map of attributes of the Helm release and IRSA created
aws_gateway_api_controller Map of attributes of the Helm release and IRSA created
aws_load_balancer_controller Map of attributes of the Helm release and IRSA created
aws_node_termination_handler Map of attributes of the Helm release and IRSA created
aws_privateca_issuer Map of attributes of the Helm release and IRSA created
bottlerocket_update_operator Map of attributes of the Helm release and IRSA created
cert_manager Map of attributes of the Helm release and IRSA created
cluster_autoscaler Map of attributes of the Helm release and IRSA created
cluster_proportional_autoscaler Map of attributes of the Helm release and IRSA created
eks_addons Map of attributes for each EKS addons enabled
external_dns Map of attributes of the Helm release and IRSA created
external_secrets Map of attributes of the Helm release and IRSA created
fargate_fluentbit Map of attributes of the configmap and IAM policy created
gatekeeper Map of attributes of the Helm release and IRSA created
gitops_metadata GitOps Bridge metadata
helm_releases Map of attributes of the Helm release created
ingress_nginx Map of attributes of the Helm release and IRSA created
karpenter Map of attributes of the Helm release and IRSA created
kube_prometheus_stack Map of attributes of the Helm release and IRSA created
metrics_server Map of attributes of the Helm release and IRSA created
secrets_store_csi_driver Map of attributes of the Helm release and IRSA created
secrets_store_csi_driver_provider_aws Map of attributes of the Helm release and IRSA created
velero Map of attributes of the Helm release and IRSA created
vpa Map of attributes of the Helm release and IRSA created