Skip to content

Latest commit



116 lines (91 loc) · 5.85 KB

File metadata and controls

116 lines (91 loc) · 5.85 KB

AWS Cluster

Creates a Kubernetes cluster capable of running the Flightdeck platform using Terraform and EKS. A different node group is created for each availability zone so that node counts will grow equally in each availability zone and so that nodes will be able to reliably attach EBS volumes. An OIDC provider is configured to enable IRSA.

Cluster diagram

The module will look up VPC subnets for the cluster using the cluster name. The VPC and subnets must be tagged following the conventions of the Kubernetes AWS cloud provider:

Tag Value Add to 1 Private subnets 1 Public subnets shared VPC and all subnets

You can quickly create a compatible network using the network module. If you're bringing your own VPC, you must tag resources as documented above before creating your cluster.


module "cluster" {
  source = ""

  # Unique name for this EKS cluster.
  name = "example-production-v1"

  # Version of Kubernetes for this cluster. Must be supported by EKS.
  k8s_version = "1.28"

  node_groups = {
    # You need at least one node group definition.
    default = {
      instance_types = ["t3.large"]
      max_size       = 30
      min_size       = 2

    # You can include extra node groups if you want more than one type of node.
    m5_2xlarge = {
      instance_types = ["m5.2xlarge"]
      max_size       = 30
      min_size       = 2

  # Any tags you want to apply to all created resources.
  tags = { Module = "cluster/production-v1" }


Name Version
terraform >= 0.14.8
aws ~> 4.0


Name Version
aws ~> 4.0


Name Source Version
aws_k8s_oidc_provider ./modules/k8s-oidc-provider n/a
cluster_name ../cluster-name n/a
eks_cluster ./modules/eks-cluster n/a
network ../network-data n/a
node_groups ./modules/eks-node-group n/a
node_role ./modules/eks-node-role n/a


Name Type
aws_ssm_parameter.node_role_arn resource
aws_ssm_parameter.oidc_issuer resource
aws_subnet.private data source


Name Description Type Default Required
enabled_cluster_log_types Which EKS control plane log types to enable list(string) [] no
endpoint_private_access Enables the Amazon EKS private API server endpoint. bool false no
endpoint_public_access Enables the Amazon EKS public API server endpoint. bool true no
k8s_version Kubernetes version to deploy string n/a yes
labels Labels to be applied to created resources map(string) {} no
log_retention_in_days How many days until control plane logs are purged number 7 no
name Name for this EKS cluster string n/a yes
namespace Prefix to be applied to created resources list(string) [] no
node_groups Node groups to create in this cluster
capacity_type = optional(string, "ON_DEMAND")
instance_types = list(string),
enforce_imdsv2 = optional(bool, false)
max_size = number
max_unavailable = optional(number, 3)
min_size = number
n/a yes
tags Tags to be applied to all created resources map(string) {} no


Name Description
cluster_name Full ame of the created cluster
node_role_arn_parameter SSM parameter which contains the ARN of the IAM role for nodes
oidc_issuer_parameter SSM parameter which contains the OIDC issuer URL