From 205c9fe4165947e81903ea24562763da22412480 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 9 Oct 2025 18:23:07 -0400 Subject: [PATCH] more updates for aws 6 --- README.md | 6 +++--- cluster-admin.tf | 4 ++-- main.tf | 21 +++++++++------------ requirements.tf | 2 +- 4 files changed, 15 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 409cab1..5c9153f 100644 --- a/README.md +++ b/README.md @@ -97,14 +97,14 @@ efs-csi-controller 0 5m | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | ~> 5.100.0 | +| [aws](#requirement\_aws) | ~> 6.0 | | [null](#requirement\_null) | ~> 3.2 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.100.0 | +| [aws](#provider\_aws) | 6.16.0 | | [null](#provider\_null) | 3.2.4 | | [terraform](#provider\_terraform) | n/a | @@ -113,7 +113,7 @@ efs-csi-controller 0 5m | Name | Source | Version | |------|--------|---------| | [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a | -| [cluster](#module\_cluster) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/ | v20.37.2 | +| [cluster](#module\_cluster) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/ | v21.3.2 | | [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a | | [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a | | [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a | diff --git a/cluster-admin.tf b/cluster-admin.tf index 3f0efa5..1f82da3 100644 --- a/cluster-admin.tf +++ b/cluster-admin.tf @@ -3,7 +3,7 @@ #--- locals { iam_arn = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id) - common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.name, data.aws_caller_identity.current.account_id) + common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.id, data.aws_caller_identity.current.account_id) eks_resources = ["cluster", "addon", "nodegroup", "identityproviderconfig"] admin_policy_statements = { @@ -58,7 +58,7 @@ locals { "ssm:GetParameter", ] resources = [ - format("arn:%v:%v:%v:%v:%v", data.aws_arn.current.partition, "ssm", data.aws_region.current.name, "", "parameter/aws/service/eks/*") + format("arn:%v:%v:%v:%v:%v", data.aws_arn.current.partition, "ssm", data.aws_region.current.id, "", "parameter/aws/service/eks/*") ] } EKSReadMyClusters = { diff --git a/main.tf b/main.tf index 2c8ee91..d57d225 100644 --- a/main.tf +++ b/main.tf @@ -26,18 +26,18 @@ resource "terraform_data" "subnet_validation" { } module "cluster" { - source = "git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/?ref=v20.37.2" + source = "git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/?ref=v21.3.2" access_entries = local.access_entries cloudwatch_log_group_retention_in_days = var.cloudwatch_retention_days - cluster_endpoint_private_access = var.cluster_endpoint_private_access - cluster_endpoint_public_access = var.cluster_endpoint_public_access - cluster_name = var.cluster_name - cluster_upgrade_policy = { support_type = "STANDARD" } - cluster_version = var.cluster_version + endpoint_private_access = var.cluster_endpoint_private_access + endpoint_public_access = var.cluster_endpoint_public_access + name = var.cluster_name + upgrade_policy = { support_type = "STANDARD" } + kubernetes_version = var.cluster_version enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions - cluster_enabled_log_types = [ + enabled_log_types = [ "api", "audit", "authenticator", @@ -48,7 +48,7 @@ module "cluster" { vpc_id = local.vpc_id subnet_ids = local.subnets - cluster_addons = { + addons = { amazon-cloudwatch-observability = { most_recent = true service_account_role_arn = module.cloudwatch_observability_irsa_role.iam_role_arn @@ -93,10 +93,6 @@ module "cluster" { } } - eks_managed_node_group_defaults = { - ami_type = "BOTTLEROCKET_x86_64" - } - node_security_group_enable_recommended_rules = true node_security_group_additional_rules = local.node_security_group_additional_rules @@ -104,6 +100,7 @@ module "cluster" { eks_managed_node_groups = { karpenter_controllers = { name = local.ng_name + ami_type = "BOTTLEROCKET_x86_64" capacity_type = "ON_DEMAND" instance_types = var.eks_instance_types diff --git a/requirements.tf b/requirements.tf index d5bb933..a1b6903 100644 --- a/requirements.tf +++ b/requirements.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.100.0" + version = "~> 6.0" } null = { source = "hashicorp/null"