You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|[aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document)| data source |
455
+
|[aws_iam_policy_document.capability_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document)| data source |
449
456
|[aws_iam_policy_document.cluster_elb_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document)| data source |
450
457
|[aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition)| data source |
451
458
|[tls_certificate.cluster](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate)| data source |
@@ -466,7 +473,11 @@ With Auto Mode, Kubernetes version upgrades are simplified:
466
473
| <aname="input_allowed_security_group_ids"></a> [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids)| A list of IDs of Security Groups to allow access to the cluster. |`list(string)`|`[]`| no |
467
474
| <aname="input_associated_security_group_ids"></a> [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids)| A list of IDs of Security Groups to associate the cluster with.<br/>These security groups will not be modified. |`list(string)`|`[]`| no |
468
475
| <aname="input_attributes"></a> [attributes](#input\_attributes)| ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br/>in the order they appear in the list. New attributes are appended to the<br/>end of the list. The elements of the list are joined by the `delimiter`<br/>and treated as a single ID element. |`list(string)`|`[]`| no |
469
-
| <aname="input_bootstrap_self_managed_addons_enabled"></a> [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled)| Manages bootstrap of default networking addons after cluster has been created |`bool`|`null`| no |
476
+
| <aname="input_auto_mode_compute_config"></a> [auto\_mode\_compute\_config](#input\_auto\_mode\_compute\_config)| EKS Auto Mode compute configuration. When enabled, AWS manages node<br/>provisioning via managed Karpenter. | <pre>object({<br/> enabled = optional(bool, false)<br/> node_pools = optional(set(string), ["general-purpose", "system"])<br/> node_role_arn = optional(string, null)<br/> })</pre> |`{}`| no |
477
+
| <aname="input_auto_mode_elastic_load_balancing"></a> [auto\_mode\_elastic\_load\_balancing](#input\_auto\_mode\_elastic\_load\_balancing)| EKS Auto Mode elastic load balancing configuration. When enabled,<br/>AWS manages ALB/NLB creation for Services and Ingress resources. | <pre>object({<br/> enabled = optional(bool, false)<br/> })</pre> |`{}`| no |
478
+
| <aname="input_auto_mode_storage_config"></a> [auto\_mode\_storage\_config](#input\_auto\_mode\_storage\_config)| EKS Auto Mode storage configuration. When block\_storage is enabled,<br/>AWS manages EBS volumes via the ebs.csi.eks.amazonaws.com provisioner. | <pre>object({<br/> block_storage = optional(object({<br/> enabled = optional(bool, false)<br/> }), {})<br/> })</pre> |`{}`| no |
479
+
| <aname="input_bootstrap_self_managed_addons_enabled"></a> [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled)| Manages bootstrap of default networking addons after cluster has been created. Must be false when Auto Mode is enabled. Changing this forces cluster recreation. |`bool`|`null`| no |
480
+
| <a name="input_capabilities"></a> [capabilities](#input\_capabilities) | Map of EKS Capabilities to enable on the cluster. Each key is the capability<br/>name (must be unique within the cluster). Supported types: ACK, ARGOCD, KRO.<br/><br/>When `create_iam_role` is true (default) and `role_arn` is null, an IAM<br/>role with a trust policy for `capabilities.eks.amazonaws.com` is<br/>automatically created. Set `create_iam_role = false` and provide `role_arn`<br/>when the calling module creates its own IAM roles (avoids plan-time unknowns).<br/><br/>The `configuration` block is only applicable to ARGOCD capabilities.<br/>ACK and KRO do not currently support configuration. | <pre>map(object({<br/> enabled = optional(bool, true)<br/> type = string # ACK, ARGOCD, KRO<br/> create_iam_role = optional(bool, true)<br/> role_arn = optional(string, null)<br/> delete_propagation_policy = optional(string, "RETAIN")<br/> configuration = optional(object({<br/> argo_cd = optional(object({<br/> namespace = optional(string, "argocd")<br/> aws_idc = optional(object({<br/> idc_instance_arn = string<br/> idc_region = optional(string, null)<br/> }), null)<br/> network_access = optional(object({<br/> vpce_ids = optional(list(string), [])<br/> }), null)<br/> rbac_role_mapping = optional(list(object({<br/> role = string # ADMIN, EDITOR, VIEWER<br/> identity = list(object({<br/> id = string<br/> type = string # SSO_USER, SSO_GROUP<br/> }))<br/> })), [])<br/> }), null)<br/> }), null)<br/> create_timeout = optional(string, null)<br/> update_timeout = optional(string, null)<br/> delete_timeout = optional(string, null)<br/> }))</pre> | `{}` | no |
470
481
| <aname="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class)| Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`|`string`|`null`| no |
471
482
| <aname="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id)| If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs |`string`|`null`| no |
@@ -517,6 +528,9 @@ With Auto Mode, Kubernetes version upgrades are simplified:
517
528
518
529
| Name | Description |
519
530
|------|-------------|
531
+
| <aname="output_auto_mode_enabled"></a> [auto\_mode\_enabled](#output\_auto\_mode\_enabled)| Whether EKS Auto Mode is enabled (all three capabilities: compute, storage, networking) |
532
+
| <aname="output_capabilities"></a> [capabilities](#output\_capabilities)| Map of enabled EKS Capabilities with their ARNs and types |
533
+
| <aname="output_capability_role_arns"></a> [capability\_role\_arns](#output\_capability\_role\_arns)| Map of auto-created capability IAM role ARNs |
520
534
| <aname="output_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#output\_cloudwatch\_log\_group\_kms\_key\_id)| KMS Key ID to encrypt AWS CloudWatch logs |
521
535
| <aname="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name)| The name of the log group created in cloudwatch where cluster logs are forwarded to if enabled |
522
536
| <aname="output_cluster_encryption_config_enabled"></a> [cluster\_encryption\_config\_enabled](#output\_cluster\_encryption\_config\_enabled)| If true, Cluster Encryption Configuration is enabled |
0 commit comments