@@ -328,5 +328,71 @@ usage: |-
328328 > many issues you may read about that had affected prior versions. See the version 2 README and release notes
329329 > for more information on the challenges and workarounds that were required prior to v3.
330330
331+ ## EKS Auto Mode
332+
333+ This module supports [EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html) (GA December 2024),
334+ which delegates compute, networking, and storage management to AWS. Enable it using the `auto_mode_compute_config`,
335+ `auto_mode_storage_config`, and `auto_mode_elastic_load_balancing` variables.
336+
337+ ### Enabling Auto Mode
338+
339+ ```hcl
340+ module "eks_cluster" {
341+ source = "cloudposse/eks-cluster/aws"
342+ # version = "..."
343+
344+ auto_mode_compute_config = {
345+ enabled = true
346+ node_pools = ["general-purpose", "system"]
347+ node_role_arn = aws_iam_role.auto_mode_node.arn
348+ }
349+
350+ auto_mode_storage_config = {
351+ block_storage = {
352+ enabled = true
353+ }
354+ }
355+
356+ auto_mode_elastic_load_balancing = {
357+ enabled = true
358+ }
359+
360+ # ... other configuration
361+ }
362+ ```
363+
364+ When Auto Mode is enabled, this module automatically:
365+ - Sets `bootstrap_self_managed_addons = false` (unless explicitly overridden)
366+ - Adds `sts:TagSession` to the cluster IAM role trust policy
367+ - Attaches 4 additional IAM policies to the cluster role: `AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`,
368+ `AmazonEKSLoadBalancingPolicy`, and `AmazonEKSNetworkingPolicy`
369+
370+ ### Capabilities
371+
372+ All three capabilities must be enabled or disabled together:
373+
374+ | Capability | Variable | What AWS Manages |
375+ |-----------|----------|-----------------|
376+ | **Compute** | `auto_mode_compute_config` | Node provisioning via managed Karpenter |
377+ | **Storage** | `auto_mode_storage_config` | EBS volumes via `ebs.csi.eks.amazonaws.com` |
378+ | **Networking** | `auto_mode_elastic_load_balancing` | ALB/NLB for Services and Ingress |
379+
380+ ### Important Notes
381+
382+ - Requires AWS provider `>= 5.79.0` and Kubernetes `>= 1.29`
383+ - Auto Mode manages `vpc-cni`, `kube-proxy`, `coredns`, and `aws-ebs-csi-driver` add-ons automatically.
384+ Do not include these in the `addons` variable when Auto Mode is enabled.
385+ - Auto Mode nodes are Bottlerocket-only, immutable, with no SSH/IMDS access
386+ - Nodes have a 21-day maximum lifetime and are automatically rotated
387+ - The `node_role_arn` in `auto_mode_compute_config` must be an IAM role with
388+ `AmazonEKSWorkerNodeMinimalPolicy` and `AmazonEC2ContainerRegistryPullOnly` attached
389+
390+ ### Cluster Version Upgrades
391+
392+ With Auto Mode, Kubernetes version upgrades are simplified:
393+ 1. Bump `kubernetes_version` and apply -- control plane upgrades in place
394+ 2. Managed Karpenter detects version drift and automatically replaces nodes
395+ 3. Auto Mode-managed add-ons are automatically upgraded to compatible versions
396+
331397include : []
332398contributors : []
0 commit comments