diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..68ddb91
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.DS_Store
+._.DS_Store
+**/.DS_Store
+**/._.DS_Store
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/README.md b/policy-as-code/OPA/policy/aws/blueprints/eks/README.md
new file mode 100644
index 0000000..9dd095a
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/README.md
@@ -0,0 +1,76 @@
+Amazon EKS Blueprint for Terraform contains a collection of Amazon EKS cluster patterns implemented in Terraform that demonstrates how fast and easy it is for customers to adopt Amazon EKS. The Open Policy Agent is an open-source, general purpose policy engine that unifies policy enforcement across the stack. Using Open Policy Agent (OPA) to scan your infrastructure as code and within your Kubernetes cluster is a smart and effective way to ensure the security and compliance of your environment.
+This repo contains below OPA Rego policies for the EKS Blueprint for Terraform project:
+
+1. eks-blueprint-control-logs: Check if the EKS control plane has valid logs enabled.
+2. eks-blueprint-private-endpoint: Check if the EKS cluster uses private endpoints
+3. eks-blueprint-security-group: Check if the EKS Cluster has security group defined
+4. eks-blueprint-selfmanaged-security-group: Check if self managed cluster nodes have security groups defined
+5. eks-blueprint-disk-size: Check if the EKS Cluster node groups have disk_size parameter configured
+
+# Pre-requisites
+
+- [Install AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) on your local machine
+- [Install Open Policy Agent](https://github.com/open-policy-agent/opa) from the latest release
+- [Install Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
+
+# Evaluate EKS Blueprint for Terraform plan with OPA
+
+You can git clone the two repos, one containing the EKS Blueprint terraform configuration and this one containing the OPA Rego policies which would be used to scan the terraform plans
+```
+ git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
+ git clone https://github.com/gpmattoo/aws-infra-policy-as-code-with-terraform.git
+```
+
+You can initialize and run the terraform plan command
+```
+terraform -chdir=terraform-aws-eks-blueprints/patterns/fargate-serverless/ init
+terraform -chdir=terraform-aws-eks-blueprints/patterns/fargate-serverless/ plan --out tfplan.binary
+terraform -chdir=terraform-aws-eks-blueprints/patterns/fargate-serverless/ show -json tfplan.binary > tfplan.json
+
+cat tfplan.json
+```
+
+Here is the OPA policy execution to evaluate the terraform plan from fargate-serverless pattern of EKS Blueprint
+
+```
+opa eval -i /Users/gpmattoo/devOpsRepos/aws-infra-policy-as-code-with-terraform/policy-as-code/OPA/policy/aws/blueprints/eks/fargate-serverless-tfplan.json -d /Users/gpmattoo/devOpsRepos/aws-infra-policy-as-code-with-terraform/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.rego -d common.utils.rego "data.aws.blueprints.eks.controllogs.deny"
+```
+and here is the output of above policy execution:
+```
+{
+ "result": [
+ {
+ "expressions": [
+ {
+ "value": [],
+ "text": "data.aws.blueprints.eks.controllogs.deny",
+ "location": {
+ "row": 1,
+ "col": 1
+ }
+ }
+ ]
+ }
+ ]
+}
+```
+
+# Testing EKS Blueprint OPA Rego Policies
+```
+ opa test -v
+```
+For instance:
+```
+ cd ~/aws-infra-policy-as-code-with-terraform/policy-as-code/OPA/policy/aws/blueprints/eks
+ opa test eks-blueprint-control-logs* common.utils.rego -v
+```
+
+# EKS Blueprint OPA Rego Test Coverage
+```
+ opa test -v --coverage
+```
+For instance:
+```
+ cd ~/aws-infra-policy-as-code-with-terraform/policy-as-code/OPA/policy/aws/blueprints/eks
+ opa test eks-blueprint-control-logs* common.utils.rego -v --coverage
+```
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.rego
new file mode 100644
index 0000000..6aaa7d1
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.rego
@@ -0,0 +1,213 @@
+package utils
+
+# Checks if action is create or update
+# Common path: resource.change.actions
+is_create_or_update(change_actions) {
+ change_actions[count(change_actions) - 1] == ["create", "update"][_]
+}
+
+# Checks of resource is being created or updated
+is_resource_create_or_update(resource) {
+ is_create_or_update(resource.change.actions)
+}
+
+# Creates an array with all falsey values removed.
+# The values false, null, 0, "", {} and [] are considered falsey.
+compact(array) = output {
+ output := [value |
+ value := array[_]
+ not is_null(value)
+ not value == false
+ not value == ""
+ not value == 0
+ not value == []
+ not value == {}
+ ]
+}
+
+# Checks if `match` value matches to all items in array.
+every(array, match) {
+ count([value |
+ value := array[_]
+ value == match
+ ]) == count(array)
+} else = false {
+ true
+}
+
+# Gets the value at path of object.
+get(object, path) = output {
+ [obj_path, value] = walk(object)
+ path_array := to_path(path)
+ obj_path == path_array
+ output := value
+}
+
+# Gets the value at path of object.
+# If the resolved value is undefined,
+# the default_value is returned in its place.
+get_or_default(object, path, default_value) = output {
+ output := get(object, path)
+} else = output {
+ output := default_value
+}
+
+# Checks if path exists on object
+has(object, path) {
+ [obj_path, value] = walk(object)
+ obj_path == to_path(path)
+} else = false {
+ true
+}
+
+# Checks if value exists in array
+includes(array, value) {
+ value == array[_]
+} else = false {
+ true
+}
+
+# Gets index of object in array that matches provided fraction object
+index_by(array, fraction) = output {
+ some i
+ item = array[i]
+ is_fraction(item, fraction)
+ output := i
+} else = output {
+ output := -1
+}
+
+# Gets index of value in array
+index_of(array, value) = output {
+ some i
+ item = array[i]
+ item == value
+ output := i
+} else = output {
+ output := -1
+}
+
+# Checks if value is null or false
+is_null_or_false(value) {
+ is_null(value)
+} else {
+ value == false
+} else = false {
+ true
+}
+
+# Checks if object matches fraction
+is_fraction(object, fraction) {
+ search_keys = keys(fraction)
+ count({key |
+ key = search_keys[_]
+ object[key] == fraction[key]
+ }) == count(search_keys)
+} else = false {
+ true
+}
+
+# Gets the keys of object
+keys(object) = output {
+ output := {key |
+ [path, value] = walk(object)
+ key := path[0]
+ }
+}
+
+# Gets the size of collection
+size(collection) = output {
+ is_string(collection)
+ output := count(collection)
+} else = output {
+ output := count(keys(collection))
+}
+
+# Converts set to an array
+to_array(set) = output {
+ output := [value |
+ value := set[_]
+ ]
+}
+
+# Converts array to a set
+to_set(array) = output {
+ output := {value |
+ value := array[_]
+ }
+}
+
+_parse_array_index(value) = output {
+ contains(value, "[")
+ number_string := substring(value, 1, count(value) - 2)
+ output = try_to_number(number_string)
+} else = output {
+ output = value
+}
+
+# Converts string path to a path array
+to_path(path) = output_array {
+ output_array := [value |
+ part := split(path, ".")[_]
+ value := _parse_array_index(part)
+ ]
+}
+
+# Attempts to converts string to a number
+try_to_number(string) = out {
+ out := to_number(string)
+} else = out {
+ out := string
+}
+
+is_resource_of_type(resource, service) {
+ resource.mode == "managed"
+ contains(resource.type, service)
+ resource.change.actions[count(resource.change.actions) - 1] != "delete"
+}
+
+# Checks if service resource exists in the plan
+find_service_resource(plan, service) = result {
+ result := [ x.address | x := plan.resource_changes[_]; is_resource_of_type(x, service)]
+}
+
+# Checks if arrays is null or empty
+is_array_null_or_empty(value) {
+ is_null(value)
+} else {
+ size(value) = 0
+} else = false {
+ true
+}
+
+# Check if an array contains specified value
+contains_element(array, value) {
+ array[_] = value
+} else = false {
+ true
+}
+
+# find configuration entries for resource
+find_configuration_resource(plan, resource) = cfgresource{
+ # case where there is no module
+ not resource.module_address
+ some ssm_resource
+ plan.configuration.root_module.resources[ssm_resource].address == resource.address
+ cfgresource := plan.configuration.root_module.resources[ssm_resource]
+} else = cfgresource{
+ some ssm_resource
+ # case with module (or nested modules)
+ base_path := "configuration.root_module"
+ # get module_address and split with "."
+ module_address_list := split(resource.module_address, ".")
+ # list comprehention to keep only modules names not "module." entries
+ nested_module_path := [ path | module_address_list[i] != "module"; path := module_address_list[i] ]
+ # rebuild path for configuration section
+ temp_path := concat(".", [ path2 | nested_module_path[i] ; path2 := sprintf("module_calls.%s.module",[nested_module_path[i]])])
+ temp_path2 := concat(".", [base_path, temp_path])
+
+ # search input object starting at root_module
+ myobj := data.utils.get(plan, temp_path2)
+ concat(".", [resource.module_address, myobj.resources[ssm_resource].address]) == resource.address
+ cfgresource := myobj.resources[ssm_resource]
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.test.rego
new file mode 100644
index 0000000..e975c57
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/common.utils.test.rego
@@ -0,0 +1,320 @@
+package utils
+
+test_is_create_or_update {
+ data.utils.is_create_or_update(["create"])
+ data.utils.is_create_or_update(["delete", "create"])
+ not data.utils.is_create_or_update(["create", "delete"])
+ data.utils.is_create_or_update(["update"])
+}
+
+test_is_resource_create_or_update {
+ data.utils.is_resource_create_or_update({"change": {"actions": ["create"]}})
+ data.utils.is_resource_create_or_update({"change": {"actions": ["delete", "create"]}})
+ not data.utils.is_resource_create_or_update({"change": {"actions": ["create", "delete"]}})
+ data.utils.is_resource_create_or_update({"change": {"actions": ["update"]}})
+}
+
+test_compact {
+ array = [
+ "a",
+ false,
+ null,
+ 0,
+ [],
+ {},
+ ]
+
+ ["a"] == compact(array)
+ [] == compact([false])
+}
+
+test_to_path {
+ ["a", "b", "c"] == to_path("a.b.c")
+ ["a", 123, "c"] == to_path("a.[123].c")
+}
+
+test_is_null_or_false {
+ is_null_or_false(null) == true
+ is_null_or_false(false) == true
+ is_null_or_false(true) == false
+ is_null_or_false("sample") == false
+ is_null_or_false(["1", "2"]) == false
+}
+
+test_get {
+ obj = {"a": {"b": [0, 1, {"c": "valid"}, {"d": false}]}}
+
+ "valid" == get(obj, "a.b.[2].c")
+ "valid" == get(obj, "a.b.[2].c")
+
+ not get(obj, "a.b.[0].foo.bar")
+}
+
+test_get_or_default {
+ obj = {"a": {"b": [0, 1, {"c": "valid"}, {"d": false}]}}
+
+ "valid" == get_or_default(obj, "a.b.[2].c", false)
+ false == get_or_default(obj, "a.b.[3].d", false)
+ "does not exist" == get_or_default(obj, "a.b.[123].c", "does not exist")
+ "does not exist" == get_or_default(obj, "a.b.[0].foo.bar", "does not exist")
+}
+
+test_has {
+ obj = {"a": {"b": [0, 1, {"c": true}, {"d": false}]}}
+ has(obj, "a.b.[2].c") == true
+ has(obj, "a.b.[3].d") == true
+ has(obj, "a.b.[123].c") == false
+ has(obj, "a.b.[2].d") == false
+}
+
+test_keys {
+ obj = {"a": 1, "b": 2, "c": 3, "d": {"e": 4}}
+ arr = ["a", "b", "c", "d"]
+ keys(obj) == {"a", "b", "c", "d"}
+ keys(arr) == {0, 1, 2, 3}
+}
+
+test_is_fraction {
+ obj = {"a": 2, "b": 3, "c": false, "d": "hello", "e": {"hello": "world"}}
+
+ is_fraction(obj, {"a": 2})
+ is_fraction(obj, {"a": 2, "b": 3})
+ is_fraction(obj, {"a": 2, "c": false})
+ is_fraction(obj, {"a": 2, "c": true}) == false
+ is_fraction(obj, {"e": {"hello": "world"}})
+ is_fraction(obj, {"e": {}}) == false
+}
+
+test_every {
+ every([true, true, true], true) == true
+ every([false, false, false], false) == true
+ every([true, false, true], true) == false
+ every([false, true, false], false) == false
+ every([1, 1, 1], 1) == true
+ every([1, 2, 3], 1) == false
+ every([null, null], null) == true
+ every(["", ""], "") == true
+}
+
+test_includes {
+ includes(["a", "b", "c"], "b") == true
+ includes([2, 3, 4, 5], 4) == true
+ includes(["a", null, "c"], null) == true
+ includes(["a", false, 3], false) == true
+ includes(["a", false, 3], true) == false
+}
+
+test_size {
+ size([]) == 0
+ size([1, 2, 3]) == 3
+ size([1, 2, 3, 4, 5]) == 5
+ size([1, 2, 3, 4, 5, 6, 7, 8, 9, 10]) == 10
+ size({"a": 0, "b": 1, "c": 2}) == 3
+ size("hello") == 5
+}
+
+test_to_set {
+ {"a", "b"} == to_set(["a", "b", "b", "a"])
+ {"a", "b", null} == to_set(["a", "b", "b", null])
+ {1, false, null} == to_set([1, 1, false, null, false])
+}
+
+test_to_array {
+ ["a", "b"] == to_array({"a", "b"})
+ ["a", "b"] == to_array({"b", "a"})
+ [null, "a", "b"] == to_array({"a", "b", null})
+ [null, false, 1] == to_array({1, false, null})
+ [null, false, true, 1, "a", "z", {}] == to_array({1, true, false, null, "a", {}, "z"})
+}
+
+test_index_of {
+ index_of(["a", 1, {}, false, null], "a") == 0
+ index_of(["a", 1, {}, false, null], 1) == 1
+ index_of(["a", 1, {}, false, null], {}) == 2
+ index_of(["a", 1, {}, false, null], false) == 3
+ index_of(["a", 1, {}, false, null], null) == 4
+ index_of(["a", 1, {}, false, null], "nop") == -1
+}
+
+test_index_by {
+ array := [{"a": 1, "b": 2}, {"a": 3, "b": 4}, {"a": 5, "b": 6}]
+ index_by(array, {"a": 1}) == 0
+ index_by(array, {"a": 3}) == 1
+ index_by(array, {"b": 6}) == 2
+ index_by(array, {"b": 3}) == -1
+}
+
+test_try_to_number {
+ try_to_number("1") == 1
+ try_to_number("1.2") == 1.2
+ try_to_number("1.2.3") == "1.2.3"
+ try_to_number("test") == "test"
+}
+
+test_find_service_resource {
+ plan = {
+ "resource_changes": [
+ {
+ "address": "aws_secretsmanager_secret.example",
+ "mode": "managed",
+ "type": "aws_secretsmanager_secret",
+ "change": {
+ "actions": [
+ "create"
+ ]
+ }
+ },
+ {
+ "address": "aws_kms_key.example",
+ "mode": "managed",
+ "type": "aws_kms_key",
+ "change": {
+ "actions": [
+ "delete"
+ ]
+ }
+ }
+ ]
+ }
+
+ data.utils.find_service_resource(plan, "aws_secretsmanager") == ["aws_secretsmanager_secret.example"]
+ count(data.utils.find_service_resource(plan, "aws_s3")) == 0
+ count(data.utils.find_service_resource(plan, "aws_kms")) == 0
+}
+
+test_is_array_null_or_empty {
+ is_array_null_or_empty([]) == true
+ is_array_null_or_empty(null) == true
+ is_array_null_or_empty(["1"]) == false
+ is_array_null_or_empty(["1", "2"]) == false
+}
+
+test_contains_element {
+ contains_element(["1", "2"], "1") == true
+ contains_element(["1", "2"], "3") == false
+ contains_element([], "1") == false
+}
+
+test_find_configuration_resource {
+ # case 0 module
+ plan0 = {
+ "resource_changes": [
+ {
+ "address": "aws_ssm_parameter.ssm_compliant_referenced",
+ "mode": "managed",
+ "type": "aws_ssm_parameter",
+ "name": "ssm_compliant_referenced",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": { "actions": [ "create" ] }
+ }
+ ],
+ "configuration": {
+ "root_module": {
+ "resources": [
+ {
+ "address": "aws_ssm_parameter.ssm_compliant_referenced",
+ "type": "aws_ssm_parameter",
+ "name": "ssm_compliant_referenced"
+ }
+ ]
+ }
+ }
+ }
+ data.utils.find_configuration_resource(plan0, plan0.resource_changes[0]) == plan0.configuration.root_module.resources[0]
+ # case 1 module
+ plan1 = {
+ "resource_changes": [
+ {
+ "address": "module.testmodule.aws_ssm_parameter.ssm_compliant_referenced",
+ "module_address": "module.testmodule",
+ "mode": "managed",
+ "type": "aws_ssm_parameter",
+ "name": "ssm_compliant_referenced",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": { "actions": [ "create" ] }
+ }
+ ],
+ "configuration": {
+ "root_module": {
+ "module_calls": {
+ "testmodule": {
+ "module": {
+ "resources": [
+ {
+ "address": "aws_ssm_parameter.ssm_compliant_referenced",
+ "type": "aws_ssm_parameter",
+ "name": "ssm_compliant_referenced"
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ data.utils.find_configuration_resource(plan1, plan1.resource_changes[0]) == plan1.configuration.root_module.module_calls.testmodule.module.resources[0]
+
+ # case nested modules
+ plan2 = {
+ "resource_changes": [
+ {
+ "address": "module.level1.aws_iam_role.role",
+ "module_address": "module.level1",
+ "type": "aws_iam_role",
+ "name": "role",
+ "change": { "actions": [ "create" ] }
+ },
+ {
+ "address": "module.level1.module.level2.aws_iam_policy.policy",
+ "module_address": "module.level1.module.level2",
+ "type": "aws_iam_policy",
+ "name": "policy",
+ "change": { "actions": [ "create" ] }
+ },
+ {
+ "address": "module.level1.module.level2.aws_iam_role_policy_attachment.this",
+ "module_address": "module.level1.module.level2",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "change": { "actions": [ "create" ] }
+ }
+ ],
+ "configuration": {
+ "root_module": {
+ "module_calls": {
+ "level1": {
+ "module": {
+ "resources": [
+ {
+ "address": "aws_iam_role.role",
+ "type": "aws_iam_role",
+ "name": "role"
+ }
+ ],
+ "module_calls": {
+ "level2": {
+ "module": {
+ "resources": [
+ {
+ "address": "aws_iam_policy.policy",
+ "type": "aws_iam_policy",
+ "name": "policy"
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this"
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ data.utils.find_configuration_resource(plan2, plan2.resource_changes[1]) == plan2.configuration.root_module.module_calls.level1.module.module_calls.level2.module.resources[0]
+
+}
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.mock.json b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.mock.json
new file mode 100644
index 0000000..ca1f55b
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.mock.json
@@ -0,0 +1,598 @@
+{
+ "controllogs_valid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": [
+ "api",
+ "audit",
+ "authenticator"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "cluster_id": true,
+ "created_at": true,
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": [
+ {
+ "ip_family": true,
+ "service_ipv4_cidr": true,
+ "service_ipv6_cidr": true
+ }
+ ],
+ "outpost_config": [],
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": true,
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ }
+ }]
+},
+ "controllogs_api_invalid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": [
+ "api1",
+ "audit",
+ "authenticator"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "cluster_id": true,
+ "created_at": true,
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": [
+ {
+ "ip_family": true,
+ "service_ipv4_cidr": true,
+ "service_ipv6_cidr": true
+ }
+ ],
+ "outpost_config": [],
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": true,
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ }
+ }]
+ },
+ "controllogs_audit_invalid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": [
+ "api",
+ "audit1",
+ "authenticator"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "cluster_id": true,
+ "created_at": true,
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": [
+ {
+ "ip_family": true,
+ "service_ipv4_cidr": true,
+ "service_ipv6_cidr": true
+ }
+ ],
+ "outpost_config": [],
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": true,
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ }
+ }]
+ },
+ "controllogs_audit_authenticator": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": [
+ "api",
+ "audit",
+ "authenticator1"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "cluster_id": true,
+ "created_at": true,
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": [
+ {
+ "ip_family": true,
+ "service_ipv4_cidr": true,
+ "service_ipv6_cidr": true
+ }
+ ],
+ "outpost_config": [],
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": true,
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ }
+ }]
+ }
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.rego
new file mode 100644
index 0000000..3f500ef
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.rego
@@ -0,0 +1,32 @@
+package aws.blueprints.eks.controllogs
+
+import future.keywords.in
+
+# Check if the EKS cluster has valid control plane logs enabled.
+
+# Terraform policy resource link
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabled_cluster_log_types
+
+# AWS link to policy definition/explanation
+# https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
+
+valid_logs := {"api", "audit", "authenticator"}
+
+is_in_scope(resource) {
+ resource.mode == "managed"
+ data.utils.is_create_or_update(resource.change.actions)
+ resource.type == "aws_eks_cluster"
+}
+
+is_logging_valid(resource) {
+ cluster_logs := {lt | some lt in resource.change.after.enabled_cluster_log_types}
+ required_logs := valid_logs - cluster_logs
+ count(required_logs) == 0
+}
+
+deny[reason] {
+ some resource in input.resource_changes
+ is_in_scope(resource)
+ not is_logging_valid(resource)
+ reason := sprintf("'%s' EKS Cluster should contain following cluster log types enabled - 'api', 'audit', 'authenticator'", [resource.address])
+}
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.test.rego
new file mode 100644
index 0000000..3f6a362
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-control-logs.test.rego
@@ -0,0 +1,23 @@
+package aws.blueprints.eks.controllogs
+
+msg := {"'module.eks.aws_eks_cluster.eks_cluster' EKS Cluster should contain following cluster log types enabled - 'api', 'audit', 'authenticator'"}
+
+test_valid {
+ result = deny with input as data.controllogs_valid
+ count(result) == 0
+}
+
+test_invalid_api {
+ result = deny with input as data.controllogs_api_invalid
+ msg == result
+}
+
+test_invalid_audit {
+ result = deny with input as data.controllogs_audit_invalid
+ msg == result
+}
+
+test_invalid_authenticator {
+ result = deny with input as data.controllogs_audit_authenticator
+ msg == result
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.mock.json b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.mock.json
new file mode 100644
index 0000000..5c8db2d
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.mock.json
@@ -0,0 +1,219 @@
+{
+ "mock": {
+ "disk_size_valid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.midtier",
+ "mode": "managed",
+ "type": "aws_eks_node_group",
+ "name": "eks_nodes",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "cluster_name": "quantexa-dev-eks-cluster",
+ "disk_size": 200,
+ "force_update_version": null,
+ "instance_types": [
+ "t3.2xlarge"
+ ],
+ "labels": null,
+ "launch_template": [
+ ],
+ "node_group_name": "eks-node-group-quantexa-dev-eks-cluster",
+ "remote_access": [
+ ],
+ "scaling_config": [
+ {
+ "desired_size": 3,
+ "max_size": 6,
+ "min_size": 3
+ }
+ ],
+ "subnet_ids": [
+ "subnet-081e40a32b90a4185",
+ "subnet-0854a6ae56612b073"
+ ],
+ "tags": null,
+ "tags_all": {
+ "project": "quantexa-mvp"
+ },
+ "taint": [
+ ],
+ "timeouts": null
+ },
+ "after_unknown": {
+ "ami_type": true,
+ "arn": true,
+ "capacity_type": true,
+ "id": true,
+ "instance_types": [
+ false
+ ],
+ "launch_template": [
+ ],
+ "node_group_name_prefix": true,
+ "node_role_arn": true,
+ "release_version": true,
+ "remote_access": [
+ ],
+ "resources": true,
+ "scaling_config": [
+ {
+ }
+ ],
+ "status": true,
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "tags_all": {
+ },
+ "taint": [
+ ],
+ "update_config": true,
+ "version": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "instance_types": [
+ false
+ ],
+ "launch_template": [
+ ],
+ "remote_access": [
+ ],
+ "resources": [
+ ],
+ "scaling_config": [
+ {
+ }
+ ],
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "tags_all": {
+ },
+ "taint": [
+ ],
+ "update_config": [
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "disk_size_invalid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.midtier",
+ "mode": "managed",
+ "type": "aws_eks_node_group",
+ "name": "eks_nodes",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "cluster_name": "quantexa-dev-eks-cluster",
+ "force_update_version": null,
+ "instance_types": [
+ "t3.2xlarge"
+ ],
+ "labels": null,
+ "launch_template": [
+ ],
+ "node_group_name": "eks-node-group-quantexa-dev-eks-cluster",
+ "remote_access": [
+ ],
+ "scaling_config": [
+ {
+ "desired_size": 3,
+ "max_size": 6,
+ "min_size": 3
+ }
+ ],
+ "subnet_ids": [
+ "subnet-081e40a32b90a4185",
+ "subnet-0854a6ae56612b073"
+ ],
+ "tags": null,
+ "tags_all": {
+ "project": "quantexa-mvp"
+ },
+ "taint": [
+ ],
+ "timeouts": null
+ },
+ "after_unknown": {
+ "ami_type": true,
+ "arn": true,
+ "capacity_type": true,
+ "id": true,
+ "instance_types": [
+ false
+ ],
+ "launch_template": [
+ ],
+ "node_group_name_prefix": true,
+ "node_role_arn": true,
+ "release_version": true,
+ "remote_access": [
+ ],
+ "resources": true,
+ "scaling_config": [
+ {
+ }
+ ],
+ "status": true,
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "tags_all": {
+ },
+ "taint": [
+ ],
+ "update_config": true,
+ "version": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "instance_types": [
+ false
+ ],
+ "launch_template": [
+ ],
+ "remote_access": [
+ ],
+ "resources": [
+ ],
+ "scaling_config": [
+ {
+ }
+ ],
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "tags_all": {
+ },
+ "taint": [
+ ],
+ "update_config": [
+ ]
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.rego
new file mode 100644
index 0000000..6fc7e54
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.rego
@@ -0,0 +1,29 @@
+package aws.blueprints.eks.disk_size
+
+
+import future.keywords.in
+
+# Check if cluster node groups have disk_size parameter configured.
+
+# Terraform policy resource link
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#disk_size
+
+# AWS link to policy definition/explanation
+# https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
+
+is_in_scope(resource) {
+ resource.mode == "managed"
+ data.utils.is_create_or_update(resource.change.actions)
+ resource.type == "aws_eks_node_group"
+}
+
+is_disk_size_present(resource){
+ resource.change.after.disk_size
+}
+
+deny[reason] {
+ some resource in input.resource_changes
+ is_in_scope(resource)
+ not is_disk_size_present(resource)
+ reason := sprintf("'%s' EKS Cluster Node group should contain disk_size parameter", [resource.address])
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.test.rego
new file mode 100644
index 0000000..d600dd8
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-disk-size.test.rego
@@ -0,0 +1,13 @@
+package aws.blueprints.eks.disk_size
+
+msg := {"'module.eks.aws_eks_cluster.eks_cluster' EKS Cluster Node group should contain disk_size parameter"}
+
+test_valid {
+ result = deny with input as data.mock.disk_size_valid
+ count(result) == 0
+}
+
+test_invalid {
+ result = deny with input as data.mock.disk_size_invalid
+ msg == result
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.mock.json b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.mock.json
new file mode 100644
index 0000000..a1b7aec
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.mock.json
@@ -0,0 +1,247 @@
+{
+ "mock": {
+ "pe_valid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.midtier",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "eks_cluster",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": null,
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ }
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "name": "quantexa-dev-eks-cluster",
+ "tags": null,
+ "tags_all": {
+ "project": "quantexa-mvp"
+ },
+ "timeouts": null,
+ "version": "1.21",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": false,
+ "subnet_ids": [
+ "subnet-081e40a32b90a4185",
+ "subnet-0854a6ae56612b073"
+ ]
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "created_at": true,
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": true,
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags_all": {
+ },
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": true,
+ "security_group_ids": true,
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [
+ ],
+ "kubernetes_network_config": [
+ ],
+ "tags_all": {
+ },
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ ],
+ "security_group_ids": [
+ ],
+ "subnet_ids": [
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "pe_invalid": {
+ "resource_changes": [
+ {
+ "address": "module.eks.aws_eks_cluster.eks_cluster",
+ "module_address": "module.midtier",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "eks_cluster",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": null,
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ }
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "name": "quantexa-dev-eks-cluster",
+ "tags": null,
+ "tags_all": {
+ "project": "quantexa-mvp"
+ },
+ "timeouts": null,
+ "version": "1.21",
+ "vpc_config": [
+ {
+ "endpoint_private_access": false,
+ "endpoint_public_access": true,
+ "subnet_ids": [
+ "subnet-081e40a32b90a4185",
+ "subnet-0854a6ae56612b073"
+ ]
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "created_at": true,
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": true,
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags_all": {
+ },
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": true,
+ "security_group_ids": true,
+ "subnet_ids": [
+ false,
+ false
+ ],
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [
+ ],
+ "kubernetes_network_config": [
+ ],
+ "tags_all": {
+ },
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ ],
+ "security_group_ids": [
+ ],
+ "subnet_ids": [
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.rego
new file mode 100644
index 0000000..8055116
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.rego
@@ -0,0 +1,29 @@
+package aws.blueprints.eks.privateEndpoint
+
+import future.keywords.in
+
+# Check if cluster uses private endpoints.
+
+# Terraform policy resource link
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#endpoint_private_access
+
+# AWS link to policy definition/explanation
+# https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
+
+is_in_scope(resource) {
+ resource.mode == "managed"
+ data.utils.is_create_or_update(resource.change.actions)
+ resource.type == "aws_eks_cluster"
+}
+
+are_endpoints_private(resource) {
+ resource.change.after.vpc_config[0].endpoint_private_access == true
+ resource.change.after.vpc_config[0].endpoint_public_access == false
+}
+
+deny[reason] {
+ some resource in input.resource_changes
+ is_in_scope(resource)
+ not are_endpoints_private(resource)
+ reason := sprintf("'%s' EKS Cluster should only have private endpoints", [resource.address])
+}
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.test.rego
new file mode 100644
index 0000000..c428a35
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-private-endpoint.test.rego
@@ -0,0 +1,13 @@
+package aws.blueprints.eks.privateEndpoint
+
+msg := {"'module.eks.aws_eks_cluster.eks_cluster' EKS Cluster should only have private endpoints"}
+
+test_valid {
+ result = deny with input as data.mock.pe_valid
+ count(result) == 0
+}
+
+test_invalid {
+ result = deny with input as data.mock.pe_invalid
+ msg == result
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.mock.json b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.mock.json
new file mode 100644
index 0000000..fbafe84
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.mock.json
@@ -0,0 +1,361 @@
+{
+ "mock": {
+ "sg_valid" :{
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_eks_cluster",
+ "name":"eks_cluster",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "enabled_cluster_log_types":[
+ "api",
+ "audit",
+ "authenticator",
+ "controllerManager",
+ "scheduler"
+ ],
+ "encryption_config":[
+
+ ],
+ "name":"3c4c-test-cluster",
+ "tags":null,
+ "timeouts":null,
+ "version":"1.21",
+ "vpc_config":[
+ {
+ "endpoint_private_access":true,
+ "endpoint_public_access":false,
+ "security_group_ids":[
+ "sg-02f7d448806f1e366"
+ ],
+ "subnet_ids":[
+ "subnet-0402a62d9ccba0476",
+ "subnet-0c7e5b5bc3355e008"
+ ]
+ }
+ ]
+ },
+ "after_unknown":{
+ "arn":true,
+ "certificate_authority":true,
+ "created_at":true,
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "endpoint":true,
+ "id":true,
+ "identity":true,
+ "kubernetes_network_config":true,
+ "platform_version":true,
+ "role_arn":true,
+ "status":true,
+ "tags_all":true,
+ "vpc_config":[
+ {
+ "cluster_security_group_id":true,
+ "public_access_cidrs":true,
+ "security_group_ids":true,
+ "subnet_ids":[
+ false,
+ false
+ ],
+ "vpc_id":true
+ }
+ ]
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "certificate_authority":[
+
+ ],
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "identity":[
+
+ ],
+ "kubernetes_network_config":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_config":[
+ {
+ "public_access_cidrs":[
+
+ ],
+ "security_group_ids":[
+
+ ],
+ "subnet_ids":[
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "sg_noid_valid" :{
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_eks_cluster",
+ "name":"eks_cluster",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "enabled_cluster_log_types":[
+ "api",
+ "audit",
+ "authenticator",
+ "controllerManager",
+ "scheduler"
+ ],
+ "encryption_config":[
+
+ ],
+ "name":"3c4c-test-cluster",
+ "tags":null,
+ "timeouts":null,
+ "version":"1.21",
+ "vpc_config":[
+ {
+ "endpoint_private_access":true,
+ "endpoint_public_access":false,
+ "subnet_ids":[
+ "subnet-0402a62d9ccba0476",
+ "subnet-0c7e5b5bc3355e008"
+ ]
+ }
+ ]
+ },
+ "after_unknown":{
+ "arn":true,
+ "certificate_authority":true,
+ "created_at":true,
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "endpoint":true,
+ "id":true,
+ "identity":true,
+ "kubernetes_network_config":true,
+ "platform_version":true,
+ "role_arn":true,
+ "status":true,
+ "tags_all":true,
+ "vpc_config":[
+ {
+ "cluster_security_group_id":true,
+ "public_access_cidrs":true,
+ "security_group_ids":true,
+ "subnet_ids":[
+ false,
+ false
+ ],
+ "vpc_id":true
+ }
+ ]
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "certificate_authority":[
+
+ ],
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "identity":[
+
+ ],
+ "kubernetes_network_config":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_config":[
+ {
+ "public_access_cidrs":[
+
+ ],
+ "security_group_ids":[
+
+ ],
+ "subnet_ids":[
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "sg_invalid" : {
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_eks_cluster",
+ "name":"eks_cluster",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "enabled_cluster_log_types":[
+ "api",
+ "audit",
+ "authenticator",
+ "controllerManager",
+ "scheduler"
+ ],
+ "encryption_config":[
+
+ ],
+ "name":"3c4c-test-cluster",
+ "tags":null,
+ "timeouts":null,
+ "version":"1.21",
+ "vpc_config":[
+ {
+ "endpoint_private_access":true,
+ "endpoint_public_access":false,
+ "security_group_ids":null,
+ "subnet_ids":[
+ "subnet-0402a62d9ccba0476",
+ "subnet-0c7e5b5bc3355e008"
+ ]
+ }
+ ]
+ },
+ "after_unknown":{
+ "arn":true,
+ "certificate_authority":true,
+ "created_at":true,
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "endpoint":true,
+ "id":true,
+ "identity":true,
+ "kubernetes_network_config":true,
+ "platform_version":true,
+ "role_arn":true,
+ "status":true,
+ "tags_all":true,
+ "vpc_config":[
+ {
+ "cluster_security_group_id":true,
+ "public_access_cidrs":true,
+ "subnet_ids":[
+ false,
+ false
+ ],
+ "vpc_id":true
+ }
+ ]
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "certificate_authority":[
+
+ ],
+ "enabled_cluster_log_types":[
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "encryption_config":[
+
+ ],
+ "identity":[
+
+ ],
+ "kubernetes_network_config":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_config":[
+ {
+ "public_access_cidrs":[
+
+ ],
+ "security_group_ids":[
+
+ ],
+ "subnet_ids":[
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.rego
new file mode 100644
index 0000000..d1f1e19
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.rego
@@ -0,0 +1,33 @@
+package aws.blueprints.eks.securityGroup
+
+import future.keywords.in
+
+# Check if cluster has security group defined.
+
+# Terraform policy resource link
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#security_group_ids
+
+# AWS link to policy defitinio/explanation
+# https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+
+is_in_scope(resource) {
+ resource.mode == "managed"
+ data.utils.is_create_or_update(resource.change.actions)
+ resource.type == "aws_eks_cluster"
+}
+
+is_security_group_enabled(resource){
+ resource.change.after.vpc_config[0].security_group_ids
+ count(resource.change.after.vpc_config[0].security_group_ids) > 0
+} else {
+ resource.change.after_unknown.vpc_config[0].security_group_ids == true
+} else = false{
+ true
+}
+
+deny[reason] {
+ some resource in input.resource_changes
+ is_in_scope(resource)
+ not is_security_group_enabled(resource)
+ reason := sprintf("'%s' EKS Cluster Should have cluster security group defined", [resource.address])
+}
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.test.rego
new file mode 100644
index 0000000..d675b21
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-security-group.test.rego
@@ -0,0 +1,18 @@
+package aws.blueprints.eks.securityGroup
+
+msg := {"'module.eks.aws_eks_cluster.eks_cluster' EKS Cluster Should have cluster security group defined"}
+
+test_valid {
+ result = deny with input as data.mock.sg_valid
+ count(result) == 0
+}
+
+test_noid_valid {
+ result = deny with input as data.mock.sg_noid_valid
+ count(result) == 0
+}
+
+test_invalid {
+ result = deny with input as data.mock.sg_invalid
+ msg == result
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.mock.json b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.mock.json
new file mode 100644
index 0000000..6faf6c0
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.mock.json
@@ -0,0 +1,673 @@
+{
+ "mock": {
+ "sm_sg_valid": {
+ "format_version":"1.0",
+ "terraform_version":"1.1.1",
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_launch_template",
+ "name":"this",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "description":null,
+ "disable_api_termination":null,
+ "ebs_optimized":null,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "image_id":"ami-0e70dc9d2c457f1c8",
+ "instance_initiated_shutdown_behavior":null,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "instance_type":"t3.large",
+ "kernel_id":null,
+ "key_name":null,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "name":"3c4c-test-cluster-lt",
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "ram_disk_id":null,
+ "security_group_names":null,
+ "tag_specifications":[
+
+ ],
+ "tags":null,
+ "update_default_version":null,
+ "user_data":null
+ },
+ "after_unknown":{
+ "arn":true,
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "default_version":true,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "id":true,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "latest_version":true,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":true,
+ "monitoring":[
+
+ ],
+ "name_prefix":true,
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":true,
+ "vpc_security_group_ids":true
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_security_group_ids":[
+
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "sm_sgid_valid": {
+ "format_version":"1.0",
+ "terraform_version":"1.1.1",
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_launch_template",
+ "name":"this",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "description":null,
+ "disable_api_termination":null,
+ "ebs_optimized":null,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "image_id":"ami-0e70dc9d2c457f1c8",
+ "instance_initiated_shutdown_behavior":null,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "instance_type":"t3.large",
+ "kernel_id":null,
+ "key_name":null,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "name":"3c4c-test-cluster-lt",
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "ram_disk_id":null,
+ "security_group_names":null,
+ "tag_specifications":[
+
+ ],
+ "tags":null,
+ "update_default_version":null,
+ "user_data":null,
+ "vpc_security_group_ids":[
+ "sg-02f7d448806f1e366"
+ ]
+ },
+ "after_unknown":{
+ "arn":true,
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "default_version":true,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "id":true,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "latest_version":true,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":true,
+ "monitoring":[
+
+ ],
+ "name_prefix":true,
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":true,
+ "vpc_security_group_ids":[
+ false
+ ]
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_security_group_ids":[
+ false
+ ]
+ }
+ }
+ }
+ ]
+ },
+ "sm_sg_invalid":{
+ "terraform_version":"1.1.1",
+ "resource_changes":[
+ {
+ "address":"module.eks.aws_eks_cluster.eks_cluster",
+ "module_address":"module.eks",
+ "mode":"managed",
+ "type":"aws_launch_template",
+ "name":"this",
+ "provider_name":"registry.terraform.io/hashicorp/aws",
+ "change":{
+ "actions":[
+ "create"
+ ],
+ "before":null,
+ "after":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "description":null,
+ "disable_api_termination":null,
+ "ebs_optimized":null,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "image_id":"ami-0e70dc9d2c457f1c8",
+ "instance_initiated_shutdown_behavior":null,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "instance_type":"t3.large",
+ "kernel_id":null,
+ "key_name":null,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "name":"3c4c-test-cluster-lt",
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "ram_disk_id":null,
+ "security_group_names":null,
+ "tag_specifications":[
+
+ ],
+ "tags":null,
+ "update_default_version":null,
+ "user_data":null,
+ "vpc_security_group_ids":[
+
+ ]
+ },
+ "after_unknown":{
+ "arn":true,
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "default_version":true,
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "id":true,
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "latest_version":true,
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":true,
+ "monitoring":[
+
+ ],
+ "name_prefix":true,
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":true,
+ "vpc_security_group_ids":[
+ false
+ ]
+ },
+ "before_sensitive":false,
+ "after_sensitive":{
+ "block_device_mappings":[
+
+ ],
+ "capacity_reservation_specification":[
+
+ ],
+ "cpu_options":[
+
+ ],
+ "credit_specification":[
+
+ ],
+ "elastic_gpu_specifications":[
+
+ ],
+ "elastic_inference_accelerator":[
+
+ ],
+ "enclave_options":[
+
+ ],
+ "hibernation_options":[
+
+ ],
+ "iam_instance_profile":[
+
+ ],
+ "instance_market_options":[
+
+ ],
+ "instance_requirements":[
+
+ ],
+ "license_specification":[
+
+ ],
+ "maintenance_options":[
+
+ ],
+ "metadata_options":[
+
+ ],
+ "monitoring":[
+
+ ],
+ "network_interfaces":[
+
+ ],
+ "placement":[
+
+ ],
+ "private_dns_name_options":[
+
+ ],
+ "tag_specifications":[
+
+ ],
+ "tags_all":{
+
+ },
+ "vpc_security_group_ids":[
+ false
+ ]
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.rego
new file mode 100644
index 0000000..918dd21
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.rego
@@ -0,0 +1,30 @@
+package aws.blueprints.eks.selfManagedSecurityGroup
+
+import future.keywords.in
+
+# Check if self managed cluster nodes have security groups defined.
+
+# Terraform policy resource link
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#vpc_security_group_ids
+
+# AWS link to policy definition/explanation
+# https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+
+is_in_scope(resource) {
+ resource.mode == "managed"
+ data.utils.is_create_or_update(resource.change.actions)
+ resource.type == "aws_launch_template"
+}
+
+is_security_group_enabled(resource) {
+ count(resource.change.after.vpc_security_group_ids) > 0
+} else {
+ resource.change.after_unknown.vpc_security_group_ids == true
+} else := false
+
+deny[reason] {
+ some resource in input.resource_changes
+ is_in_scope(resource)
+ not is_security_group_enabled(resource)
+ reason := sprintf("'%s' EKS Cluster Managed Nodes Should have security groups defined", [resource.address])
+}
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.test.rego b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.test.rego
new file mode 100644
index 0000000..6e57161
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/eks-blueprint-selfmanaged-security-group.test.rego
@@ -0,0 +1,18 @@
+package aws.blueprints.eks.selfManagedSecurityGroup
+
+msg := {"'module.eks.aws_eks_cluster.eks_cluster' EKS Cluster Managed Nodes Should have security groups defined"}
+
+test_ref_valid {
+ result = deny with input as data.mock.sm_sg_valid
+ count(result) == 0
+}
+
+test_sgid_valid {
+ result = deny with input as data.mock.sm_sgid_valid
+ count(result) == 0
+}
+
+test_invalid {
+ result = deny with input as data.mock.sm_sg_invalid
+ msg == result
+}
\ No newline at end of file
diff --git a/policy-as-code/OPA/policy/aws/blueprints/eks/fargate-serverless-tfplan.json b/policy-as-code/OPA/policy/aws/blueprints/eks/fargate-serverless-tfplan.json
new file mode 100644
index 0000000..3ac5f59
--- /dev/null
+++ b/policy-as-code/OPA/policy/aws/blueprints/eks/fargate-serverless-tfplan.json
@@ -0,0 +1,57127 @@
+{
+ "format_version": "1.2",
+ "terraform_version": "1.5.7",
+ "planned_values": {
+ "outputs": {
+ "configure_kubectl": {
+ "sensitive": false,
+ "type": "string",
+ "value": "aws eks --region us-west-2 update-kubeconfig --name fargate-serverless"
+ }
+ },
+ "root_module": {
+ "resources": [
+ {
+ "address": "kubernetes_deployment_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_deployment_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "schema_version": 1,
+ "values": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048",
+ "namespace": "app-2048"
+ }
+ ],
+ "spec": [
+ {
+ "min_ready_seconds": 0,
+ "paused": false,
+ "progress_deadline_seconds": 600,
+ "replicas": "3",
+ "revision_history_limit": 10,
+ "selector": [
+ {
+ "match_expressions": [],
+ "match_labels": {
+ "app.kubernetes.io/name": "app-2048"
+ }
+ }
+ ],
+ "template": [
+ {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": {
+ "app.kubernetes.io/name": "app-2048"
+ },
+ "namespace": null
+ }
+ ],
+ "spec": [
+ {
+ "active_deadline_seconds": null,
+ "affinity": [],
+ "automount_service_account_token": true,
+ "container": [
+ {
+ "args": null,
+ "command": null,
+ "env": [],
+ "env_from": [],
+ "image": "public.ecr.aws/l6m2t8p7/docker-2048:latest",
+ "lifecycle": [],
+ "liveness_probe": [],
+ "name": "app-2048",
+ "port": [
+ {
+ "container_port": 80,
+ "host_ip": null,
+ "host_port": null,
+ "name": null,
+ "protocol": "TCP"
+ }
+ ],
+ "readiness_probe": [],
+ "security_context": [],
+ "startup_probe": [],
+ "stdin": false,
+ "stdin_once": false,
+ "termination_message_path": "/dev/termination-log",
+ "tty": false,
+ "volume_mount": [],
+ "working_dir": null
+ }
+ ],
+ "dns_config": [],
+ "dns_policy": "ClusterFirst",
+ "enable_service_links": true,
+ "host_aliases": [],
+ "host_ipc": false,
+ "host_network": false,
+ "host_pid": false,
+ "init_container": [],
+ "node_selector": null,
+ "priority_class_name": null,
+ "restart_policy": "Always",
+ "runtime_class_name": null,
+ "security_context": [],
+ "share_process_namespace": false,
+ "subdomain": null,
+ "termination_grace_period_seconds": 30,
+ "toleration": [],
+ "topology_spread_constraint": [],
+ "volume": []
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "timeouts": null,
+ "wait_for_rollout": true
+ },
+ "sensitive_values": {
+ "metadata": [
+ {}
+ ],
+ "spec": [
+ {
+ "selector": [
+ {
+ "match_expressions": [],
+ "match_labels": {}
+ }
+ ],
+ "strategy": [],
+ "template": [
+ {
+ "metadata": [
+ {
+ "labels": {}
+ }
+ ],
+ "spec": [
+ {
+ "affinity": [],
+ "container": [
+ {
+ "env": [],
+ "env_from": [],
+ "lifecycle": [],
+ "liveness_probe": [],
+ "port": [
+ {}
+ ],
+ "readiness_probe": [],
+ "resources": [],
+ "security_context": [],
+ "startup_probe": [],
+ "volume_mount": []
+ }
+ ],
+ "dns_config": [],
+ "host_aliases": [],
+ "image_pull_secrets": [],
+ "init_container": [],
+ "readiness_gate": [],
+ "security_context": [],
+ "toleration": [],
+ "topology_spread_constraint": [],
+ "volume": []
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "address": "kubernetes_namespace_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "schema_version": 0,
+ "values": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_default_service_account": false
+ },
+ "sensitive_values": {
+ "metadata": [
+ {}
+ ]
+ }
+ },
+ {
+ "address": "kubernetes_service_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_service_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "schema_version": 1,
+ "values": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048",
+ "namespace": "app-2048"
+ }
+ ],
+ "spec": [
+ {
+ "allocate_load_balancer_node_ports": true,
+ "external_ips": null,
+ "external_name": null,
+ "load_balancer_class": null,
+ "load_balancer_ip": null,
+ "load_balancer_source_ranges": null,
+ "port": [
+ {
+ "app_protocol": null,
+ "name": null,
+ "port": 80,
+ "protocol": "TCP",
+ "target_port": "80"
+ }
+ ],
+ "publish_not_ready_addresses": false,
+ "selector": {
+ "app.kubernetes.io/name": "app-2048"
+ },
+ "session_affinity": "None",
+ "type": "NodePort"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_load_balancer": true
+ },
+ "sensitive_values": {
+ "metadata": [
+ {}
+ ],
+ "spec": [
+ {
+ "cluster_ips": [],
+ "ip_families": [],
+ "port": [
+ {}
+ ],
+ "selector": {},
+ "session_affinity_config": []
+ }
+ ],
+ "status": []
+ }
+ }
+ ],
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks.aws_cloudwatch_log_group.this[0]",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "kms_key_id": null,
+ "name": "/aws/eks/fargate-serverless/cluster",
+ "retention_in_days": 90,
+ "skip_destroy": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "/aws/eks/fargate-serverless/cluster"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "/aws/eks/fargate-serverless/cluster"
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_ec2_tag.cluster_primary_security_group[\"Blueprint\"]",
+ "mode": "managed",
+ "type": "aws_ec2_tag",
+ "name": "cluster_primary_security_group",
+ "index": "Blueprint",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "key": "Blueprint",
+ "value": "fargate-serverless"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.aws_ec2_tag.cluster_primary_security_group[\"GithubRepo\"]",
+ "mode": "managed",
+ "type": "aws_ec2_tag",
+ "name": "cluster_primary_security_group",
+ "index": "GithubRepo",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "key": "GithubRepo",
+ "value": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.aws_eks_cluster.this[0]",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "enabled_cluster_log_types": [
+ "api",
+ "audit",
+ "authenticator"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "sensitive_values": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_openid_connect_provider.oidc_provider[0]",
+ "mode": "managed",
+ "type": "aws_iam_openid_connect_provider",
+ "name": "oidc_provider",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "client_id_list": [
+ "sts.amazonaws.com"
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-eks-irsa"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-eks-irsa"
+ }
+ },
+ "sensitive_values": {
+ "client_id_list": [
+ false
+ ],
+ "tags": {},
+ "tags_all": {},
+ "thumbprint_list": []
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_policy.cluster_encryption[0]",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "cluster_encryption",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "description": "Cluster encryption policy to allow cluster role to utilize CMK provided",
+ "name_prefix": "fargate-serverless-cluster-ClusterEncryption",
+ "path": "/",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Sid\":\"EKSClusterAssumeRole\"}],\"Version\":\"2012-10-17\"}",
+ "description": null,
+ "force_detach_policies": true,
+ "inline_policy": [
+ {
+ "name": "fargate-serverless-cluster",
+ "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"logs:CreateLogGroup\"],\"Effect\":\"Deny\",\"Resource\":\"*\"}]}"
+ }
+ ],
+ "max_session_duration": 3600,
+ "name_prefix": "fargate-serverless-cluster-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "inline_policy": [
+ {}
+ ],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.cluster_encryption[0]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "cluster_encryption",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.this[\"AmazonEKSClusterPolicy\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "AmazonEKSClusterPolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.this[\"AmazonEKSVPCResourceController\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "AmazonEKSVPCResourceController",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.data.tls_certificate.this[0]",
+ "mode": "data",
+ "type": "tls_certificate",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/tls",
+ "schema_version": 0,
+ "values": {
+ "content": null,
+ "verify_chain": null
+ },
+ "sensitive_values": {
+ "certificates": []
+ }
+ },
+ {
+ "address": "module.eks.time_sleep.this[0]",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/time",
+ "schema_version": 0,
+ "values": {
+ "create_duration": "30s",
+ "destroy_duration": null,
+ "triggers": {
+ "cluster_name": "fargate-serverless",
+ "cluster_version": "1.27"
+ }
+ },
+ "sensitive_values": {
+ "triggers": {}
+ }
+ }
+ ],
+ "address": "module.eks",
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.kms.aws_kms_alias.this[\"cluster\"]",
+ "mode": "managed",
+ "type": "aws_kms_alias",
+ "name": "this",
+ "index": "cluster",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "name": "alias/eks/fargate-serverless"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.kms.aws_kms_key.this[0]",
+ "mode": "managed",
+ "type": "aws_kms_key",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "bypass_policy_lockout_safety_check": false,
+ "custom_key_store_id": null,
+ "customer_master_key_spec": "SYMMETRIC_DEFAULT",
+ "deletion_window_in_days": null,
+ "description": "fargate-serverless cluster encryption key",
+ "enable_key_rotation": true,
+ "is_enabled": true,
+ "key_usage": "ENCRYPT_DECRYPT",
+ "multi_region": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.module.kms.data.aws_iam_policy_document.this[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "override_policy_documents": [],
+ "policy_id": null,
+ "source_policy_documents": [],
+ "statement": [
+ {
+ "actions": [
+ "kms:CancelKeyDeletion",
+ "kms:Create*",
+ "kms:Delete*",
+ "kms:Describe*",
+ "kms:Disable*",
+ "kms:Enable*",
+ "kms:Get*",
+ "kms:List*",
+ "kms:Put*",
+ "kms:Revoke*",
+ "kms:ScheduleKeyDeletion",
+ "kms:TagResource",
+ "kms:UntagResource",
+ "kms:Update*"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ "arn:aws:iam::458468232176:user/cdk-workshop"
+ ],
+ "type": "AWS"
+ }
+ ],
+ "resources": [
+ "*"
+ ],
+ "sid": "KeyAdministration"
+ },
+ {
+ "actions": [
+ "kms:Decrypt",
+ "kms:DescribeKey",
+ "kms:Encrypt",
+ "kms:GenerateDataKey*",
+ "kms:ReEncrypt*"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ null
+ ],
+ "type": "AWS"
+ }
+ ],
+ "resources": [
+ "*"
+ ],
+ "sid": "KeyUsage"
+ }
+ ],
+ "version": null
+ },
+ "sensitive_values": {
+ "override_policy_documents": [],
+ "source_policy_documents": [],
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "address": "module.eks.module.kms"
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "mode": "managed",
+ "type": "aws_eks_fargate_profile",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "cluster_name": "fargate-serverless",
+ "fargate_profile_name": "kube-system",
+ "selector": [
+ {
+ "labels": null,
+ "namespace": "kube-system"
+ }
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null
+ }
+ },
+ "sensitive_values": {
+ "selector": [
+ {}
+ ],
+ "subnet_ids": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks-fargate-pods.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
+ "description": "Fargate profile IAM role",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "kube-system-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.additional[\"additional\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "index": "additional",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks.module.fargate_profile[\"kube_system\"]"
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "mode": "managed",
+ "type": "aws_eks_fargate_profile",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "cluster_name": "fargate-serverless",
+ "fargate_profile_name": "app_wildcard",
+ "selector": [
+ {
+ "labels": null,
+ "namespace": "app-*"
+ }
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null
+ }
+ },
+ "sensitive_values": {
+ "selector": [
+ {}
+ ],
+ "subnet_ids": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks-fargate-pods.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
+ "description": "Fargate profile IAM role",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "app_wildcard-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.additional[\"additional\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "index": "additional",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"]"
+ }
+ ]
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks_blueprints_addons.aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "kms_key_id": null,
+ "name_prefix": "/fargate-serverless/fargate-fluentbit-logs",
+ "retention_in_days": 90,
+ "skip_destroy": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"coredns\"]",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "coredns",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "coredns",
+ "addon_version": "v1.10.1-eksbuild.5",
+ "cluster_name": "fargate-serverless",
+ "configuration_values": "{\"computeType\":\"Fargate\",\"resources\":{\"limits\":{\"cpu\":\"0.25\",\"memory\":\"256M\"},\"requests\":{\"cpu\":\"0.25\",\"memory\":\"256M\"}}}",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"kube-proxy\"]",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "kube-proxy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "kube-proxy",
+ "addon_version": "v1.27.6-eksbuild.2",
+ "cluster_name": "fargate-serverless",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"vpc-cni\"]",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "vpc-cni",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "vpc-cni",
+ "addon_version": "v1.15.1-eksbuild.1",
+ "cluster_name": "fargate-serverless",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_iam_policy.fargate_fluentbit[0]",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "description": null,
+ "name_prefix": "fargate-serverless-fargate-fluentbit-logs-",
+ "path": "/",
+ "tags": null
+ },
+ "sensitive_values": {
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_iam_policy_document.fargate_fluentbit[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [],
+ "resources": [
+ null,
+ null
+ ],
+ "sid": "PutLogEvents"
+ }
+ ],
+ "version": null
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [],
+ "resources": [
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.kubernetes_config_map_v1.aws_logging[0]",
+ "mode": "managed",
+ "type": "kubernetes_config_map_v1",
+ "name": "aws_logging",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "schema_version": 0,
+ "values": {
+ "binary_data": null,
+ "immutable": null,
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "aws-logging"
+ }
+ ]
+ },
+ "sensitive_values": {
+ "data": {},
+ "metadata": [
+ {}
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.kubernetes_namespace_v1.aws_observability[0]",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "aws_observability",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "schema_version": 0,
+ "values": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": {
+ "aws-observability": "enabled"
+ },
+ "name": "aws-observability"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_default_service_account": false
+ },
+ "sensitive_values": {
+ "metadata": [
+ {
+ "labels": {}
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.time_sleep.this",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/time",
+ "schema_version": 0,
+ "values": {
+ "create_duration": "30s",
+ "destroy_duration": null,
+ "triggers": {
+ "cluster_name": "fargate-serverless"
+ }
+ },
+ "sensitive_values": {
+ "triggers": {}
+ }
+ }
+ ],
+ "address": "module.eks_blueprints_addons",
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "description": "IAM Policy for AWS Load Balancer Controller",
+ "name_prefix": "alb-controller-",
+ "path": "/",
+ "policy": "{\"Statement\":[{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateSecurityGroup\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"elasticloadbalancing:AddTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "description": "IRSA for aws-load-balancer-controller project",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "alb-controller-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "sensitive_values": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role_policy_attachment.this[0]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.assume[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "sts:AssumeRoleWithWebIdentity"
+ ],
+ "condition": [
+ {
+ "test": "StringEquals",
+ "values": [
+ "sts.amazonaws.com"
+ ]
+ },
+ {
+ "test": "StringEquals",
+ "values": [
+ "system:serviceaccount:kube-system:aws-load-balancer-controller-sa"
+ ]
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ null
+ ],
+ "type": "Federated"
+ }
+ ],
+ "resources": null,
+ "sid": null
+ }
+ ],
+ "version": null
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/helm",
+ "schema_version": 1,
+ "values": {
+ "atomic": false,
+ "chart": "aws-load-balancer-controller",
+ "cleanup_on_fail": false,
+ "create_namespace": false,
+ "dependency_update": false,
+ "description": "A Helm chart to deploy aws-load-balancer-controller for ingress resources",
+ "devel": null,
+ "disable_crd_hooks": false,
+ "disable_openapi_validation": false,
+ "disable_webhooks": false,
+ "force_update": false,
+ "keyring": null,
+ "lint": false,
+ "max_history": 0,
+ "name": "aws-load-balancer-controller",
+ "namespace": "kube-system",
+ "pass_credentials": false,
+ "postrender": [],
+ "recreate_pods": false,
+ "render_subchart_notes": true,
+ "replace": false,
+ "repository": "https://aws.github.io/eks-charts",
+ "repository_ca_file": null,
+ "repository_cert_file": null,
+ "repository_key_file": null,
+ "repository_password": null,
+ "repository_username": null,
+ "reset_values": false,
+ "reuse_values": false,
+ "set_list": [],
+ "set_sensitive": [],
+ "skip_crds": false,
+ "status": "deployed",
+ "timeout": 300,
+ "values": [],
+ "verify": false,
+ "version": "1.6.0",
+ "wait": false,
+ "wait_for_jobs": false
+ },
+ "sensitive_values": {
+ "metadata": [],
+ "postrender": [],
+ "set": [],
+ "set_list": [],
+ "set_sensitive": [],
+ "values": []
+ }
+ }
+ ],
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller"
+ }
+ ]
+ },
+ {
+ "resources": [
+ {
+ "address": "module.vpc.aws_default_network_acl.this[0]",
+ "mode": "managed",
+ "type": "aws_default_network_acl",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "egress": [
+ {
+ "action": "allow",
+ "cidr_block": "",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": 101,
+ "to_port": 0
+ },
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "",
+ "protocol": "-1",
+ "rule_no": 100,
+ "to_port": 0
+ }
+ ],
+ "ingress": [
+ {
+ "action": "allow",
+ "cidr_block": "",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": 101,
+ "to_port": 0
+ },
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "",
+ "protocol": "-1",
+ "rule_no": 100,
+ "to_port": 0
+ }
+ ],
+ "subnet_ids": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ }
+ },
+ "sensitive_values": {
+ "egress": [
+ {},
+ {}
+ ],
+ "ingress": [
+ {},
+ {}
+ ],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_default_route_table.default[0]",
+ "mode": "managed",
+ "type": "aws_default_route_table",
+ "name": "default",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "propagating_vgws": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "timeouts": {
+ "create": "5m",
+ "update": "5m"
+ }
+ },
+ "sensitive_values": {
+ "route": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_default_security_group.this[0]",
+ "mode": "managed",
+ "type": "aws_default_security_group",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "revoke_rules_on_delete": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ }
+ },
+ "sensitive_values": {
+ "egress": [],
+ "ingress": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_eip.nat[0]",
+ "mode": "managed",
+ "type": "aws_eip",
+ "name": "nat",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "address": null,
+ "associate_with_private_ip": null,
+ "customer_owned_ipv4_pool": null,
+ "domain": "vpc",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_internet_gateway.this[0]",
+ "mode": "managed",
+ "type": "aws_internet_gateway",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_nat_gateway.this[0]",
+ "mode": "managed",
+ "type": "aws_nat_gateway",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "connectivity_type": "public",
+ "secondary_allocation_ids": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "secondary_private_ip_addresses": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route.private_nat_gateway[0]",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "private_nat_gateway",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "carrier_gateway_id": null,
+ "core_network_arn": null,
+ "destination_cidr_block": "0.0.0.0/0",
+ "destination_ipv6_cidr_block": null,
+ "destination_prefix_list_id": null,
+ "egress_only_gateway_id": null,
+ "gateway_id": null,
+ "local_gateway_id": null,
+ "timeouts": {
+ "create": "5m",
+ "delete": null,
+ "update": null
+ },
+ "transit_gateway_id": null,
+ "vpc_endpoint_id": null,
+ "vpc_peering_connection_id": null
+ },
+ "sensitive_values": {
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route.public_internet_gateway[0]",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "public_internet_gateway",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "carrier_gateway_id": null,
+ "core_network_arn": null,
+ "destination_cidr_block": "0.0.0.0/0",
+ "destination_ipv6_cidr_block": null,
+ "destination_prefix_list_id": null,
+ "egress_only_gateway_id": null,
+ "local_gateway_id": null,
+ "nat_gateway_id": null,
+ "timeouts": {
+ "create": "5m",
+ "delete": null,
+ "update": null
+ },
+ "transit_gateway_id": null,
+ "vpc_endpoint_id": null,
+ "vpc_peering_connection_id": null
+ },
+ "sensitive_values": {
+ "timeouts": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table.private[0]",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "propagating_vgws": [],
+ "route": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table.public[0]",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "propagating_vgws": [],
+ "route": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[0]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[1]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[2]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[0]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[1]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[2]",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[0]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2a",
+ "cidr_block": "10.0.0.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2a",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2a",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[1]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2b",
+ "cidr_block": "10.0.16.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2b",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2b",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[2]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2c",
+ "cidr_block": "10.0.32.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2c",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2c",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[0]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2a",
+ "cidr_block": "10.0.48.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2a",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2a",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[1]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2b",
+ "cidr_block": "10.0.49.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2b",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2b",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[2]",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2c",
+ "cidr_block": "10.0.50.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2c",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2c",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_vpc.this[0]",
+ "mode": "managed",
+ "type": "aws_vpc",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 1,
+ "values": {
+ "assign_generated_ipv6_cidr_block": null,
+ "cidr_block": "10.0.0.0/16",
+ "enable_dns_hostnames": true,
+ "enable_dns_support": true,
+ "instance_tenancy": "default",
+ "ipv4_ipam_pool_id": null,
+ "ipv4_netmask_length": null,
+ "ipv6_ipam_pool_id": null,
+ "ipv6_netmask_length": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ }
+ },
+ "sensitive_values": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ ],
+ "address": "module.vpc"
+ }
+ ]
+ }
+ },
+ "resource_changes": [
+ {
+ "address": "kubernetes_deployment_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_deployment_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048",
+ "namespace": "app-2048"
+ }
+ ],
+ "spec": [
+ {
+ "min_ready_seconds": 0,
+ "paused": false,
+ "progress_deadline_seconds": 600,
+ "replicas": "3",
+ "revision_history_limit": 10,
+ "selector": [
+ {
+ "match_expressions": [],
+ "match_labels": {
+ "app.kubernetes.io/name": "app-2048"
+ }
+ }
+ ],
+ "template": [
+ {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": {
+ "app.kubernetes.io/name": "app-2048"
+ },
+ "namespace": null
+ }
+ ],
+ "spec": [
+ {
+ "active_deadline_seconds": null,
+ "affinity": [],
+ "automount_service_account_token": true,
+ "container": [
+ {
+ "args": null,
+ "command": null,
+ "env": [],
+ "env_from": [],
+ "image": "public.ecr.aws/l6m2t8p7/docker-2048:latest",
+ "lifecycle": [],
+ "liveness_probe": [],
+ "name": "app-2048",
+ "port": [
+ {
+ "container_port": 80,
+ "host_ip": null,
+ "host_port": null,
+ "name": null,
+ "protocol": "TCP"
+ }
+ ],
+ "readiness_probe": [],
+ "security_context": [],
+ "startup_probe": [],
+ "stdin": false,
+ "stdin_once": false,
+ "termination_message_path": "/dev/termination-log",
+ "tty": false,
+ "volume_mount": [],
+ "working_dir": null
+ }
+ ],
+ "dns_config": [],
+ "dns_policy": "ClusterFirst",
+ "enable_service_links": true,
+ "host_aliases": [],
+ "host_ipc": false,
+ "host_network": false,
+ "host_pid": false,
+ "init_container": [],
+ "node_selector": null,
+ "priority_class_name": null,
+ "restart_policy": "Always",
+ "runtime_class_name": null,
+ "security_context": [],
+ "share_process_namespace": false,
+ "subdomain": null,
+ "termination_grace_period_seconds": 30,
+ "toleration": [],
+ "topology_spread_constraint": [],
+ "volume": []
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "timeouts": null,
+ "wait_for_rollout": true
+ },
+ "after_unknown": {
+ "id": true,
+ "metadata": [
+ {
+ "generation": true,
+ "resource_version": true,
+ "uid": true
+ }
+ ],
+ "spec": [
+ {
+ "selector": [
+ {
+ "match_expressions": [],
+ "match_labels": {}
+ }
+ ],
+ "strategy": true,
+ "template": [
+ {
+ "metadata": [
+ {
+ "generation": true,
+ "labels": {},
+ "name": true,
+ "resource_version": true,
+ "uid": true
+ }
+ ],
+ "spec": [
+ {
+ "affinity": [],
+ "container": [
+ {
+ "env": [],
+ "env_from": [],
+ "image_pull_policy": true,
+ "lifecycle": [],
+ "liveness_probe": [],
+ "port": [
+ {}
+ ],
+ "readiness_probe": [],
+ "resources": true,
+ "security_context": [],
+ "startup_probe": [],
+ "termination_message_policy": true,
+ "volume_mount": []
+ }
+ ],
+ "dns_config": [],
+ "host_aliases": [],
+ "hostname": true,
+ "image_pull_secrets": true,
+ "init_container": [],
+ "node_name": true,
+ "readiness_gate": true,
+ "scheduler_name": true,
+ "security_context": [],
+ "service_account_name": true,
+ "toleration": [],
+ "topology_spread_constraint": [],
+ "volume": []
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "metadata": [
+ {}
+ ],
+ "spec": [
+ {
+ "selector": [
+ {
+ "match_expressions": [],
+ "match_labels": {}
+ }
+ ],
+ "strategy": [],
+ "template": [
+ {
+ "metadata": [
+ {
+ "labels": {}
+ }
+ ],
+ "spec": [
+ {
+ "affinity": [],
+ "container": [
+ {
+ "env": [],
+ "env_from": [],
+ "lifecycle": [],
+ "liveness_probe": [],
+ "port": [
+ {}
+ ],
+ "readiness_probe": [],
+ "resources": [],
+ "security_context": [],
+ "startup_probe": [],
+ "volume_mount": []
+ }
+ ],
+ "dns_config": [],
+ "host_aliases": [],
+ "image_pull_secrets": [],
+ "init_container": [],
+ "readiness_gate": [],
+ "security_context": [],
+ "toleration": [],
+ "topology_spread_constraint": [],
+ "volume": []
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ },
+ {
+ "address": "kubernetes_namespace_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_default_service_account": false
+ },
+ "after_unknown": {
+ "id": true,
+ "metadata": [
+ {
+ "generation": true,
+ "resource_version": true,
+ "uid": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "metadata": [
+ {}
+ ]
+ }
+ }
+ },
+ {
+ "address": "kubernetes_service_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_service_v1",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "app-2048",
+ "namespace": "app-2048"
+ }
+ ],
+ "spec": [
+ {
+ "allocate_load_balancer_node_ports": true,
+ "external_ips": null,
+ "external_name": null,
+ "load_balancer_class": null,
+ "load_balancer_ip": null,
+ "load_balancer_source_ranges": null,
+ "port": [
+ {
+ "app_protocol": null,
+ "name": null,
+ "port": 80,
+ "protocol": "TCP",
+ "target_port": "80"
+ }
+ ],
+ "publish_not_ready_addresses": false,
+ "selector": {
+ "app.kubernetes.io/name": "app-2048"
+ },
+ "session_affinity": "None",
+ "type": "NodePort"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_load_balancer": true
+ },
+ "after_unknown": {
+ "id": true,
+ "metadata": [
+ {
+ "generation": true,
+ "resource_version": true,
+ "uid": true
+ }
+ ],
+ "spec": [
+ {
+ "cluster_ip": true,
+ "cluster_ips": true,
+ "external_traffic_policy": true,
+ "health_check_node_port": true,
+ "internal_traffic_policy": true,
+ "ip_families": true,
+ "ip_family_policy": true,
+ "port": [
+ {
+ "node_port": true
+ }
+ ],
+ "selector": {},
+ "session_affinity_config": true
+ }
+ ],
+ "status": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "metadata": [
+ {}
+ ],
+ "spec": [
+ {
+ "cluster_ips": [],
+ "ip_families": [],
+ "port": [
+ {}
+ ],
+ "selector": {},
+ "session_affinity_config": []
+ }
+ ],
+ "status": []
+ }
+ }
+ },
+ {
+ "address": "module.eks.data.tls_certificate.this[0]",
+ "module_address": "module.eks",
+ "mode": "data",
+ "type": "tls_certificate",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/tls",
+ "change": {
+ "actions": [
+ "read"
+ ],
+ "before": null,
+ "after": {
+ "content": null,
+ "verify_chain": null
+ },
+ "after_unknown": {
+ "certificates": true,
+ "id": true,
+ "url": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificates": []
+ }
+ },
+ "action_reason": "read_because_config_unknown"
+ },
+ {
+ "address": "module.eks.aws_cloudwatch_log_group.this[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "kms_key_id": null,
+ "name": "/aws/eks/fargate-serverless/cluster",
+ "retention_in_days": 90,
+ "skip_destroy": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "/aws/eks/fargate-serverless/cluster"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "/aws/eks/fargate-serverless/cluster"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name_prefix": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.aws_ec2_tag.cluster_primary_security_group[\"Blueprint\"]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_ec2_tag",
+ "name": "cluster_primary_security_group",
+ "index": "Blueprint",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "key": "Blueprint",
+ "value": "fargate-serverless"
+ },
+ "after_unknown": {
+ "id": true,
+ "resource_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_ec2_tag.cluster_primary_security_group[\"GithubRepo\"]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_ec2_tag",
+ "name": "cluster_primary_security_group",
+ "index": "GithubRepo",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "key": "GithubRepo",
+ "value": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "after_unknown": {
+ "id": true,
+ "resource_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_eks_cluster.this[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "enabled_cluster_log_types": [
+ "api",
+ "audit",
+ "authenticator"
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ "secrets"
+ ]
+ }
+ ],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "name": "fargate-serverless",
+ "outpost_config": [],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ },
+ "version": "1.27",
+ "vpc_config": [
+ {
+ "endpoint_private_access": true,
+ "endpoint_public_access": true,
+ "public_access_cidrs": [
+ "0.0.0.0/0"
+ ],
+ "security_group_ids": null
+ }
+ ]
+ },
+ "after_unknown": {
+ "arn": true,
+ "certificate_authority": true,
+ "cluster_id": true,
+ "created_at": true,
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {
+ "key_arn": true
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "endpoint": true,
+ "id": true,
+ "identity": true,
+ "kubernetes_network_config": [
+ {
+ "ip_family": true,
+ "service_ipv4_cidr": true,
+ "service_ipv6_cidr": true
+ }
+ ],
+ "outpost_config": [],
+ "platform_version": true,
+ "role_arn": true,
+ "status": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "cluster_security_group_id": true,
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": true,
+ "vpc_id": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "certificate_authority": [],
+ "enabled_cluster_log_types": [
+ false,
+ false,
+ false
+ ],
+ "encryption_config": [
+ {
+ "provider": [
+ {}
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ],
+ "identity": [],
+ "kubernetes_network_config": [
+ {}
+ ],
+ "outpost_config": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_config": [
+ {
+ "public_access_cidrs": [
+ false
+ ],
+ "subnet_ids": []
+ }
+ ]
+ }
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_openid_connect_provider.oidc_provider[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_openid_connect_provider",
+ "name": "oidc_provider",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "client_id_list": [
+ "sts.amazonaws.com"
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-eks-irsa"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-eks-irsa"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "client_id_list": [
+ false
+ ],
+ "id": true,
+ "tags": {},
+ "tags_all": {},
+ "thumbprint_list": true,
+ "url": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "client_id_list": [
+ false
+ ],
+ "tags": {},
+ "tags_all": {},
+ "thumbprint_list": []
+ }
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_policy.cluster_encryption[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "cluster_encryption",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "description": "Cluster encryption policy to allow cluster role to utilize CMK provided",
+ "name_prefix": "fargate-serverless-cluster-ClusterEncryption",
+ "path": "/",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name": true,
+ "policy": true,
+ "policy_id": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role.this[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Sid\":\"EKSClusterAssumeRole\"}],\"Version\":\"2012-10-17\"}",
+ "description": null,
+ "force_detach_policies": true,
+ "inline_policy": [
+ {
+ "name": "fargate-serverless-cluster",
+ "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"logs:CreateLogGroup\"],\"Effect\":\"Deny\",\"Resource\":\"*\"}]}"
+ }
+ ],
+ "max_session_duration": 3600,
+ "name_prefix": "fargate-serverless-cluster-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "create_date": true,
+ "id": true,
+ "inline_policy": [
+ {}
+ ],
+ "managed_policy_arns": true,
+ "name": true,
+ "tags": {},
+ "tags_all": {},
+ "unique_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "inline_policy": [
+ {}
+ ],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.cluster_encryption[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "cluster_encryption",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {},
+ "after_unknown": {
+ "id": true,
+ "policy_arn": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.this[\"AmazonEKSClusterPolicy\"]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "AmazonEKSClusterPolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.aws_iam_role_policy_attachment.this[\"AmazonEKSVPCResourceController\"]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "AmazonEKSVPCResourceController",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.time_sleep.this[0]",
+ "module_address": "module.eks",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/time",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "create_duration": "30s",
+ "destroy_duration": null,
+ "triggers": {
+ "cluster_name": "fargate-serverless",
+ "cluster_version": "1.27"
+ }
+ },
+ "after_unknown": {
+ "id": true,
+ "triggers": {
+ "cluster_certificate_authority_data": true,
+ "cluster_endpoint": true
+ }
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "triggers": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_iam_policy_document.fargate_fluentbit[0]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "read"
+ ],
+ "before": null,
+ "after": {
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [],
+ "resources": [
+ null,
+ null
+ ],
+ "sid": "PutLogEvents"
+ }
+ ],
+ "version": null
+ },
+ "after_unknown": {
+ "id": true,
+ "json": true,
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [],
+ "resources": [
+ true,
+ true
+ ]
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [],
+ "resources": [
+ false,
+ false
+ ]
+ }
+ ]
+ }
+ },
+ "action_reason": "read_because_config_unknown"
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "kms_key_id": null,
+ "name_prefix": "/fargate-serverless/fargate-fluentbit-logs",
+ "retention_in_days": 90,
+ "skip_destroy": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"coredns\"]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "coredns",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "addon_name": "coredns",
+ "addon_version": "v1.10.1-eksbuild.5",
+ "cluster_name": "fargate-serverless",
+ "configuration_values": "{\"computeType\":\"Fargate\",\"resources\":{\"limits\":{\"cpu\":\"0.25\",\"memory\":\"256M\"},\"requests\":{\"cpu\":\"0.25\",\"memory\":\"256M\"}}}",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "created_at": true,
+ "id": true,
+ "modified_at": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"kube-proxy\"]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "kube-proxy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "addon_name": "kube-proxy",
+ "addon_version": "v1.27.6-eksbuild.2",
+ "cluster_name": "fargate-serverless",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "configuration_values": true,
+ "created_at": true,
+ "id": true,
+ "modified_at": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_eks_addon.this[\"vpc-cni\"]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "index": "vpc-cni",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "addon_name": "vpc-cni",
+ "addon_version": "v1.15.1-eksbuild.1",
+ "cluster_name": "fargate-serverless",
+ "preserve": true,
+ "resolve_conflicts": null,
+ "resolve_conflicts_on_create": "OVERWRITE",
+ "resolve_conflicts_on_update": "OVERWRITE",
+ "service_account_role_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null,
+ "update": null
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "configuration_values": true,
+ "created_at": true,
+ "id": true,
+ "modified_at": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.aws_iam_policy.fargate_fluentbit[0]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "fargate_fluentbit",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "description": null,
+ "name_prefix": "fargate-serverless-fargate-fluentbit-logs-",
+ "path": "/",
+ "tags": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name": true,
+ "policy": true,
+ "policy_id": true,
+ "tags_all": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.kubernetes_config_map_v1.aws_logging[0]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "kubernetes_config_map_v1",
+ "name": "aws_logging",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "binary_data": null,
+ "immutable": null,
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": null,
+ "name": "aws-logging"
+ }
+ ]
+ },
+ "after_unknown": {
+ "data": true,
+ "id": true,
+ "metadata": [
+ {
+ "generation": true,
+ "namespace": true,
+ "resource_version": true,
+ "uid": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "data": {},
+ "metadata": [
+ {}
+ ]
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.kubernetes_namespace_v1.aws_observability[0]",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "aws_observability",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/kubernetes",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "metadata": [
+ {
+ "annotations": null,
+ "generate_name": null,
+ "labels": {
+ "aws-observability": "enabled"
+ },
+ "name": "aws-observability"
+ }
+ ],
+ "timeouts": null,
+ "wait_for_default_service_account": false
+ },
+ "after_unknown": {
+ "id": true,
+ "metadata": [
+ {
+ "generation": true,
+ "labels": {},
+ "resource_version": true,
+ "uid": true
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "metadata": [
+ {
+ "labels": {}
+ }
+ ]
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.time_sleep.this",
+ "module_address": "module.eks_blueprints_addons",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "provider_name": "registry.terraform.io/hashicorp/time",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "create_duration": "30s",
+ "destroy_duration": null,
+ "triggers": {
+ "cluster_name": "fargate-serverless"
+ }
+ },
+ "after_unknown": {
+ "id": true,
+ "triggers": {
+ "cluster_endpoint": true,
+ "custom": true,
+ "oidc_provider_arn": true
+ }
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "triggers": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_default_network_acl.this[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_default_network_acl",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "egress": [
+ {
+ "action": "allow",
+ "cidr_block": "",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": 101,
+ "to_port": 0
+ },
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "",
+ "protocol": "-1",
+ "rule_no": 100,
+ "to_port": 0
+ }
+ ],
+ "ingress": [
+ {
+ "action": "allow",
+ "cidr_block": "",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": 101,
+ "to_port": 0
+ },
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": 0,
+ "icmp_code": null,
+ "icmp_type": null,
+ "ipv6_cidr_block": "",
+ "protocol": "-1",
+ "rule_no": 100,
+ "to_port": 0
+ }
+ ],
+ "subnet_ids": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "default_network_acl_id": true,
+ "egress": [
+ {},
+ {}
+ ],
+ "id": true,
+ "ingress": [
+ {},
+ {}
+ ],
+ "owner_id": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "egress": [
+ {},
+ {}
+ ],
+ "ingress": [
+ {},
+ {}
+ ],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_default_route_table.default[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_default_route_table",
+ "name": "default",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "propagating_vgws": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "timeouts": {
+ "create": "5m",
+ "update": "5m"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "default_route_table_id": true,
+ "id": true,
+ "owner_id": true,
+ "route": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "route": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_default_security_group.this[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_default_security_group",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "revoke_rules_on_delete": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-default"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "description": true,
+ "egress": true,
+ "id": true,
+ "ingress": true,
+ "name": true,
+ "name_prefix": true,
+ "owner_id": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "egress": [],
+ "ingress": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_eip.nat[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_eip",
+ "name": "nat",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "address": null,
+ "associate_with_private_ip": null,
+ "customer_owned_ipv4_pool": null,
+ "domain": "vpc",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "allocation_id": true,
+ "association_id": true,
+ "carrier_ip": true,
+ "customer_owned_ip": true,
+ "id": true,
+ "instance": true,
+ "network_border_group": true,
+ "network_interface": true,
+ "private_dns": true,
+ "private_ip": true,
+ "public_dns": true,
+ "public_ip": true,
+ "public_ipv4_pool": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_internet_gateway.this[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_internet_gateway",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "owner_id": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_nat_gateway.this[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_nat_gateway",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "connectivity_type": "public",
+ "secondary_allocation_ids": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-us-west-2a"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "allocation_id": true,
+ "association_id": true,
+ "id": true,
+ "network_interface_id": true,
+ "private_ip": true,
+ "public_ip": true,
+ "secondary_private_ip_address_count": true,
+ "secondary_private_ip_addresses": true,
+ "subnet_id": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "secondary_private_ip_addresses": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_route.private_nat_gateway[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "private_nat_gateway",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "carrier_gateway_id": null,
+ "core_network_arn": null,
+ "destination_cidr_block": "0.0.0.0/0",
+ "destination_ipv6_cidr_block": null,
+ "destination_prefix_list_id": null,
+ "egress_only_gateway_id": null,
+ "gateway_id": null,
+ "local_gateway_id": null,
+ "timeouts": {
+ "create": "5m",
+ "delete": null,
+ "update": null
+ },
+ "transit_gateway_id": null,
+ "vpc_endpoint_id": null,
+ "vpc_peering_connection_id": null
+ },
+ "after_unknown": {
+ "id": true,
+ "instance_id": true,
+ "instance_owner_id": true,
+ "nat_gateway_id": true,
+ "network_interface_id": true,
+ "origin": true,
+ "route_table_id": true,
+ "state": true,
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_route.public_internet_gateway[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "public_internet_gateway",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "carrier_gateway_id": null,
+ "core_network_arn": null,
+ "destination_cidr_block": "0.0.0.0/0",
+ "destination_ipv6_cidr_block": null,
+ "destination_prefix_list_id": null,
+ "egress_only_gateway_id": null,
+ "local_gateway_id": null,
+ "nat_gateway_id": null,
+ "timeouts": {
+ "create": "5m",
+ "delete": null,
+ "update": null
+ },
+ "transit_gateway_id": null,
+ "vpc_endpoint_id": null,
+ "vpc_peering_connection_id": null
+ },
+ "after_unknown": {
+ "gateway_id": true,
+ "id": true,
+ "instance_id": true,
+ "instance_owner_id": true,
+ "network_interface_id": true,
+ "origin": true,
+ "route_table_id": true,
+ "state": true,
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table.private[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "owner_id": true,
+ "propagating_vgws": true,
+ "route": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "propagating_vgws": [],
+ "route": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table.public[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "owner_id": true,
+ "propagating_vgws": true,
+ "route": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "propagating_vgws": [],
+ "route": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[1]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.private[2]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[1]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_route_table_association.public[2]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "gateway_id": null,
+ "timeouts": null
+ },
+ "after_unknown": {
+ "id": true,
+ "route_table_id": true,
+ "subnet_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2a",
+ "cidr_block": "10.0.0.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2a",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2a",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[1]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2b",
+ "cidr_block": "10.0.16.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2b",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2b",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.private[2]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2c",
+ "cidr_block": "10.0.32.0/20",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2c",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-private-us-west-2c",
+ "kubernetes.io/role/internal-elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2a",
+ "cidr_block": "10.0.48.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2a",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2a",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[1]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 1,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2b",
+ "cidr_block": "10.0.49.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2b",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2b",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_subnet.public[2]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "index": 2,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_ipv6_address_on_creation": false,
+ "availability_zone": "us-west-2c",
+ "cidr_block": "10.0.50.0/24",
+ "customer_owned_ipv4_pool": null,
+ "enable_dns64": false,
+ "enable_lni_at_device_index": null,
+ "enable_resource_name_dns_a_record_on_launch": false,
+ "enable_resource_name_dns_aaaa_record_on_launch": false,
+ "ipv6_cidr_block": null,
+ "ipv6_native": false,
+ "map_customer_owned_ip_on_launch": null,
+ "map_public_ip_on_launch": false,
+ "outpost_arn": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2c",
+ "kubernetes.io/role/elb": "1"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless-public-us-west-2c",
+ "kubernetes.io/role/elb": "1"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "availability_zone_id": true,
+ "id": true,
+ "ipv6_cidr_block_association_id": true,
+ "owner_id": true,
+ "private_dns_hostname_type_on_launch": true,
+ "tags": {},
+ "tags_all": {},
+ "vpc_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.vpc.aws_vpc.this[0]",
+ "module_address": "module.vpc",
+ "mode": "managed",
+ "type": "aws_vpc",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assign_generated_ipv6_cidr_block": null,
+ "cidr_block": "10.0.0.0/16",
+ "enable_dns_hostnames": true,
+ "enable_dns_support": true,
+ "instance_tenancy": "default",
+ "ipv4_ipam_pool_id": null,
+ "ipv4_netmask_length": null,
+ "ipv6_ipam_pool_id": null,
+ "ipv6_netmask_length": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints",
+ "Name": "fargate-serverless"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "default_network_acl_id": true,
+ "default_route_table_id": true,
+ "default_security_group_id": true,
+ "dhcp_options_id": true,
+ "enable_network_address_usage_metrics": true,
+ "id": true,
+ "ipv6_association_id": true,
+ "ipv6_cidr_block": true,
+ "ipv6_cidr_block_network_border_group": true,
+ "main_route_table_id": true,
+ "owner_id": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "module_address": "module.eks.module.fargate_profile[\"app_wildcard\"]",
+ "mode": "managed",
+ "type": "aws_eks_fargate_profile",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "cluster_name": "fargate-serverless",
+ "fargate_profile_name": "app_wildcard",
+ "selector": [
+ {
+ "labels": null,
+ "namespace": "app-*"
+ }
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "pod_execution_role_arn": true,
+ "selector": [
+ {}
+ ],
+ "status": true,
+ "subnet_ids": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "selector": [
+ {}
+ ],
+ "subnet_ids": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role.this[0]",
+ "module_address": "module.eks.module.fargate_profile[\"app_wildcard\"]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks-fargate-pods.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
+ "description": "Fargate profile IAM role",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "app_wildcard-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "create_date": true,
+ "id": true,
+ "inline_policy": true,
+ "managed_policy_arns": true,
+ "name": true,
+ "tags": {},
+ "tags_all": {},
+ "unique_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.additional[\"additional\"]",
+ "module_address": "module.eks.module.fargate_profile[\"app_wildcard\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "index": "additional",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {},
+ "after_unknown": {
+ "id": true,
+ "policy_arn": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\"]",
+ "module_address": "module.eks.module.fargate_profile[\"app_wildcard\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"]",
+ "module_address": "module.eks.module.fargate_profile[\"app_wildcard\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "module_address": "module.eks.module.fargate_profile[\"kube_system\"]",
+ "mode": "managed",
+ "type": "aws_eks_fargate_profile",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "cluster_name": "fargate-serverless",
+ "fargate_profile_name": "kube-system",
+ "selector": [
+ {
+ "labels": null,
+ "namespace": "kube-system"
+ }
+ ],
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": {
+ "create": null,
+ "delete": null
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "pod_execution_role_arn": true,
+ "selector": [
+ {}
+ ],
+ "status": true,
+ "subnet_ids": true,
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "selector": [
+ {}
+ ],
+ "subnet_ids": [],
+ "tags": {},
+ "tags_all": {},
+ "timeouts": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role.this[0]",
+ "module_address": "module.eks.module.fargate_profile[\"kube_system\"]",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks-fargate-pods.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
+ "description": "Fargate profile IAM role",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "kube-system-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "create_date": true,
+ "id": true,
+ "inline_policy": true,
+ "managed_policy_arns": true,
+ "name": true,
+ "tags": {},
+ "tags_all": {},
+ "unique_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.additional[\"additional\"]",
+ "module_address": "module.eks.module.fargate_profile[\"kube_system\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "index": "additional",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {},
+ "after_unknown": {
+ "id": true,
+ "policy_arn": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\"]",
+ "module_address": "module.eks.module.fargate_profile[\"kube_system\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role_policy_attachment.this[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"]",
+ "module_address": "module.eks.module.fargate_profile[\"kube_system\"]",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+ },
+ "after_unknown": {
+ "id": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.kms.data.aws_iam_policy_document.this[0]",
+ "module_address": "module.eks.module.kms",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "read"
+ ],
+ "before": null,
+ "after": {
+ "override_policy_documents": [],
+ "policy_id": null,
+ "source_policy_documents": [],
+ "statement": [
+ {
+ "actions": [
+ "kms:CancelKeyDeletion",
+ "kms:Create*",
+ "kms:Delete*",
+ "kms:Describe*",
+ "kms:Disable*",
+ "kms:Enable*",
+ "kms:Get*",
+ "kms:List*",
+ "kms:Put*",
+ "kms:Revoke*",
+ "kms:ScheduleKeyDeletion",
+ "kms:TagResource",
+ "kms:UntagResource",
+ "kms:Update*"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ "arn:aws:iam::458468232176:user/cdk-workshop"
+ ],
+ "type": "AWS"
+ }
+ ],
+ "resources": [
+ "*"
+ ],
+ "sid": "KeyAdministration"
+ },
+ {
+ "actions": [
+ "kms:Decrypt",
+ "kms:DescribeKey",
+ "kms:Encrypt",
+ "kms:GenerateDataKey*",
+ "kms:ReEncrypt*"
+ ],
+ "condition": [],
+ "effect": null,
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ null
+ ],
+ "type": "AWS"
+ }
+ ],
+ "resources": [
+ "*"
+ ],
+ "sid": "KeyUsage"
+ }
+ ],
+ "version": null
+ },
+ "after_unknown": {
+ "id": true,
+ "json": true,
+ "override_policy_documents": [],
+ "source_policy_documents": [],
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ true
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "override_policy_documents": [],
+ "source_policy_documents": [],
+ "statement": [
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": [
+ false
+ ]
+ }
+ ]
+ }
+ },
+ "action_reason": "read_because_config_unknown"
+ },
+ {
+ "address": "module.eks.module.kms.aws_kms_alias.this[\"cluster\"]",
+ "module_address": "module.eks.module.kms",
+ "mode": "managed",
+ "type": "aws_kms_alias",
+ "name": "this",
+ "index": "cluster",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "name": "alias/eks/fargate-serverless"
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name_prefix": true,
+ "target_key_arn": true,
+ "target_key_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks.module.kms.aws_kms_key.this[0]",
+ "module_address": "module.eks.module.kms",
+ "mode": "managed",
+ "type": "aws_kms_key",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "bypass_policy_lockout_safety_check": false,
+ "custom_key_store_id": null,
+ "customer_master_key_spec": "SYMMETRIC_DEFAULT",
+ "deletion_window_in_days": null,
+ "description": "fargate-serverless cluster encryption key",
+ "enable_key_rotation": true,
+ "is_enabled": true,
+ "key_usage": "ENCRYPT_DECRYPT",
+ "multi_region": false,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "timeouts": null
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "key_id": true,
+ "policy": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.assume[0]",
+ "module_address": "module.eks_blueprints_addons.module.aws_load_balancer_controller",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "read"
+ ],
+ "before": null,
+ "after": {
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "sts:AssumeRoleWithWebIdentity"
+ ],
+ "condition": [
+ {
+ "test": "StringEquals",
+ "values": [
+ "sts.amazonaws.com"
+ ]
+ },
+ {
+ "test": "StringEquals",
+ "values": [
+ "system:serviceaccount:kube-system:aws-load-balancer-controller-sa"
+ ]
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": null,
+ "not_principals": [],
+ "not_resources": null,
+ "principals": [
+ {
+ "identifiers": [
+ null
+ ],
+ "type": "Federated"
+ }
+ ],
+ "resources": null,
+ "sid": null
+ }
+ ],
+ "version": null
+ },
+ "after_unknown": {
+ "id": true,
+ "json": true,
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ],
+ "variable": true
+ },
+ {
+ "values": [
+ false
+ ],
+ "variable": true
+ }
+ ],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ true
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_principals": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "action_reason": "read_because_config_unknown"
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]",
+ "module_address": "module.eks_blueprints_addons.module.aws_load_balancer_controller",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "description": "IAM Policy for AWS Load Balancer Controller",
+ "name_prefix": "alb-controller-",
+ "path": "/",
+ "policy": "{\"Statement\":[{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateSecurityGroup\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"elasticloadbalancing:AddTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "id": true,
+ "name": true,
+ "policy_id": true,
+ "tags": {},
+ "tags_all": {}
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "module_address": "module.eks_blueprints_addons.module.aws_load_balancer_controller",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "description": "IRSA for aws-load-balancer-controller project",
+ "force_detach_policies": true,
+ "max_session_duration": 3600,
+ "name_prefix": "alb-controller-",
+ "path": "/",
+ "permissions_boundary": null,
+ "tags": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ },
+ "tags_all": {
+ "Blueprint": "fargate-serverless",
+ "GithubRepo": "github.com/aws-ia/terraform-aws-eks-blueprints"
+ }
+ },
+ "after_unknown": {
+ "arn": true,
+ "assume_role_policy": true,
+ "create_date": true,
+ "id": true,
+ "inline_policy": true,
+ "managed_policy_arns": true,
+ "name": true,
+ "tags": {},
+ "tags_all": {},
+ "unique_id": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "inline_policy": [],
+ "managed_policy_arns": [],
+ "tags": {},
+ "tags_all": {}
+ }
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role_policy_attachment.this[0]",
+ "module_address": "module.eks_blueprints_addons.module.aws_load_balancer_controller",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {},
+ "after_unknown": {
+ "id": true,
+ "policy_arn": true,
+ "role": true
+ },
+ "before_sensitive": false,
+ "after_sensitive": {}
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "module_address": "module.eks_blueprints_addons.module.aws_load_balancer_controller",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/helm",
+ "change": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": {
+ "atomic": false,
+ "chart": "aws-load-balancer-controller",
+ "cleanup_on_fail": false,
+ "create_namespace": false,
+ "dependency_update": false,
+ "description": "A Helm chart to deploy aws-load-balancer-controller for ingress resources",
+ "devel": null,
+ "disable_crd_hooks": false,
+ "disable_openapi_validation": false,
+ "disable_webhooks": false,
+ "force_update": false,
+ "keyring": null,
+ "lint": false,
+ "max_history": 0,
+ "name": "aws-load-balancer-controller",
+ "namespace": "kube-system",
+ "pass_credentials": false,
+ "postrender": [],
+ "recreate_pods": false,
+ "render_subchart_notes": true,
+ "replace": false,
+ "repository": "https://aws.github.io/eks-charts",
+ "repository_ca_file": null,
+ "repository_cert_file": null,
+ "repository_key_file": null,
+ "repository_password": null,
+ "repository_username": null,
+ "reset_values": false,
+ "reuse_values": false,
+ "set_list": [],
+ "set_sensitive": [],
+ "skip_crds": false,
+ "status": "deployed",
+ "timeout": 300,
+ "values": [],
+ "verify": false,
+ "version": "1.6.0",
+ "wait": false,
+ "wait_for_jobs": false
+ },
+ "after_unknown": {
+ "id": true,
+ "manifest": true,
+ "metadata": true,
+ "postrender": [],
+ "set": true,
+ "set_list": [],
+ "set_sensitive": [],
+ "values": []
+ },
+ "before_sensitive": false,
+ "after_sensitive": {
+ "metadata": [],
+ "postrender": [],
+ "repository_password": true,
+ "set": [],
+ "set_list": [],
+ "set_sensitive": [],
+ "values": []
+ }
+ }
+ }
+ ],
+ "output_changes": {
+ "configure_kubectl": {
+ "actions": [
+ "create"
+ ],
+ "before": null,
+ "after": "aws eks --region us-west-2 update-kubeconfig --name fargate-serverless",
+ "after_unknown": false,
+ "before_sensitive": false,
+ "after_sensitive": false
+ }
+ },
+ "prior_state": {
+ "format_version": "1.0",
+ "terraform_version": "1.5.7",
+ "values": {
+ "outputs": {
+ "configure_kubectl": {
+ "sensitive": false,
+ "value": "aws eks --region us-west-2 update-kubeconfig --name fargate-serverless",
+ "type": "string"
+ }
+ },
+ "root_module": {
+ "resources": [
+ {
+ "address": "data.aws_availability_zones.available",
+ "mode": "data",
+ "type": "aws_availability_zones",
+ "name": "available",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "all_availability_zones": null,
+ "exclude_names": null,
+ "exclude_zone_ids": null,
+ "filter": null,
+ "group_names": [
+ "us-west-2"
+ ],
+ "id": "us-west-2",
+ "names": [
+ "us-west-2a",
+ "us-west-2b",
+ "us-west-2c",
+ "us-west-2d"
+ ],
+ "state": null,
+ "timeouts": null,
+ "zone_ids": [
+ "usw2-az2",
+ "usw2-az1",
+ "usw2-az3",
+ "usw2-az4"
+ ]
+ },
+ "sensitive_values": {
+ "group_names": [
+ false
+ ],
+ "names": [
+ false,
+ false,
+ false,
+ false
+ ],
+ "zone_ids": [
+ false,
+ false,
+ false,
+ false
+ ]
+ }
+ }
+ ],
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks.data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.data.aws_iam_policy_document.assume_role_policy[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "id": "2764486067",
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSClusterAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n }\n }\n ]\n}",
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "sts:AssumeRole"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ "eks.amazonaws.com"
+ ],
+ "type": "Service"
+ }
+ ],
+ "resources": [],
+ "sid": "EKSClusterAssumeRole"
+ }
+ ],
+ "version": "2012-10-17"
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": []
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks.data.aws_iam_session_context.current",
+ "mode": "data",
+ "type": "aws_iam_session_context",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "issuer_arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "issuer_id": "",
+ "issuer_name": "",
+ "session_name": ""
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks",
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_iam_policy_document.assume_role_policy[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "id": "3016102342",
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks-fargate-pods.amazonaws.com\"\n }\n }\n ]\n}",
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "sts:AssumeRole"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ "eks-fargate-pods.amazonaws.com"
+ ],
+ "type": "Service"
+ }
+ ],
+ "resources": [],
+ "sid": ""
+ }
+ ],
+ "version": "2012-10-17"
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": []
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks.module.fargate_profile[\"app_wildcard\"]"
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_iam_policy_document.assume_role_policy[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "id": "3016102342",
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks-fargate-pods.amazonaws.com\"\n }\n }\n ]\n}",
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "sts:AssumeRole"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ "eks-fargate-pods.amazonaws.com"
+ ],
+ "type": "Service"
+ }
+ ],
+ "resources": [],
+ "sid": ""
+ }
+ ],
+ "version": "2012-10-17"
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [
+ {
+ "identifiers": [
+ false
+ ]
+ }
+ ],
+ "resources": []
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks.module.fargate_profile[\"kube_system\"]"
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks.module.kms.data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks.module.kms.data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks.module.kms"
+ }
+ ]
+ },
+ {
+ "resources": [
+ {
+ "address": "module.eks_blueprints_addons.data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_eks_addon_version.this[\"coredns\"]",
+ "mode": "data",
+ "type": "aws_eks_addon_version",
+ "name": "this",
+ "index": "coredns",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "coredns",
+ "id": "coredns",
+ "kubernetes_version": "1.27",
+ "most_recent": true,
+ "version": "v1.10.1-eksbuild.5"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_eks_addon_version.this[\"kube-proxy\"]",
+ "mode": "data",
+ "type": "aws_eks_addon_version",
+ "name": "this",
+ "index": "kube-proxy",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "kube-proxy",
+ "id": "kube-proxy",
+ "kubernetes_version": "1.27",
+ "most_recent": true,
+ "version": "v1.27.6-eksbuild.2"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_eks_addon_version.this[\"vpc-cni\"]",
+ "mode": "data",
+ "type": "aws_eks_addon_version",
+ "name": "this",
+ "index": "vpc-cni",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "addon_name": "vpc-cni",
+ "id": "vpc-cni",
+ "kubernetes_version": "1.27",
+ "most_recent": true,
+ "version": "v1.15.1-eksbuild.1"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_iam_policy_document.aws_load_balancer_controller[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_load_balancer_controller",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "id": "125615348",
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeSSLPolicies\",\n \"elasticloadbalancing:DescribeRules\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeListenerCertificates\",\n \"ec2:GetCoipPoolUsage\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcPeeringConnections\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeCoipPools\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:GetWebACLForResource\",\n \"wafv2:GetWebACL\",\n \"wafv2:DisassociateWebACL\",\n \"wafv2:AssociateWebACL\",\n \"waf-regional:GetWebACLForResource\",\n \"waf-regional:GetWebACL\",\n \"waf-regional:DisassociateWebACL\",\n \"waf-regional:AssociateWebACL\",\n \"shield:GetSubscriptionState\",\n \"shield:DescribeProtection\",\n \"shield:DeleteProtection\",\n \"shield:CreateProtection\",\n \"iam:ListServerCertificates\",\n \"iam:GetServerCertificate\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"acm:ListCertificates\",\n \"acm:DescribeCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSecurityGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"ec2:CreateAction\": \"CreateSecurityGroup\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DeleteTags\",\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DeleteRule\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateListener\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetSubnets\",\n \"elasticloadbalancing:SetSecurityGroups\",\n \"elasticloadbalancing:SetIpAddressType\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:ModifyTargetGroup\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeleteLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"elasticloadbalancing:AddTags\",\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"elasticloadbalancing:CreateAction\": [\n \"CreateTargetGroup\",\n \"CreateLoadBalancer\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:DeregisterTargets\"\n ],\n \"Resource\": \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetWebAcl\",\n \"elasticloadbalancing:RemoveListenerCertificates\",\n \"elasticloadbalancing:ModifyRule\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:AddListenerCertificates\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}",
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": null,
+ "statement": [
+ {
+ "actions": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "condition": [
+ {
+ "test": "StringEquals",
+ "values": [
+ "elasticloadbalancing.amazonaws.com"
+ ],
+ "variable": "iam:AWSServiceName"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeCoipPools",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeTags",
+ "ec2:DescribeVpcPeeringConnections",
+ "ec2:DescribeVpcs",
+ "ec2:GetCoipPoolUsage",
+ "elasticloadbalancing:DescribeListenerCertificates",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeSSLPolicies",
+ "elasticloadbalancing:DescribeTags",
+ "elasticloadbalancing:DescribeTargetGroupAttributes",
+ "elasticloadbalancing:DescribeTargetGroups",
+ "elasticloadbalancing:DescribeTargetHealth"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "cognito-idp:DescribeUserPoolClient",
+ "iam:GetServerCertificate",
+ "iam:ListServerCertificates",
+ "shield:CreateProtection",
+ "shield:DeleteProtection",
+ "shield:DescribeProtection",
+ "shield:GetSubscriptionState",
+ "waf-regional:AssociateWebACL",
+ "waf-regional:DisassociateWebACL",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource",
+ "wafv2:AssociateWebACL",
+ "wafv2:DisassociateWebACL",
+ "wafv2:GetWebACL",
+ "wafv2:GetWebACLForResource"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:RevokeSecurityGroupIngress"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:CreateSecurityGroup"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:CreateTags"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ },
+ {
+ "test": "StringEquals",
+ "values": [
+ "CreateSecurityGroup"
+ ],
+ "variable": "ec2:CreateAction"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ },
+ {
+ "test": "Null",
+ "values": [
+ "true"
+ ],
+ "variable": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:DeleteSecurityGroup",
+ "ec2:RevokeSecurityGroupIngress"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:CreateLoadBalancer",
+ "elasticloadbalancing:CreateTargetGroup"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:CreateListener",
+ "elasticloadbalancing:CreateRule",
+ "elasticloadbalancing:DeleteListener",
+ "elasticloadbalancing:DeleteRule"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:AddTags",
+ "elasticloadbalancing:RemoveTags"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ },
+ {
+ "test": "Null",
+ "values": [
+ "true"
+ ],
+ "variable": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:AddTags",
+ "elasticloadbalancing:RemoveTags"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:DeleteLoadBalancer",
+ "elasticloadbalancing:DeleteTargetGroup",
+ "elasticloadbalancing:ModifyLoadBalancerAttributes",
+ "elasticloadbalancing:ModifyTargetGroup",
+ "elasticloadbalancing:ModifyTargetGroupAttributes",
+ "elasticloadbalancing:SetIpAddressType",
+ "elasticloadbalancing:SetSecurityGroups",
+ "elasticloadbalancing:SetSubnets"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:AddTags"
+ ],
+ "condition": [
+ {
+ "test": "Null",
+ "values": [
+ "false"
+ ],
+ "variable": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ },
+ {
+ "test": "StringEquals",
+ "values": [
+ "CreateTargetGroup",
+ "CreateLoadBalancer"
+ ],
+ "variable": "elasticloadbalancing:CreateAction"
+ }
+ ],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:DeregisterTargets",
+ "elasticloadbalancing:RegisterTargets"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
+ ],
+ "sid": ""
+ },
+ {
+ "actions": [
+ "elasticloadbalancing:AddListenerCertificates",
+ "elasticloadbalancing:ModifyListener",
+ "elasticloadbalancing:ModifyRule",
+ "elasticloadbalancing:RemoveListenerCertificates",
+ "elasticloadbalancing:SetWebAcl"
+ ],
+ "condition": [],
+ "effect": "Allow",
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ "*"
+ ],
+ "sid": ""
+ }
+ ],
+ "version": "2012-10-17"
+ },
+ "sensitive_values": {
+ "statement": [
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false,
+ false,
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false,
+ false,
+ false,
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false
+ ],
+ "condition": [
+ {
+ "values": [
+ false
+ ]
+ },
+ {
+ "values": [
+ false,
+ false
+ ]
+ }
+ ],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false,
+ false,
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ },
+ {
+ "actions": [
+ false,
+ false,
+ false,
+ false,
+ false
+ ],
+ "condition": [],
+ "not_actions": [],
+ "not_principals": [],
+ "not_resources": [],
+ "principals": [],
+ "resources": [
+ false
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.data.aws_region.current",
+ "mode": "data",
+ "type": "aws_region",
+ "name": "current",
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "description": "US West (Oregon)",
+ "endpoint": "ec2.us-west-2.amazonaws.com",
+ "id": "us-west-2",
+ "name": "us-west-2"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks_blueprints_addons",
+ "child_modules": [
+ {
+ "resources": [
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_caller_identity.current[0]",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "account_id": "458468232176",
+ "arn": "arn:aws:iam::458468232176:user/cdk-workshop",
+ "id": "458468232176",
+ "user_id": "AIDAWVPWWBPYAZXSNAIEU"
+ },
+ "sensitive_values": {}
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.this[0]",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "id": "125615348",
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeSSLPolicies\",\n \"elasticloadbalancing:DescribeRules\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeListenerCertificates\",\n \"ec2:GetCoipPoolUsage\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcPeeringConnections\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeCoipPools\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:GetWebACLForResource\",\n \"wafv2:GetWebACL\",\n \"wafv2:DisassociateWebACL\",\n \"wafv2:AssociateWebACL\",\n \"waf-regional:GetWebACLForResource\",\n \"waf-regional:GetWebACL\",\n \"waf-regional:DisassociateWebACL\",\n \"waf-regional:AssociateWebACL\",\n \"shield:GetSubscriptionState\",\n \"shield:DescribeProtection\",\n \"shield:DeleteProtection\",\n \"shield:CreateProtection\",\n \"iam:ListServerCertificates\",\n \"iam:GetServerCertificate\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"acm:ListCertificates\",\n \"acm:DescribeCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSecurityGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"ec2:CreateAction\": \"CreateSecurityGroup\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DeleteTags\",\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DeleteRule\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateListener\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetSubnets\",\n \"elasticloadbalancing:SetSecurityGroups\",\n \"elasticloadbalancing:SetIpAddressType\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:ModifyTargetGroup\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeleteLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"elasticloadbalancing:AddTags\",\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"elasticloadbalancing:CreateAction\": [\n \"CreateTargetGroup\",\n \"CreateLoadBalancer\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:DeregisterTargets\"\n ],\n \"Resource\": \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetWebAcl\",\n \"elasticloadbalancing:RemoveListenerCertificates\",\n \"elasticloadbalancing:ModifyRule\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:AddListenerCertificates\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}",
+ "override_policy_documents": null,
+ "policy_id": null,
+ "source_policy_documents": [
+ "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeSSLPolicies\",\n \"elasticloadbalancing:DescribeRules\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeListenerCertificates\",\n \"ec2:GetCoipPoolUsage\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcPeeringConnections\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeCoipPools\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:GetWebACLForResource\",\n \"wafv2:GetWebACL\",\n \"wafv2:DisassociateWebACL\",\n \"wafv2:AssociateWebACL\",\n \"waf-regional:GetWebACLForResource\",\n \"waf-regional:GetWebACL\",\n \"waf-regional:DisassociateWebACL\",\n \"waf-regional:AssociateWebACL\",\n \"shield:GetSubscriptionState\",\n \"shield:DescribeProtection\",\n \"shield:DeleteProtection\",\n \"shield:CreateProtection\",\n \"iam:ListServerCertificates\",\n \"iam:GetServerCertificate\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"acm:ListCertificates\",\n \"acm:DescribeCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSecurityGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"ec2:CreateAction\": \"CreateSecurityGroup\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DeleteTags\",\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DeleteRule\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateListener\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetSubnets\",\n \"elasticloadbalancing:SetSecurityGroups\",\n \"elasticloadbalancing:SetIpAddressType\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:ModifyTargetGroup\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeleteLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"elasticloadbalancing:AddTags\",\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"elasticloadbalancing:CreateAction\": [\n \"CreateTargetGroup\",\n \"CreateLoadBalancer\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:DeregisterTargets\"\n ],\n \"Resource\": \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetWebAcl\",\n \"elasticloadbalancing:RemoveListenerCertificates\",\n \"elasticloadbalancing:ModifyRule\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:AddListenerCertificates\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}"
+ ],
+ "statement": null,
+ "version": "2012-10-17"
+ },
+ "sensitive_values": {
+ "source_policy_documents": [
+ false
+ ]
+ }
+ },
+ {
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_partition.current[0]",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "index": 0,
+ "provider_name": "registry.terraform.io/hashicorp/aws",
+ "schema_version": 0,
+ "values": {
+ "dns_suffix": "amazonaws.com",
+ "id": "aws",
+ "partition": "aws",
+ "reverse_dns_prefix": "com.amazonaws"
+ },
+ "sensitive_values": {}
+ }
+ ],
+ "address": "module.eks_blueprints_addons.module.aws_load_balancer_controller"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ },
+ "configuration": {
+ "provider_config": {
+ "aws": {
+ "name": "aws",
+ "full_name": "registry.terraform.io/hashicorp/aws",
+ "version_constraint": ">= 4.47.0",
+ "expressions": {
+ "region": {
+ "references": [
+ "local.region"
+ ]
+ }
+ }
+ },
+ "helm": {
+ "name": "helm",
+ "full_name": "registry.terraform.io/hashicorp/helm",
+ "version_constraint": ">= 2.9.0",
+ "expressions": {
+ "kubernetes": [
+ {
+ "cluster_ca_certificate": {
+ "references": [
+ "module.eks.cluster_certificate_authority_data",
+ "module.eks"
+ ]
+ },
+ "exec": [
+ {
+ "api_version": {
+ "constant_value": "client.authentication.k8s.io/v1beta1"
+ },
+ "args": {
+ "references": [
+ "module.eks.cluster_name",
+ "module.eks"
+ ]
+ },
+ "command": {
+ "constant_value": "aws"
+ }
+ }
+ ],
+ "host": {
+ "references": [
+ "module.eks.cluster_endpoint",
+ "module.eks"
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "kubernetes": {
+ "name": "kubernetes",
+ "full_name": "registry.terraform.io/hashicorp/kubernetes",
+ "version_constraint": ">= 2.20.0",
+ "expressions": {
+ "cluster_ca_certificate": {
+ "references": [
+ "module.eks.cluster_certificate_authority_data",
+ "module.eks"
+ ]
+ },
+ "exec": [
+ {
+ "api_version": {
+ "constant_value": "client.authentication.k8s.io/v1beta1"
+ },
+ "args": {
+ "references": [
+ "module.eks.cluster_name",
+ "module.eks"
+ ]
+ },
+ "command": {
+ "constant_value": "aws"
+ }
+ }
+ ],
+ "host": {
+ "references": [
+ "module.eks.cluster_endpoint",
+ "module.eks"
+ ]
+ }
+ }
+ },
+ "module.eks.module.eks_managed_node_group.module.user_data:cloudinit": {
+ "name": "cloudinit",
+ "full_name": "registry.terraform.io/hashicorp/cloudinit",
+ "version_constraint": ">= 2.0.0",
+ "module_address": "module.eks.module.eks_managed_node_group.module.user_data"
+ },
+ "module.eks.module.self_managed_node_group.module.user_data:cloudinit": {
+ "name": "cloudinit",
+ "full_name": "registry.terraform.io/hashicorp/cloudinit",
+ "version_constraint": ">= 2.0.0",
+ "module_address": "module.eks.module.self_managed_node_group.module.user_data"
+ },
+ "module.eks:time": {
+ "name": "time",
+ "full_name": "registry.terraform.io/hashicorp/time",
+ "version_constraint": ">= 0.9.0",
+ "module_address": "module.eks"
+ },
+ "module.eks:tls": {
+ "name": "tls",
+ "full_name": "registry.terraform.io/hashicorp/tls",
+ "version_constraint": ">= 3.0.0",
+ "module_address": "module.eks"
+ },
+ "module.eks_blueprints_addons:time": {
+ "name": "time",
+ "full_name": "registry.terraform.io/hashicorp/time",
+ "version_constraint": ">= 0.9.0",
+ "module_address": "module.eks_blueprints_addons"
+ }
+ },
+ "root_module": {
+ "outputs": {
+ "configure_kubectl": {
+ "expression": {
+ "references": [
+ "local.region",
+ "module.eks.cluster_name",
+ "module.eks"
+ ]
+ },
+ "description": "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+ }
+ },
+ "resources": [
+ {
+ "address": "kubernetes_deployment_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_deployment_v1",
+ "name": "this",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "metadata": [
+ {
+ "name": {
+ "references": [
+ "local.app_name"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "kubernetes_namespace_v1.this.metadata[0].name",
+ "kubernetes_namespace_v1.this.metadata[0]",
+ "kubernetes_namespace_v1.this.metadata",
+ "kubernetes_namespace_v1.this"
+ ]
+ }
+ }
+ ],
+ "spec": [
+ {
+ "replicas": {
+ "constant_value": 3
+ },
+ "selector": [
+ {
+ "match_labels": {
+ "references": [
+ "local.app_name"
+ ]
+ }
+ }
+ ],
+ "template": [
+ {
+ "metadata": [
+ {
+ "labels": {
+ "references": [
+ "local.app_name"
+ ]
+ }
+ }
+ ],
+ "spec": [
+ {
+ "container": [
+ {
+ "image": {
+ "constant_value": "public.ecr.aws/l6m2t8p7/docker-2048:latest"
+ },
+ "name": {
+ "references": [
+ "local.app_name"
+ ]
+ },
+ "port": [
+ {
+ "container_port": {
+ "constant_value": 80
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ "schema_version": 1
+ },
+ {
+ "address": "kubernetes_namespace_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "this",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "metadata": [
+ {
+ "name": {
+ "references": [
+ "local.app_name"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0
+ },
+ {
+ "address": "kubernetes_service_v1.this",
+ "mode": "managed",
+ "type": "kubernetes_service_v1",
+ "name": "this",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "metadata": [
+ {
+ "name": {
+ "references": [
+ "local.app_name"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "kubernetes_namespace_v1.this.metadata[0].name",
+ "kubernetes_namespace_v1.this.metadata[0]",
+ "kubernetes_namespace_v1.this.metadata",
+ "kubernetes_namespace_v1.this"
+ ]
+ }
+ }
+ ],
+ "spec": [
+ {
+ "port": [
+ {
+ "port": {
+ "constant_value": 80
+ },
+ "protocol": {
+ "constant_value": "TCP"
+ },
+ "target_port": {
+ "constant_value": 80
+ }
+ }
+ ],
+ "selector": {
+ "references": [
+ "local.app_name"
+ ]
+ },
+ "type": {
+ "constant_value": "NodePort"
+ }
+ }
+ ]
+ },
+ "schema_version": 1
+ },
+ {
+ "address": "data.aws_availability_zones.available",
+ "mode": "data",
+ "type": "aws_availability_zones",
+ "name": "available",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "module_calls": {
+ "eks": {
+ "source": "terraform-aws-modules/eks/aws",
+ "expressions": {
+ "cluster_endpoint_public_access": {
+ "constant_value": true
+ },
+ "cluster_name": {
+ "references": [
+ "local.name"
+ ]
+ },
+ "cluster_version": {
+ "constant_value": "1.27"
+ },
+ "create_cluster_security_group": {
+ "constant_value": false
+ },
+ "create_node_security_group": {
+ "constant_value": false
+ },
+ "fargate_profile_defaults": {
+ "references": [
+ "module.eks_blueprints_addons.fargate_fluentbit.iam_policy[0].arn",
+ "module.eks_blueprints_addons.fargate_fluentbit.iam_policy[0]",
+ "module.eks_blueprints_addons.fargate_fluentbit.iam_policy",
+ "module.eks_blueprints_addons.fargate_fluentbit",
+ "module.eks_blueprints_addons"
+ ]
+ },
+ "fargate_profiles": {
+ "constant_value": {
+ "app_wildcard": {
+ "selectors": [
+ {
+ "namespace": "app-*"
+ }
+ ]
+ },
+ "kube_system": {
+ "name": "kube-system",
+ "selectors": [
+ {
+ "namespace": "kube-system"
+ }
+ ]
+ }
+ }
+ },
+ "subnet_ids": {
+ "references": [
+ "module.vpc.private_subnets",
+ "module.vpc"
+ ]
+ },
+ "tags": {
+ "references": [
+ "local.tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "module.vpc.vpc_id",
+ "module.vpc"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "aws_auth_configmap_yaml": {
+ "expression": {
+ "references": [
+ "path.module",
+ "module.eks_managed_node_group",
+ "module.self_managed_node_group",
+ "module.self_managed_node_group",
+ "module.fargate_profile"
+ ]
+ },
+ "description": "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
+ },
+ "cloudwatch_log_group_arn": {
+ "expression": {
+ "references": [
+ "aws_cloudwatch_log_group.this[0].arn",
+ "aws_cloudwatch_log_group.this[0]",
+ "aws_cloudwatch_log_group.this"
+ ]
+ },
+ "description": "Arn of cloudwatch log group created"
+ },
+ "cloudwatch_log_group_name": {
+ "expression": {
+ "references": [
+ "aws_cloudwatch_log_group.this[0].name",
+ "aws_cloudwatch_log_group.this[0]",
+ "aws_cloudwatch_log_group.this"
+ ]
+ },
+ "description": "Name of cloudwatch log group created"
+ },
+ "cluster_addons": {
+ "expression": {
+ "references": [
+ "aws_eks_addon.this",
+ "aws_eks_addon.before_compute"
+ ]
+ },
+ "description": "Map of attribute maps for all EKS cluster addons enabled"
+ },
+ "cluster_arn": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].arn",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) of the cluster"
+ },
+ "cluster_certificate_authority_data": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].certificate_authority[0].data",
+ "aws_eks_cluster.this[0].certificate_authority[0]",
+ "aws_eks_cluster.this[0].certificate_authority",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "Base64 encoded certificate data required to communicate with the cluster"
+ },
+ "cluster_endpoint": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].endpoint",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "Endpoint for your Kubernetes API server"
+ },
+ "cluster_iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "IAM role ARN of the EKS cluster"
+ },
+ "cluster_iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "IAM role name of the EKS cluster"
+ },
+ "cluster_iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Stable and unique string identifying the IAM role"
+ },
+ "cluster_id": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].cluster_id",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts"
+ },
+ "cluster_identity_providers": {
+ "expression": {
+ "references": [
+ "aws_eks_identity_provider_config.this"
+ ]
+ },
+ "description": "Map of attribute maps for all EKS identity providers enabled"
+ },
+ "cluster_name": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].name",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The name of the EKS cluster"
+ },
+ "cluster_oidc_issuer_url": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].identity[0].oidc[0].issuer",
+ "aws_eks_cluster.this[0].identity[0].oidc[0]",
+ "aws_eks_cluster.this[0].identity[0].oidc",
+ "aws_eks_cluster.this[0].identity[0]",
+ "aws_eks_cluster.this[0].identity",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The URL on the EKS cluster for the OpenID Connect identity provider"
+ },
+ "cluster_platform_version": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].platform_version",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "Platform version for the cluster"
+ },
+ "cluster_primary_security_group_id": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id",
+ "aws_eks_cluster.this[0].vpc_config[0]",
+ "aws_eks_cluster.this[0].vpc_config",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console"
+ },
+ "cluster_security_group_arn": {
+ "expression": {
+ "references": [
+ "aws_security_group.cluster[0].arn",
+ "aws_security_group.cluster[0]",
+ "aws_security_group.cluster"
+ ]
+ },
+ "description": "Amazon Resource Name (ARN) of the cluster security group"
+ },
+ "cluster_security_group_id": {
+ "expression": {
+ "references": [
+ "aws_security_group.cluster[0].id",
+ "aws_security_group.cluster[0]",
+ "aws_security_group.cluster"
+ ]
+ },
+ "description": "ID of the cluster security group"
+ },
+ "cluster_status": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].status",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`"
+ },
+ "cluster_tls_certificate_sha1_fingerprint": {
+ "expression": {
+ "references": [
+ "data.tls_certificate.this[0].certificates[0].sha1_fingerprint",
+ "data.tls_certificate.this[0].certificates[0]",
+ "data.tls_certificate.this[0].certificates",
+ "data.tls_certificate.this[0]",
+ "data.tls_certificate.this"
+ ]
+ },
+ "description": "The SHA1 fingerprint of the public key of the cluster's certificate"
+ },
+ "cluster_version": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].version",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The Kubernetes version for the cluster"
+ },
+ "eks_managed_node_groups": {
+ "expression": {
+ "references": [
+ "module.eks_managed_node_group"
+ ]
+ },
+ "description": "Map of attribute maps for all EKS managed node groups created"
+ },
+ "eks_managed_node_groups_autoscaling_group_names": {
+ "expression": {
+ "references": [
+ "module.eks_managed_node_group"
+ ]
+ },
+ "description": "List of the autoscaling group names created by EKS managed node groups"
+ },
+ "fargate_profiles": {
+ "expression": {
+ "references": [
+ "module.fargate_profile"
+ ]
+ },
+ "description": "Map of attribute maps for all EKS Fargate Profiles created"
+ },
+ "kms_key_arn": {
+ "expression": {
+ "references": [
+ "module.kms.key_arn",
+ "module.kms"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) of the key"
+ },
+ "kms_key_id": {
+ "expression": {
+ "references": [
+ "module.kms.key_id",
+ "module.kms"
+ ]
+ },
+ "description": "The globally unique identifier for the key"
+ },
+ "kms_key_policy": {
+ "expression": {
+ "references": [
+ "module.kms.key_policy",
+ "module.kms"
+ ]
+ },
+ "description": "The IAM resource policy set on the key"
+ },
+ "node_security_group_arn": {
+ "expression": {
+ "references": [
+ "aws_security_group.node[0].arn",
+ "aws_security_group.node[0]",
+ "aws_security_group.node"
+ ]
+ },
+ "description": "Amazon Resource Name (ARN) of the node shared security group"
+ },
+ "node_security_group_id": {
+ "expression": {
+ "references": [
+ "aws_security_group.node[0].id",
+ "aws_security_group.node[0]",
+ "aws_security_group.node"
+ ]
+ },
+ "description": "ID of the node shared security group"
+ },
+ "oidc_provider": {
+ "expression": {
+ "references": [
+ "aws_eks_cluster.this[0].identity[0].oidc[0].issuer",
+ "aws_eks_cluster.this[0].identity[0].oidc[0]",
+ "aws_eks_cluster.this[0].identity[0].oidc",
+ "aws_eks_cluster.this[0].identity[0]",
+ "aws_eks_cluster.this[0].identity",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "description": "The OpenID Connect identity provider (issuer URL without leading `https://`)"
+ },
+ "oidc_provider_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_openid_connect_provider.oidc_provider[0].arn",
+ "aws_iam_openid_connect_provider.oidc_provider[0]",
+ "aws_iam_openid_connect_provider.oidc_provider"
+ ]
+ },
+ "description": "The ARN of the OIDC Provider if `enable_irsa = true`"
+ },
+ "self_managed_node_groups": {
+ "expression": {
+ "references": [
+ "module.self_managed_node_group"
+ ]
+ },
+ "description": "Map of attribute maps for all self managed node groups created"
+ },
+ "self_managed_node_groups_autoscaling_group_names": {
+ "expression": {
+ "references": [
+ "module.self_managed_node_group"
+ ]
+ },
+ "description": "List of the autoscaling group names created by self-managed node groups"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_cloudwatch_log_group.this",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "kms_key_id": {
+ "references": [
+ "var.cloudwatch_log_group_kms_key_id"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "retention_in_days": {
+ "references": [
+ "var.cloudwatch_log_group_retention_in_days"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.cluster_name"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create",
+ "var.create_cloudwatch_log_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_ec2_tag.cluster_primary_security_group",
+ "mode": "managed",
+ "type": "aws_ec2_tag",
+ "name": "cluster_primary_security_group",
+ "provider_config_key": "aws",
+ "expressions": {
+ "key": {
+ "references": [
+ "each.key"
+ ]
+ },
+ "resource_id": {
+ "references": [
+ "aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id",
+ "aws_eks_cluster.this[0].vpc_config[0]",
+ "aws_eks_cluster.this[0].vpc_config",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "value": {
+ "references": [
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.tags",
+ "var.cluster_tags",
+ "local.create",
+ "var.create_cluster_primary_security_group_tags"
+ ]
+ }
+ },
+ {
+ "address": "aws_eks_addon.before_compute",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "before_compute",
+ "provider_config_key": "aws",
+ "expressions": {
+ "addon_name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "addon_version": {
+ "references": [
+ "each.value.addon_version",
+ "each.value",
+ "data.aws_eks_addon_version.this",
+ "each.key"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "aws_eks_cluster.this[0].name",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "configuration_values": {
+ "references": [
+ "each.value.configuration_values",
+ "each.value"
+ ]
+ },
+ "preserve": {
+ "references": [
+ "each.value.preserve",
+ "each.value"
+ ]
+ },
+ "resolve_conflicts": {
+ "references": [
+ "each.value.resolve_conflicts",
+ "each.value"
+ ]
+ },
+ "service_account_role_arn": {
+ "references": [
+ "each.value.service_account_role_arn",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "references": [
+ "each.value.timeouts.create",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.create",
+ "var.cluster_addons_timeouts"
+ ]
+ },
+ "delete": {
+ "references": [
+ "each.value.timeouts.delete",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.delete",
+ "var.cluster_addons_timeouts"
+ ]
+ },
+ "update": {
+ "references": [
+ "each.value.timeouts.update",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.update",
+ "var.cluster_addons_timeouts"
+ ]
+ }
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.cluster_addons",
+ "local.create",
+ "local.create_outposts_local_cluster"
+ ]
+ }
+ },
+ {
+ "address": "aws_eks_addon.this",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "addon_name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "addon_version": {
+ "references": [
+ "each.value.addon_version",
+ "each.value",
+ "data.aws_eks_addon_version.this",
+ "each.key"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "aws_eks_cluster.this[0].name",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "configuration_values": {
+ "references": [
+ "each.value.configuration_values",
+ "each.value"
+ ]
+ },
+ "preserve": {
+ "references": [
+ "each.value.preserve",
+ "each.value"
+ ]
+ },
+ "resolve_conflicts": {
+ "references": [
+ "each.value.resolve_conflicts",
+ "each.value"
+ ]
+ },
+ "service_account_role_arn": {
+ "references": [
+ "each.value.service_account_role_arn",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "references": [
+ "each.value.timeouts.create",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.create",
+ "var.cluster_addons_timeouts"
+ ]
+ },
+ "delete": {
+ "references": [
+ "each.value.timeouts.delete",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.delete",
+ "var.cluster_addons_timeouts"
+ ]
+ },
+ "update": {
+ "references": [
+ "each.value.timeouts.update",
+ "each.value.timeouts",
+ "each.value",
+ "var.cluster_addons_timeouts.update",
+ "var.cluster_addons_timeouts"
+ ]
+ }
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.cluster_addons",
+ "local.create",
+ "local.create_outposts_local_cluster"
+ ]
+ },
+ "depends_on": [
+ "module.fargate_profile",
+ "module.eks_managed_node_group",
+ "module.self_managed_node_group"
+ ]
+ },
+ {
+ "address": "aws_eks_cluster.this",
+ "mode": "managed",
+ "type": "aws_eks_cluster",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "enabled_cluster_log_types": {
+ "references": [
+ "var.cluster_enabled_log_types"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "role_arn": {
+ "references": [
+ "local.cluster_role"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.cluster_tags"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "references": [
+ "var.cluster_timeouts"
+ ]
+ },
+ "delete": {
+ "references": [
+ "var.cluster_timeouts"
+ ]
+ },
+ "update": {
+ "references": [
+ "var.cluster_timeouts"
+ ]
+ }
+ },
+ "version": {
+ "references": [
+ "var.cluster_version"
+ ]
+ },
+ "vpc_config": [
+ {
+ "endpoint_private_access": {
+ "references": [
+ "var.cluster_endpoint_private_access"
+ ]
+ },
+ "endpoint_public_access": {
+ "references": [
+ "var.cluster_endpoint_public_access"
+ ]
+ },
+ "public_access_cidrs": {
+ "references": [
+ "var.cluster_endpoint_public_access_cidrs"
+ ]
+ },
+ "security_group_ids": {
+ "references": [
+ "var.cluster_additional_security_group_ids",
+ "local.cluster_security_group_id"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "var.control_plane_subnet_ids",
+ "var.subnet_ids"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create"
+ ]
+ },
+ "depends_on": [
+ "aws_iam_role_policy_attachment.this",
+ "aws_security_group_rule.cluster",
+ "aws_security_group_rule.node",
+ "aws_cloudwatch_log_group.this",
+ "aws_iam_policy.cni_ipv6_policy"
+ ]
+ },
+ {
+ "address": "aws_eks_identity_provider_config.this",
+ "mode": "managed",
+ "type": "aws_eks_identity_provider_config",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cluster_name": {
+ "references": [
+ "aws_eks_cluster.this[0].name",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "oidc": [
+ {
+ "client_id": {
+ "references": [
+ "each.value.client_id",
+ "each.value"
+ ]
+ },
+ "groups_claim": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "groups_prefix": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "identity_provider_config_name": {
+ "references": [
+ "each.value.identity_provider_config_name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "issuer_url": {
+ "references": [
+ "each.value.issuer_url",
+ "each.value",
+ "aws_eks_cluster.this[0].identity[0].oidc[0].issuer",
+ "aws_eks_cluster.this[0].identity[0].oidc[0]",
+ "aws_eks_cluster.this[0].identity[0].oidc",
+ "aws_eks_cluster.this[0].identity[0]",
+ "aws_eks_cluster.this[0].identity",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "required_claims": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "username_claim": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "username_prefix": {
+ "references": [
+ "each.value"
+ ]
+ }
+ }
+ ],
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.cluster_identity_providers",
+ "local.create",
+ "local.create_outposts_local_cluster"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_openid_connect_provider.oidc_provider",
+ "mode": "managed",
+ "type": "aws_iam_openid_connect_provider",
+ "name": "oidc_provider",
+ "provider_config_key": "aws",
+ "expressions": {
+ "client_id_list": {
+ "references": [
+ "local.dns_suffix",
+ "var.openid_connect_audiences"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.cluster_name",
+ "var.tags"
+ ]
+ },
+ "thumbprint_list": {
+ "references": [
+ "data.tls_certificate.this[0].certificates[0].sha1_fingerprint",
+ "data.tls_certificate.this[0].certificates[0]",
+ "data.tls_certificate.this[0].certificates",
+ "data.tls_certificate.this[0]",
+ "data.tls_certificate.this",
+ "var.custom_oidc_thumbprints"
+ ]
+ },
+ "url": {
+ "references": [
+ "aws_eks_cluster.this[0].identity[0].oidc[0].issuer",
+ "aws_eks_cluster.this[0].identity[0].oidc[0]",
+ "aws_eks_cluster.this[0].identity[0].oidc",
+ "aws_eks_cluster.this[0].identity[0]",
+ "aws_eks_cluster.this[0].identity",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create",
+ "var.enable_irsa",
+ "local.create_outposts_local_cluster"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_policy.cluster_encryption",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "cluster_encryption",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.cluster_encryption_policy_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_encryption_policy_use_name_prefix",
+ "local.cluster_encryption_policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.cluster_encryption_policy_use_name_prefix",
+ "local.cluster_encryption_policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.cluster_encryption_policy_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "var.create_kms_key",
+ "module.kms.key_arn",
+ "module.kms",
+ "var.cluster_encryption_config.provider_key_arn",
+ "var.cluster_encryption_config"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.cluster_encryption_policy_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_iam_role",
+ "var.attach_cluster_encryption_policy",
+ "local.enable_cluster_encryption_config"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_policy.cni_ipv6_policy",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "cni_ipv6_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "constant_value": "IAM policy for EKS CNI to assign IPV6 addresses"
+ },
+ "name": {
+ "constant_value": "AmazonEKS_CNI_IPv6_Policy"
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.cni_ipv6_policy[0].json",
+ "data.aws_iam_policy_document.cni_ipv6_policy[0]",
+ "data.aws_iam_policy_document.cni_ipv6_policy"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_cni_ipv6_iam_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume_role_policy[0].json",
+ "data.aws_iam_policy_document.assume_role_policy[0]",
+ "data.aws_iam_policy_document.assume_role_policy"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.iam_role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "name": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name",
+ "var.prefix_separator"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.iam_role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.iam_role_permissions_boundary"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.iam_role_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.iam_role_additional_policies",
+ "local.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.cluster_encryption",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "cluster_encryption",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.cluster_encryption[0].arn",
+ "aws_iam_policy.cluster_encryption[0]",
+ "aws_iam_policy.cluster_encryption"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_iam_role",
+ "var.attach_cluster_encryption_policy",
+ "local.enable_cluster_encryption_config"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.create_outposts_local_cluster",
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "local.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_security_group.cluster",
+ "mode": "managed",
+ "type": "aws_security_group",
+ "name": "cluster",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.cluster_security_group_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_security_group_use_name_prefix",
+ "local.cluster_sg_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.cluster_security_group_use_name_prefix",
+ "local.cluster_sg_name",
+ "var.prefix_separator"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "local.cluster_sg_name",
+ "var.cluster_security_group_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "var.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_cluster_sg"
+ ]
+ }
+ },
+ {
+ "address": "aws_security_group.node",
+ "mode": "managed",
+ "type": "aws_security_group",
+ "name": "node",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.node_security_group_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.node_security_group_use_name_prefix",
+ "local.node_sg_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.node_security_group_use_name_prefix",
+ "local.node_sg_name",
+ "var.prefix_separator"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "local.node_sg_name",
+ "var.cluster_name",
+ "var.node_security_group_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "var.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_node_sg"
+ ]
+ }
+ },
+ {
+ "address": "aws_security_group_rule.cluster",
+ "mode": "managed",
+ "type": "aws_security_group_rule",
+ "name": "cluster",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_blocks": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "description": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "from_port": {
+ "references": [
+ "each.value.from_port",
+ "each.value"
+ ]
+ },
+ "ipv6_cidr_blocks": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "prefix_list_ids": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "each.value.protocol",
+ "each.value"
+ ]
+ },
+ "security_group_id": {
+ "references": [
+ "aws_security_group.cluster[0].id",
+ "aws_security_group.cluster[0]",
+ "aws_security_group.cluster"
+ ]
+ },
+ "self": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "source_security_group_id": {
+ "references": [
+ "each.value.source_node_security_group",
+ "each.value",
+ "local.node_security_group_id",
+ "each.value"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "each.value.to_port",
+ "each.value"
+ ]
+ },
+ "type": {
+ "references": [
+ "each.value.type",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 2,
+ "for_each_expression": {
+ "references": [
+ "local.cluster_security_group_rules",
+ "var.cluster_security_group_additional_rules",
+ "local.create_cluster_sg"
+ ]
+ }
+ },
+ {
+ "address": "aws_security_group_rule.node",
+ "mode": "managed",
+ "type": "aws_security_group_rule",
+ "name": "node",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_blocks": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "description": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "from_port": {
+ "references": [
+ "each.value.from_port",
+ "each.value"
+ ]
+ },
+ "ipv6_cidr_blocks": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "prefix_list_ids": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "each.value.protocol",
+ "each.value"
+ ]
+ },
+ "security_group_id": {
+ "references": [
+ "aws_security_group.node[0].id",
+ "aws_security_group.node[0]",
+ "aws_security_group.node"
+ ]
+ },
+ "self": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "source_security_group_id": {
+ "references": [
+ "each.value.source_cluster_security_group",
+ "each.value",
+ "local.cluster_security_group_id",
+ "each.value"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "each.value.to_port",
+ "each.value"
+ ]
+ },
+ "type": {
+ "references": [
+ "each.value.type",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 2,
+ "for_each_expression": {
+ "references": [
+ "local.node_security_group_rules",
+ "local.node_security_group_recommended_rules",
+ "var.node_security_group_additional_rules",
+ "local.create_node_sg"
+ ]
+ }
+ },
+ {
+ "address": "kubernetes_config_map.aws_auth",
+ "mode": "managed",
+ "type": "kubernetes_config_map",
+ "name": "aws_auth",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "data": {
+ "references": [
+ "local.aws_auth_configmap_data"
+ ]
+ },
+ "metadata": [
+ {
+ "name": {
+ "constant_value": "aws-auth"
+ },
+ "namespace": {
+ "constant_value": "kube-system"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_aws_auth_configmap"
+ ]
+ }
+ },
+ {
+ "address": "kubernetes_config_map_v1_data.aws_auth",
+ "mode": "managed",
+ "type": "kubernetes_config_map_v1_data",
+ "name": "aws_auth",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "data": {
+ "references": [
+ "local.aws_auth_configmap_data"
+ ]
+ },
+ "force": {
+ "constant_value": true
+ },
+ "metadata": [
+ {
+ "name": {
+ "constant_value": "aws-auth"
+ },
+ "namespace": {
+ "constant_value": "kube-system"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.manage_aws_auth_configmap"
+ ]
+ },
+ "depends_on": [
+ "kubernetes_config_map.aws_auth"
+ ]
+ },
+ {
+ "address": "time_sleep.this",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "provider_config_key": "module.eks:time",
+ "expressions": {
+ "create_duration": {
+ "references": [
+ "var.dataplane_wait_duration"
+ ]
+ },
+ "triggers": {
+ "references": [
+ "aws_eks_cluster.this[0].name",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this",
+ "aws_eks_cluster.this[0].endpoint",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this",
+ "aws_eks_cluster.this[0].version",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this",
+ "aws_eks_cluster.this[0].certificate_authority[0].data",
+ "aws_eks_cluster.this[0].certificate_authority[0]",
+ "aws_eks_cluster.this[0].certificate_authority",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_eks_addon_version.this",
+ "mode": "data",
+ "type": "aws_eks_addon_version",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "addon_name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "kubernetes_version": {
+ "references": [
+ "var.cluster_version",
+ "aws_eks_cluster.this[0].version",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "most_recent": {
+ "references": [
+ "each.value.most_recent",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.cluster_addons",
+ "local.create",
+ "local.create_outposts_local_cluster"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume_role_policy",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "references": [
+ "local.dns_suffix"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ],
+ "sid": {
+ "constant_value": "EKSClusterAssumeRole"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.cni_ipv6_policy",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "cni_ipv6_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:AssignIpv6Addresses",
+ "ec2:DescribeInstances",
+ "ec2:DescribeTags",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeInstanceTypes"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ },
+ "sid": {
+ "constant_value": "AssignDescribe"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateTags"
+ ]
+ },
+ "resources": {
+ "references": [
+ "data.aws_partition.current.partition",
+ "data.aws_partition.current"
+ ]
+ },
+ "sid": {
+ "constant_value": "CreateTags"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_cni_ipv6_iam_policy"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_session_context.current",
+ "mode": "data",
+ "type": "aws_iam_session_context",
+ "name": "current",
+ "provider_config_key": "aws",
+ "expressions": {
+ "arn": {
+ "references": [
+ "data.aws_caller_identity.current.arn",
+ "data.aws_caller_identity.current"
+ ]
+ }
+ },
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.tls_certificate.this",
+ "mode": "data",
+ "type": "tls_certificate",
+ "name": "this",
+ "provider_config_key": "module.eks:tls",
+ "expressions": {
+ "url": {
+ "references": [
+ "aws_eks_cluster.this[0].identity[0].oidc[0].issuer",
+ "aws_eks_cluster.this[0].identity[0].oidc[0]",
+ "aws_eks_cluster.this[0].identity[0].oidc",
+ "aws_eks_cluster.this[0].identity[0]",
+ "aws_eks_cluster.this[0].identity",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create",
+ "var.enable_irsa",
+ "local.create_outposts_local_cluster"
+ ]
+ }
+ }
+ ],
+ "module_calls": {
+ "eks_managed_node_group": {
+ "source": "./modules/eks-managed-node-group",
+ "expressions": {
+ "ami_id": {
+ "references": [
+ "each.value.ami_id",
+ "each.value",
+ "var.eks_managed_node_group_defaults.ami_id",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "ami_release_version": {
+ "references": [
+ "each.value.ami_release_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.ami_release_version",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "ami_type": {
+ "references": [
+ "each.value.ami_type",
+ "each.value",
+ "var.eks_managed_node_group_defaults.ami_type",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "block_device_mappings": {
+ "references": [
+ "each.value.block_device_mappings",
+ "each.value",
+ "var.eks_managed_node_group_defaults.block_device_mappings",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "bootstrap_extra_args": {
+ "references": [
+ "each.value.bootstrap_extra_args",
+ "each.value",
+ "var.eks_managed_node_group_defaults.bootstrap_extra_args",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "capacity_reservation_specification": {
+ "references": [
+ "each.value.capacity_reservation_specification",
+ "each.value",
+ "var.eks_managed_node_group_defaults.capacity_reservation_specification",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "capacity_type": {
+ "references": [
+ "each.value.capacity_type",
+ "each.value",
+ "var.eks_managed_node_group_defaults.capacity_type",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "cluster_auth_base64": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_certificate_authority_data\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_endpoint": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_endpoint\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_ip_family": {
+ "references": [
+ "var.cluster_ip_family"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_name\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_primary_security_group_id": {
+ "references": [
+ "each.value.attach_cluster_primary_security_group",
+ "each.value",
+ "var.eks_managed_node_group_defaults.attach_cluster_primary_security_group",
+ "var.eks_managed_node_group_defaults",
+ "aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id",
+ "aws_eks_cluster.this[0].vpc_config[0]",
+ "aws_eks_cluster.this[0].vpc_config",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "cluster_service_ipv4_cidr": {
+ "references": [
+ "var.cluster_service_ipv4_cidr"
+ ]
+ },
+ "cluster_version": {
+ "references": [
+ "each.value.cluster_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.cluster_version",
+ "var.eks_managed_node_group_defaults",
+ "time_sleep.this[0].triggers[\"cluster_version\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cpu_options": {
+ "references": [
+ "each.value.cpu_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.cpu_options",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "create": {
+ "references": [
+ "each.value.create",
+ "each.value"
+ ]
+ },
+ "create_iam_role": {
+ "references": [
+ "each.value.create_iam_role",
+ "each.value",
+ "var.eks_managed_node_group_defaults.create_iam_role",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "create_launch_template": {
+ "references": [
+ "each.value.create_launch_template",
+ "each.value",
+ "var.eks_managed_node_group_defaults.create_launch_template",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "create_schedule": {
+ "references": [
+ "each.value.create_schedule",
+ "each.value",
+ "var.eks_managed_node_group_defaults.create_schedule",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "credit_specification": {
+ "references": [
+ "each.value.credit_specification",
+ "each.value",
+ "var.eks_managed_node_group_defaults.credit_specification",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "desired_size": {
+ "references": [
+ "each.value.desired_size",
+ "each.value",
+ "var.eks_managed_node_group_defaults.desired_size",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "disable_api_termination": {
+ "references": [
+ "each.value.disable_api_termination",
+ "each.value",
+ "var.eks_managed_node_group_defaults.disable_api_termination",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "disk_size": {
+ "references": [
+ "each.value.disk_size",
+ "each.value",
+ "var.eks_managed_node_group_defaults.disk_size",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "ebs_optimized": {
+ "references": [
+ "each.value.ebs_optimized",
+ "each.value",
+ "var.eks_managed_node_group_defaults.ebs_optimized",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "elastic_gpu_specifications": {
+ "references": [
+ "each.value.elastic_gpu_specifications",
+ "each.value",
+ "var.eks_managed_node_group_defaults.elastic_gpu_specifications",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "elastic_inference_accelerator": {
+ "references": [
+ "each.value.elastic_inference_accelerator",
+ "each.value",
+ "var.eks_managed_node_group_defaults.elastic_inference_accelerator",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "enable_bootstrap_user_data": {
+ "references": [
+ "each.value.enable_bootstrap_user_data",
+ "each.value",
+ "var.eks_managed_node_group_defaults.enable_bootstrap_user_data",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "enable_monitoring": {
+ "references": [
+ "each.value.enable_monitoring",
+ "each.value",
+ "var.eks_managed_node_group_defaults.enable_monitoring",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "enclave_options": {
+ "references": [
+ "each.value.enclave_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.enclave_options",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "force_update_version": {
+ "references": [
+ "each.value.force_update_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.force_update_version",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_additional_policies": {
+ "references": [
+ "each.value",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_arn": {
+ "references": [
+ "each.value.iam_role_arn",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_arn",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_attach_cni_policy": {
+ "references": [
+ "each.value.iam_role_attach_cni_policy",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_attach_cni_policy",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_description": {
+ "references": [
+ "each.value.iam_role_description",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_description",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_name": {
+ "references": [
+ "each.value.iam_role_name",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_name",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_path": {
+ "references": [
+ "each.value.iam_role_path",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_path",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_permissions_boundary": {
+ "references": [
+ "each.value.iam_role_permissions_boundary",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_permissions_boundary",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_tags": {
+ "references": [
+ "each.value.iam_role_tags",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_tags",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_use_name_prefix": {
+ "references": [
+ "each.value.iam_role_use_name_prefix",
+ "each.value",
+ "var.eks_managed_node_group_defaults.iam_role_use_name_prefix",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "instance_market_options": {
+ "references": [
+ "each.value.instance_market_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.instance_market_options",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "instance_types": {
+ "references": [
+ "each.value.instance_types",
+ "each.value",
+ "var.eks_managed_node_group_defaults.instance_types",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "kernel_id": {
+ "references": [
+ "each.value.kernel_id",
+ "each.value",
+ "var.eks_managed_node_group_defaults.kernel_id",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "key_name": {
+ "references": [
+ "each.value.key_name",
+ "each.value",
+ "var.eks_managed_node_group_defaults.key_name",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "labels": {
+ "references": [
+ "each.value.labels",
+ "each.value",
+ "var.eks_managed_node_group_defaults.labels",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_default_version": {
+ "references": [
+ "each.value.launch_template_default_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_default_version",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_description": {
+ "references": [
+ "each.value.launch_template_description",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_description",
+ "var.eks_managed_node_group_defaults",
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "launch_template_id": {
+ "references": [
+ "each.value.launch_template_id",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_id",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_name": {
+ "references": [
+ "each.value.launch_template_name",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_name",
+ "var.eks_managed_node_group_defaults",
+ "each.key"
+ ]
+ },
+ "launch_template_tags": {
+ "references": [
+ "each.value.launch_template_tags",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_tags",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_use_name_prefix": {
+ "references": [
+ "each.value.launch_template_use_name_prefix",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_use_name_prefix",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_version": {
+ "references": [
+ "each.value.launch_template_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.launch_template_version",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "license_specifications": {
+ "references": [
+ "each.value.license_specifications",
+ "each.value",
+ "var.eks_managed_node_group_defaults.license_specifications",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "maintenance_options": {
+ "references": [
+ "each.value.maintenance_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.maintenance_options",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "each.value.max_size",
+ "each.value",
+ "var.eks_managed_node_group_defaults.max_size",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "metadata_options": {
+ "references": [
+ "each.value.metadata_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.metadata_options",
+ "var.eks_managed_node_group_defaults",
+ "local.metadata_options"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "each.value.min_size",
+ "each.value",
+ "var.eks_managed_node_group_defaults.min_size",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "network_interfaces": {
+ "references": [
+ "each.value.network_interfaces",
+ "each.value",
+ "var.eks_managed_node_group_defaults.network_interfaces",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "placement": {
+ "references": [
+ "each.value.placement",
+ "each.value",
+ "var.eks_managed_node_group_defaults.placement",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "platform": {
+ "references": [
+ "each.value.platform",
+ "each.value",
+ "var.eks_managed_node_group_defaults.platform",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "post_bootstrap_user_data": {
+ "references": [
+ "each.value.post_bootstrap_user_data",
+ "each.value",
+ "var.eks_managed_node_group_defaults.post_bootstrap_user_data",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "pre_bootstrap_user_data": {
+ "references": [
+ "each.value.pre_bootstrap_user_data",
+ "each.value",
+ "var.eks_managed_node_group_defaults.pre_bootstrap_user_data",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "private_dns_name_options": {
+ "references": [
+ "each.value.private_dns_name_options",
+ "each.value",
+ "var.eks_managed_node_group_defaults.private_dns_name_options",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "ram_disk_id": {
+ "references": [
+ "each.value.ram_disk_id",
+ "each.value",
+ "var.eks_managed_node_group_defaults.ram_disk_id",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "remote_access": {
+ "references": [
+ "each.value.remote_access",
+ "each.value",
+ "var.eks_managed_node_group_defaults.remote_access",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "schedules": {
+ "references": [
+ "each.value.schedules",
+ "each.value",
+ "var.eks_managed_node_group_defaults.schedules",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "each.value.subnet_ids",
+ "each.value",
+ "var.eks_managed_node_group_defaults.subnet_ids",
+ "var.eks_managed_node_group_defaults",
+ "var.subnet_ids"
+ ]
+ },
+ "tag_specifications": {
+ "references": [
+ "each.value.tag_specifications",
+ "each.value",
+ "var.eks_managed_node_group_defaults.tag_specifications",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "each.value.tags",
+ "each.value",
+ "var.eks_managed_node_group_defaults.tags",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "taints": {
+ "references": [
+ "each.value.taints",
+ "each.value",
+ "var.eks_managed_node_group_defaults.taints",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "timeouts": {
+ "references": [
+ "each.value.timeouts",
+ "each.value",
+ "var.eks_managed_node_group_defaults.timeouts",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "update_config": {
+ "references": [
+ "each.value.update_config",
+ "each.value",
+ "var.eks_managed_node_group_defaults.update_config",
+ "var.eks_managed_node_group_defaults",
+ "local.default_update_config"
+ ]
+ },
+ "update_launch_template_default_version": {
+ "references": [
+ "each.value.update_launch_template_default_version",
+ "each.value",
+ "var.eks_managed_node_group_defaults.update_launch_template_default_version",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "use_custom_launch_template": {
+ "references": [
+ "each.value.use_custom_launch_template",
+ "each.value",
+ "var.eks_managed_node_group_defaults.use_custom_launch_template",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "use_name_prefix": {
+ "references": [
+ "each.value.use_name_prefix",
+ "each.value",
+ "var.eks_managed_node_group_defaults.use_name_prefix",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "user_data_template_path": {
+ "references": [
+ "each.value.user_data_template_path",
+ "each.value",
+ "var.eks_managed_node_group_defaults.user_data_template_path",
+ "var.eks_managed_node_group_defaults"
+ ]
+ },
+ "vpc_security_group_ids": {
+ "references": [
+ "local.node_security_group_id",
+ "each.value.vpc_security_group_ids",
+ "each.value",
+ "var.eks_managed_node_group_defaults.vpc_security_group_ids",
+ "var.eks_managed_node_group_defaults"
+ ]
+ }
+ },
+ "for_each_expression": {
+ "references": [
+ "var.eks_managed_node_groups",
+ "var.create",
+ "local.create_outposts_local_cluster"
+ ]
+ },
+ "module": {
+ "outputs": {
+ "autoscaling_group_schedule_arns": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_schedule.this"
+ ]
+ },
+ "description": "ARNs of autoscaling group schedules"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this",
+ "var.iam_role_arn"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) specifying the IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "The name of the IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Stable and unique string identifying the IAM role"
+ },
+ "launch_template_arn": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].arn",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The ARN of the launch template"
+ },
+ "launch_template_id": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].id",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The ID of the launch template"
+ },
+ "launch_template_latest_version": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].latest_version",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The latest version of the launch template"
+ },
+ "launch_template_name": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].name",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The name of the launch template"
+ },
+ "node_group_arn": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].arn",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "Amazon Resource Name (ARN) of the EKS Node Group"
+ },
+ "node_group_autoscaling_group_names": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].resources",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "List of the autoscaling group names"
+ },
+ "node_group_id": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].id",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "EKS Cluster name and EKS Node Group name separated by a colon (`:`)"
+ },
+ "node_group_labels": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].labels",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "Map of labels applied to the node group"
+ },
+ "node_group_resources": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].resources",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "List of objects containing information about underlying resources"
+ },
+ "node_group_status": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].status",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "Status of the EKS Node Group"
+ },
+ "node_group_taints": {
+ "expression": {
+ "references": [
+ "aws_eks_node_group.this[0].taint",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "description": "List of objects containing information about taints applied to the node group"
+ },
+ "platform": {
+ "expression": {
+ "references": [
+ "var.platform"
+ ]
+ },
+ "description": "Identifies if the OS platform is `bottlerocket`, `linux`, or `windows` based"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_autoscaling_schedule.this",
+ "mode": "managed",
+ "type": "aws_autoscaling_schedule",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "autoscaling_group_name": {
+ "references": [
+ "aws_eks_node_group.this[0].resources[0].autoscaling_groups[0].name",
+ "aws_eks_node_group.this[0].resources[0].autoscaling_groups[0]",
+ "aws_eks_node_group.this[0].resources[0].autoscaling_groups",
+ "aws_eks_node_group.this[0].resources[0]",
+ "aws_eks_node_group.this[0].resources",
+ "aws_eks_node_group.this[0]",
+ "aws_eks_node_group.this"
+ ]
+ },
+ "desired_capacity": {
+ "references": [
+ "each.value.desired_size",
+ "each.value"
+ ]
+ },
+ "end_time": {
+ "references": [
+ "each.value.end_time",
+ "each.value"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "each.value.max_size",
+ "each.value"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "each.value.min_size",
+ "each.value"
+ ]
+ },
+ "recurrence": {
+ "references": [
+ "each.value.recurrence",
+ "each.value"
+ ]
+ },
+ "scheduled_action_name": {
+ "references": [
+ "each.key"
+ ]
+ },
+ "start_time": {
+ "references": [
+ "each.value.start_time",
+ "each.value"
+ ]
+ },
+ "time_zone": {
+ "references": [
+ "each.value.time_zone",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.schedules",
+ "var.create",
+ "var.create_schedule"
+ ]
+ }
+ },
+ {
+ "address": "aws_eks_node_group.this",
+ "mode": "managed",
+ "type": "aws_eks_node_group",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "ami_type": {
+ "references": [
+ "var.ami_id",
+ "var.ami_type"
+ ]
+ },
+ "capacity_type": {
+ "references": [
+ "var.capacity_type"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "disk_size": {
+ "references": [
+ "var.use_custom_launch_template",
+ "var.disk_size"
+ ]
+ },
+ "force_update_version": {
+ "references": [
+ "var.force_update_version"
+ ]
+ },
+ "instance_types": {
+ "references": [
+ "var.instance_types"
+ ]
+ },
+ "labels": {
+ "references": [
+ "var.labels"
+ ]
+ },
+ "node_group_name": {
+ "references": [
+ "var.use_name_prefix",
+ "var.name"
+ ]
+ },
+ "node_group_name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "var.name"
+ ]
+ },
+ "node_role_arn": {
+ "references": [
+ "var.create_iam_role",
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this",
+ "var.iam_role_arn"
+ ]
+ },
+ "release_version": {
+ "references": [
+ "var.ami_id",
+ "var.ami_release_version"
+ ]
+ },
+ "scaling_config": [
+ {
+ "desired_size": {
+ "references": [
+ "var.desired_size"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "var.max_size"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "var.min_size"
+ ]
+ }
+ }
+ ],
+ "subnet_ids": {
+ "references": [
+ "var.subnet_ids"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.name"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "references": [
+ "var.timeouts"
+ ]
+ },
+ "delete": {
+ "references": [
+ "var.timeouts"
+ ]
+ },
+ "update": {
+ "references": [
+ "var.timeouts"
+ ]
+ }
+ },
+ "version": {
+ "references": [
+ "var.ami_id",
+ "var.cluster_version"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume_role_policy[0].json",
+ "data.aws_iam_policy_document.assume_role_policy[0]",
+ "data.aws_iam_policy_document.assume_role_policy"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.iam_role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "name": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.iam_role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.iam_role_permissions_boundary"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.iam_role_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.iam_role_additional_policies",
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "var.iam_role_attach_cni_policy",
+ "local.cni_policy",
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_launch_template.this",
+ "mode": "managed",
+ "type": "aws_launch_template",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "default_version": {
+ "references": [
+ "var.launch_template_default_version"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.launch_template_description"
+ ]
+ },
+ "disable_api_termination": {
+ "references": [
+ "var.disable_api_termination"
+ ]
+ },
+ "ebs_optimized": {
+ "references": [
+ "var.ebs_optimized"
+ ]
+ },
+ "image_id": {
+ "references": [
+ "var.ami_id"
+ ]
+ },
+ "kernel_id": {
+ "references": [
+ "var.kernel_id"
+ ]
+ },
+ "key_name": {
+ "references": [
+ "var.key_name"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.launch_template_use_name_prefix",
+ "local.launch_template_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.launch_template_use_name_prefix",
+ "local.launch_template_name"
+ ]
+ },
+ "ram_disk_id": {
+ "references": [
+ "var.ram_disk_id"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "update_default_version": {
+ "references": [
+ "var.update_launch_template_default_version"
+ ]
+ },
+ "user_data": {
+ "references": [
+ "module.user_data.user_data",
+ "module.user_data"
+ ]
+ },
+ "vpc_security_group_ids": {
+ "references": [
+ "var.network_interfaces",
+ "local.security_group_ids"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_launch_template",
+ "var.use_custom_launch_template"
+ ]
+ },
+ "depends_on": [
+ "aws_iam_role_policy_attachment.this"
+ ]
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume_role_policy",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "references": [
+ "data.aws_partition.current.dns_suffix",
+ "data.aws_partition.current"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ],
+ "sid": {
+ "constant_value": "EKSNodeAssumeRole"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "module_calls": {
+ "user_data": {
+ "source": "../_user_data",
+ "expressions": {
+ "bootstrap_extra_args": {
+ "references": [
+ "var.bootstrap_extra_args"
+ ]
+ },
+ "cluster_auth_base64": {
+ "references": [
+ "var.cluster_auth_base64"
+ ]
+ },
+ "cluster_endpoint": {
+ "references": [
+ "var.cluster_endpoint"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "cluster_service_ipv4_cidr": {
+ "references": [
+ "var.cluster_service_ipv4_cidr"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.create"
+ ]
+ },
+ "enable_bootstrap_user_data": {
+ "references": [
+ "var.enable_bootstrap_user_data"
+ ]
+ },
+ "platform": {
+ "references": [
+ "var.platform"
+ ]
+ },
+ "post_bootstrap_user_data": {
+ "references": [
+ "var.post_bootstrap_user_data"
+ ]
+ },
+ "pre_bootstrap_user_data": {
+ "references": [
+ "var.pre_bootstrap_user_data"
+ ]
+ },
+ "user_data_template_path": {
+ "references": [
+ "var.user_data_template_path"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "user_data": {
+ "expression": {
+ "references": [
+ "local.platform",
+ "var.platform"
+ ]
+ },
+ "description": "Base64 encoded user data rendered for the provided inputs"
+ }
+ },
+ "resources": [
+ {
+ "address": "data.cloudinit_config.linux_eks_managed_node_group",
+ "mode": "data",
+ "type": "cloudinit_config",
+ "name": "linux_eks_managed_node_group",
+ "provider_config_key": "module.eks.module.eks_managed_node_group.module.user_data:cloudinit",
+ "expressions": {
+ "base64_encode": {
+ "constant_value": true
+ },
+ "boundary": {
+ "constant_value": "//"
+ },
+ "gzip": {
+ "constant_value": false
+ },
+ "part": [
+ {
+ "content": {
+ "references": [
+ "var.pre_bootstrap_user_data"
+ ]
+ },
+ "content_type": {
+ "constant_value": "text/x-shellscript"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.platform",
+ "var.is_eks_managed_node_group",
+ "var.enable_bootstrap_user_data",
+ "var.pre_bootstrap_user_data",
+ "var.user_data_template_path"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "bootstrap_extra_args": {
+ "default": "",
+ "description": "Additional arguments passed to the bootstrap script. When `platform` = `bottlerocket`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
+ },
+ "cluster_auth_base64": {
+ "default": "",
+ "description": "Base64 encoded CA of associated EKS cluster"
+ },
+ "cluster_endpoint": {
+ "default": "",
+ "description": "Endpoint of associated EKS cluster"
+ },
+ "cluster_name": {
+ "default": "",
+ "description": "Name of the EKS cluster"
+ },
+ "cluster_service_ipv4_cidr": {
+ "default": null,
+ "description": "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether to create user-data or not"
+ },
+ "enable_bootstrap_user_data": {
+ "default": false,
+ "description": "Determines whether the bootstrap configurations are populated within the user data template"
+ },
+ "is_eks_managed_node_group": {
+ "default": true,
+ "description": "Determines whether the user data is used on nodes in an EKS managed node group. Used to determine if user data will be appended or not"
+ },
+ "platform": {
+ "default": "linux",
+ "description": "Identifies if the OS platform is `bottlerocket`, `linux`, or `windows` based"
+ },
+ "post_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "pre_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "user_data_template_path": {
+ "default": "",
+ "description": "Path to a local, custom user data template file to use when rendering user data"
+ }
+ }
+ }
+ }
+ },
+ "variables": {
+ "ami_id": {
+ "default": "",
+ "description": "The AMI from which to launch the instance. If not supplied, EKS will use its own default image"
+ },
+ "ami_release_version": {
+ "default": null,
+ "description": "AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version"
+ },
+ "ami_type": {
+ "default": null,
+ "description": "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Valid values are `AL2_x86_64`, `AL2_x86_64_GPU`, `AL2_ARM_64`, `CUSTOM`, `BOTTLEROCKET_ARM_64`, `BOTTLEROCKET_x86_64`"
+ },
+ "block_device_mappings": {
+ "default": {},
+ "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI"
+ },
+ "bootstrap_extra_args": {
+ "default": "",
+ "description": "Additional arguments passed to the bootstrap script. When `platform` = `bottlerocket`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
+ },
+ "capacity_reservation_specification": {
+ "default": {},
+ "description": "Targeting for EC2 capacity reservations"
+ },
+ "capacity_type": {
+ "default": "ON_DEMAND",
+ "description": "Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT`"
+ },
+ "cluster_auth_base64": {
+ "default": "",
+ "description": "Base64 encoded CA of associated EKS cluster"
+ },
+ "cluster_endpoint": {
+ "default": "",
+ "description": "Endpoint of associated EKS cluster"
+ },
+ "cluster_ip_family": {
+ "default": null,
+ "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
+ },
+ "cluster_name": {
+ "default": null,
+ "description": "Name of associated EKS cluster"
+ },
+ "cluster_primary_security_group_id": {
+ "default": null,
+ "description": "The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service"
+ },
+ "cluster_service_ipv4_cidr": {
+ "default": null,
+ "description": "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ },
+ "cluster_version": {
+ "default": null,
+ "description": "Kubernetes version. Defaults to EKS Cluster Kubernetes version"
+ },
+ "cpu_options": {
+ "default": {},
+ "description": "The CPU options for the instance"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether to create EKS managed node group or not"
+ },
+ "create_iam_role": {
+ "default": true,
+ "description": "Determines whether an IAM role is created or to use an existing IAM role"
+ },
+ "create_launch_template": {
+ "default": true,
+ "description": "Determines whether to create a launch template or not. If set to `false`, EKS will use its own default launch template"
+ },
+ "create_schedule": {
+ "default": true,
+ "description": "Determines whether to create autoscaling group schedule or not"
+ },
+ "credit_specification": {
+ "default": {},
+ "description": "Customize the credit specification of the instance"
+ },
+ "desired_size": {
+ "default": 1,
+ "description": "Desired number of instances/nodes"
+ },
+ "disable_api_termination": {
+ "default": null,
+ "description": "If true, enables EC2 instance termination protection"
+ },
+ "disk_size": {
+ "default": null,
+ "description": "Disk size in GiB for nodes. Defaults to `20`. Only valid when `use_custom_launch_template` = `false`"
+ },
+ "ebs_optimized": {
+ "default": null,
+ "description": "If true, the launched EC2 instance(s) will be EBS-optimized"
+ },
+ "elastic_gpu_specifications": {
+ "default": {},
+ "description": "The elastic GPU to attach to the instance"
+ },
+ "elastic_inference_accelerator": {
+ "default": {},
+ "description": "Configuration block containing an Elastic Inference Accelerator to attach to the instance"
+ },
+ "enable_bootstrap_user_data": {
+ "default": false,
+ "description": "Determines whether the bootstrap configurations are populated within the user data template. Only valid when using a custom AMI via `ami_id`"
+ },
+ "enable_monitoring": {
+ "default": true,
+ "description": "Enables/disables detailed monitoring"
+ },
+ "enclave_options": {
+ "default": {},
+ "description": "Enable Nitro Enclaves on launched instances"
+ },
+ "force_update_version": {
+ "default": null,
+ "description": "Force version update if existing pods are unable to be drained due to a pod disruption budget issue"
+ },
+ "iam_role_additional_policies": {
+ "default": {},
+ "description": "Additional policies to be added to the IAM role"
+ },
+ "iam_role_arn": {
+ "default": null,
+ "description": "Existing IAM role ARN for the node group. Required if `create_iam_role` is set to `false`"
+ },
+ "iam_role_attach_cni_policy": {
+ "default": true,
+ "description": "Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster"
+ },
+ "iam_role_description": {
+ "default": null,
+ "description": "Description of the role"
+ },
+ "iam_role_name": {
+ "default": null,
+ "description": "Name to use on IAM role created"
+ },
+ "iam_role_path": {
+ "default": null,
+ "description": "IAM role path"
+ },
+ "iam_role_permissions_boundary": {
+ "default": null,
+ "description": "ARN of the policy that is used to set the permissions boundary for the IAM role"
+ },
+ "iam_role_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the IAM role created"
+ },
+ "iam_role_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
+ },
+ "instance_market_options": {
+ "default": {},
+ "description": "The market (purchasing) option for the instance"
+ },
+ "instance_types": {
+ "default": null,
+ "description": "Set of instance types associated with the EKS Node Group. Defaults to `[\"t3.medium\"]`"
+ },
+ "kernel_id": {
+ "default": null,
+ "description": "The kernel ID"
+ },
+ "key_name": {
+ "default": null,
+ "description": "The key name that should be used for the instance(s)"
+ },
+ "labels": {
+ "default": null,
+ "description": "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed"
+ },
+ "launch_template_default_version": {
+ "default": null,
+ "description": "Default version of the launch template"
+ },
+ "launch_template_description": {
+ "default": null,
+ "description": "Description of the launch template"
+ },
+ "launch_template_id": {
+ "default": "",
+ "description": "The ID of an existing launch template to use. Required when `create_launch_template` = `false` and `use_custom_launch_template` = `true`"
+ },
+ "launch_template_name": {
+ "default": null,
+ "description": "Name of launch template to be created"
+ },
+ "launch_template_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the tag_specifications of launch template created"
+ },
+ "launch_template_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether to use `launch_template_name` as is or create a unique name beginning with the `launch_template_name` as the prefix"
+ },
+ "launch_template_version": {
+ "default": null,
+ "description": "Launch template version number. The default is `$Default`"
+ },
+ "license_specifications": {
+ "default": {},
+ "description": "A map of license specifications to associate with"
+ },
+ "maintenance_options": {
+ "default": {},
+ "description": "The maintenance options for the instance"
+ },
+ "max_size": {
+ "default": 3,
+ "description": "Maximum number of instances/nodes"
+ },
+ "metadata_options": {
+ "default": {
+ "http_endpoint": "enabled",
+ "http_put_response_hop_limit": "2",
+ "http_tokens": "required"
+ },
+ "description": "Customize the metadata options for the instance"
+ },
+ "min_size": {
+ "default": 0,
+ "description": "Minimum number of instances/nodes"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the EKS managed node group"
+ },
+ "network_interfaces": {
+ "default": [],
+ "description": "Customize network interfaces to be attached at instance boot time"
+ },
+ "placement": {
+ "default": {},
+ "description": "The placement of the instance"
+ },
+ "platform": {
+ "default": "linux",
+ "description": "Identifies if the OS platform is `bottlerocket` or `linux` based; `windows` is not supported"
+ },
+ "post_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "pre_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "private_dns_name_options": {
+ "default": {},
+ "description": "The options for the instance hostname. The default values are inherited from the subnet"
+ },
+ "ram_disk_id": {
+ "default": null,
+ "description": "The ID of the ram disk"
+ },
+ "remote_access": {
+ "default": {},
+ "description": "Configuration block with remote access settings. Only valid when `use_custom_launch_template` = `false`"
+ },
+ "schedules": {
+ "default": {},
+ "description": "Map of autoscaling group schedule to create"
+ },
+ "subnet_ids": {
+ "default": null,
+ "description": "Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME`"
+ },
+ "tag_specifications": {
+ "default": [
+ "instance",
+ "volume",
+ "network-interface"
+ ],
+ "description": "The tags to apply to the resources during launch"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "taints": {
+ "default": {},
+ "description": "The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group"
+ },
+ "timeouts": {
+ "default": {},
+ "description": "Create, update, and delete timeout configurations for the node group"
+ },
+ "update_config": {
+ "default": {
+ "max_unavailable_percentage": "33"
+ },
+ "description": "Configuration block of settings for max unavailable resources during node group updates"
+ },
+ "update_launch_template_default_version": {
+ "default": true,
+ "description": "Whether to update the launch templates default version on each update. Conflicts with `launch_template_default_version`"
+ },
+ "use_custom_launch_template": {
+ "default": true,
+ "description": "Determines whether to use a custom launch template or not. If set to `false`, EKS will use its own default launch template"
+ },
+ "use_name_prefix": {
+ "default": true,
+ "description": "Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix"
+ },
+ "user_data_template_path": {
+ "default": "",
+ "description": "Path to a local, custom user data template file to use when rendering user data"
+ },
+ "vpc_security_group_ids": {
+ "default": [],
+ "description": "A list of security group IDs to associate"
+ }
+ }
+ }
+ },
+ "fargate_profile": {
+ "source": "./modules/fargate-profile",
+ "expressions": {
+ "cluster_ip_family": {
+ "references": [
+ "var.cluster_ip_family"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_name\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "create": {
+ "references": [
+ "each.value.create",
+ "each.value"
+ ]
+ },
+ "create_iam_role": {
+ "references": [
+ "each.value.create_iam_role",
+ "each.value",
+ "var.fargate_profile_defaults.create_iam_role",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_additional_policies": {
+ "references": [
+ "each.value",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_arn": {
+ "references": [
+ "each.value.iam_role_arn",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_arn",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_attach_cni_policy": {
+ "references": [
+ "each.value.iam_role_attach_cni_policy",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_attach_cni_policy",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_description": {
+ "references": [
+ "each.value.iam_role_description",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_description",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_name": {
+ "references": [
+ "each.value.iam_role_name",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_name",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_path": {
+ "references": [
+ "each.value.iam_role_path",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_path",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_permissions_boundary": {
+ "references": [
+ "each.value.iam_role_permissions_boundary",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_permissions_boundary",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_tags": {
+ "references": [
+ "each.value.iam_role_tags",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_tags",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "iam_role_use_name_prefix": {
+ "references": [
+ "each.value.iam_role_use_name_prefix",
+ "each.value",
+ "var.fargate_profile_defaults.iam_role_use_name_prefix",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "selectors": {
+ "references": [
+ "each.value.selectors",
+ "each.value",
+ "var.fargate_profile_defaults.selectors",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "each.value.subnet_ids",
+ "each.value",
+ "var.fargate_profile_defaults.subnet_ids",
+ "var.fargate_profile_defaults",
+ "var.subnet_ids"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "each.value.tags",
+ "each.value",
+ "var.fargate_profile_defaults.tags",
+ "var.fargate_profile_defaults"
+ ]
+ },
+ "timeouts": {
+ "references": [
+ "each.value.timeouts",
+ "each.value",
+ "var.fargate_profile_defaults.timeouts",
+ "var.fargate_profile_defaults"
+ ]
+ }
+ },
+ "for_each_expression": {
+ "references": [
+ "var.fargate_profiles",
+ "var.create",
+ "local.create_outposts_local_cluster"
+ ]
+ },
+ "module": {
+ "outputs": {
+ "fargate_profile_arn": {
+ "expression": {
+ "references": [
+ "aws_eks_fargate_profile.this[0].arn",
+ "aws_eks_fargate_profile.this[0]",
+ "aws_eks_fargate_profile.this"
+ ]
+ },
+ "description": "Amazon Resource Name (ARN) of the EKS Fargate Profile"
+ },
+ "fargate_profile_id": {
+ "expression": {
+ "references": [
+ "aws_eks_fargate_profile.this[0].id",
+ "aws_eks_fargate_profile.this[0]",
+ "aws_eks_fargate_profile.this"
+ ]
+ },
+ "description": "EKS Cluster name and EKS Fargate Profile name separated by a colon (`:`)"
+ },
+ "fargate_profile_pod_execution_role_arn": {
+ "expression": {
+ "references": [
+ "aws_eks_fargate_profile.this[0].pod_execution_role_arn",
+ "aws_eks_fargate_profile.this[0]",
+ "aws_eks_fargate_profile.this"
+ ]
+ },
+ "description": "Amazon Resource Name (ARN) of the EKS Fargate Profile Pod execution role ARN"
+ },
+ "fargate_profile_status": {
+ "expression": {
+ "references": [
+ "aws_eks_fargate_profile.this[0].status",
+ "aws_eks_fargate_profile.this[0]",
+ "aws_eks_fargate_profile.this"
+ ]
+ },
+ "description": "Status of the EKS Fargate Profile"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this",
+ "var.iam_role_arn"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) specifying the IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "The name of the IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Stable and unique string identifying the IAM role"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_eks_fargate_profile.this",
+ "mode": "managed",
+ "type": "aws_eks_fargate_profile",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cluster_name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "fargate_profile_name": {
+ "references": [
+ "var.name"
+ ]
+ },
+ "pod_execution_role_arn": {
+ "references": [
+ "var.create_iam_role",
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this",
+ "var.iam_role_arn"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "var.subnet_ids"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume_role_policy[0].json",
+ "data.aws_iam_policy_document.assume_role_policy[0]",
+ "data.aws_iam_policy_document.assume_role_policy"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.iam_role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "name": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.iam_role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.iam_role_permissions_boundary"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.iam_role_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.iam_role_additional_policies",
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.iam_role_policy_prefix",
+ "var.iam_role_attach_cni_policy",
+ "local.cni_policy",
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume_role_policy",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "effect": {
+ "constant_value": "Allow"
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "constant_value": [
+ "eks-fargate-pods.amazonaws.com"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "variables": {
+ "cluster_ip_family": {
+ "default": null,
+ "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
+ },
+ "cluster_name": {
+ "default": null,
+ "description": "Name of the EKS cluster"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether to create Fargate profile or not"
+ },
+ "create_iam_role": {
+ "default": true,
+ "description": "Determines whether an IAM role is created or to use an existing IAM role"
+ },
+ "iam_role_additional_policies": {
+ "default": {},
+ "description": "Additional policies to be added to the IAM role"
+ },
+ "iam_role_arn": {
+ "default": null,
+ "description": "Existing IAM role ARN for the Fargate profile. Required if `create_iam_role` is set to `false`"
+ },
+ "iam_role_attach_cni_policy": {
+ "default": true,
+ "description": "Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster"
+ },
+ "iam_role_description": {
+ "default": null,
+ "description": "Description of the role"
+ },
+ "iam_role_name": {
+ "default": "",
+ "description": "Name to use on IAM role created"
+ },
+ "iam_role_path": {
+ "default": null,
+ "description": "IAM role path"
+ },
+ "iam_role_permissions_boundary": {
+ "default": null,
+ "description": "ARN of the policy that is used to set the permissions boundary for the IAM role"
+ },
+ "iam_role_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the IAM role created"
+ },
+ "iam_role_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the EKS Fargate Profile"
+ },
+ "selectors": {
+ "default": [],
+ "description": "Configuration block(s) for selecting Kubernetes Pods to execute with this Fargate Profile"
+ },
+ "subnet_ids": {
+ "default": [],
+ "description": "A list of subnet IDs for the EKS Fargate Profile"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeouts": {
+ "default": {},
+ "description": "Create and delete timeout configurations for the Fargate Profile"
+ }
+ }
+ }
+ },
+ "kms": {
+ "source": "terraform-aws-modules/kms/aws",
+ "expressions": {
+ "aliases": {
+ "references": [
+ "var.kms_key_aliases"
+ ]
+ },
+ "computed_aliases": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "create": {
+ "references": [
+ "local.create",
+ "var.create_kms_key",
+ "local.enable_cluster_encryption_config"
+ ]
+ },
+ "deletion_window_in_days": {
+ "references": [
+ "var.kms_key_deletion_window_in_days"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.kms_key_description",
+ "var.cluster_name"
+ ]
+ },
+ "enable_default_policy": {
+ "references": [
+ "var.kms_key_enable_default_policy"
+ ]
+ },
+ "enable_key_rotation": {
+ "references": [
+ "var.enable_kms_key_rotation"
+ ]
+ },
+ "key_administrators": {
+ "references": [
+ "var.kms_key_administrators",
+ "data.aws_iam_session_context.current.issuer_arn",
+ "data.aws_iam_session_context.current"
+ ]
+ },
+ "key_owners": {
+ "references": [
+ "var.kms_key_owners"
+ ]
+ },
+ "key_service_users": {
+ "references": [
+ "var.kms_key_service_users"
+ ]
+ },
+ "key_usage": {
+ "constant_value": "ENCRYPT_DECRYPT"
+ },
+ "key_users": {
+ "references": [
+ "local.cluster_role",
+ "var.kms_key_users"
+ ]
+ },
+ "override_policy_documents": {
+ "references": [
+ "var.kms_key_override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.kms_key_source_policy_documents"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "aliases": {
+ "expression": {
+ "references": [
+ "aws_kms_alias.this"
+ ]
+ },
+ "description": "A map of aliases created and their attributes"
+ },
+ "external_key_expiration_model": {
+ "expression": {
+ "references": [
+ "aws_kms_external_key.this[0].expiration_model",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`"
+ },
+ "external_key_state": {
+ "expression": {
+ "references": [
+ "aws_kms_external_key.this[0].key_state",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "The state of the CMK"
+ },
+ "external_key_usage": {
+ "expression": {
+ "references": [
+ "aws_kms_external_key.this[0].key_usage",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "The cryptographic operations for which you can use the CMK"
+ },
+ "grants": {
+ "expression": {
+ "references": [
+ "aws_kms_grant.this"
+ ]
+ },
+ "description": "A map of grants created and their attributes"
+ },
+ "key_arn": {
+ "expression": {
+ "references": [
+ "aws_kms_key.this[0].arn",
+ "aws_kms_key.this[0]",
+ "aws_kms_key.this",
+ "aws_kms_external_key.this[0].arn",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) of the key"
+ },
+ "key_id": {
+ "expression": {
+ "references": [
+ "aws_kms_key.this[0].key_id",
+ "aws_kms_key.this[0]",
+ "aws_kms_key.this",
+ "aws_kms_external_key.this[0].id",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "The globally unique identifier for the key"
+ },
+ "key_policy": {
+ "expression": {
+ "references": [
+ "aws_kms_key.this[0].policy",
+ "aws_kms_key.this[0]",
+ "aws_kms_key.this",
+ "aws_kms_external_key.this[0].policy",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this"
+ ]
+ },
+ "description": "The IAM resource policy set on the key"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_kms_alias.this",
+ "mode": "managed",
+ "type": "aws_kms_alias",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "name": {
+ "references": [
+ "var.aliases_use_name_prefix",
+ "each.value.name",
+ "each.value"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.aliases_use_name_prefix",
+ "each.value.name",
+ "each.value"
+ ]
+ },
+ "target_key_id": {
+ "references": [
+ "var.create_external",
+ "aws_kms_external_key.this[0].id",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this",
+ "aws_kms_key.this[0].key_id",
+ "aws_kms_key.this[0]",
+ "aws_kms_key.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.aliases",
+ "var.computed_aliases",
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_kms_external_key.this",
+ "mode": "managed",
+ "type": "aws_kms_external_key",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "bypass_policy_lockout_safety_check": {
+ "references": [
+ "var.bypass_policy_lockout_safety_check"
+ ]
+ },
+ "deletion_window_in_days": {
+ "references": [
+ "var.deletion_window_in_days"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "enabled": {
+ "references": [
+ "var.is_enabled"
+ ]
+ },
+ "key_material_base64": {
+ "references": [
+ "var.key_material_base64"
+ ]
+ },
+ "multi_region": {
+ "references": [
+ "var.multi_region"
+ ]
+ },
+ "policy": {
+ "references": [
+ "var.policy",
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "valid_to": {
+ "references": [
+ "var.valid_to"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_external"
+ ]
+ }
+ },
+ {
+ "address": "aws_kms_grant.this",
+ "mode": "managed",
+ "type": "aws_kms_grant",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "grant_creation_tokens": {
+ "references": [
+ "each.value.grant_creation_tokens",
+ "each.value"
+ ]
+ },
+ "grantee_principal": {
+ "references": [
+ "each.value.grantee_principal",
+ "each.value"
+ ]
+ },
+ "key_id": {
+ "references": [
+ "var.create_external",
+ "aws_kms_external_key.this[0].id",
+ "aws_kms_external_key.this[0]",
+ "aws_kms_external_key.this",
+ "aws_kms_key.this[0].key_id",
+ "aws_kms_key.this[0]",
+ "aws_kms_key.this"
+ ]
+ },
+ "name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "operations": {
+ "references": [
+ "each.value.operations",
+ "each.value"
+ ]
+ },
+ "retire_on_delete": {
+ "references": [
+ "each.value.retire_on_delete",
+ "each.value"
+ ]
+ },
+ "retiring_principal": {
+ "references": [
+ "each.value.retiring_principal",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.grants",
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_kms_key.this",
+ "mode": "managed",
+ "type": "aws_kms_key",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "bypass_policy_lockout_safety_check": {
+ "references": [
+ "var.bypass_policy_lockout_safety_check"
+ ]
+ },
+ "customer_master_key_spec": {
+ "references": [
+ "var.customer_master_key_spec"
+ ]
+ },
+ "deletion_window_in_days": {
+ "references": [
+ "var.deletion_window_in_days"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "enable_key_rotation": {
+ "references": [
+ "var.enable_key_rotation"
+ ]
+ },
+ "is_enabled": {
+ "references": [
+ "var.is_enabled"
+ ]
+ },
+ "key_usage": {
+ "references": [
+ "var.key_usage"
+ ]
+ },
+ "multi_region": {
+ "references": [
+ "var.multi_region"
+ ]
+ },
+ "policy": {
+ "references": [
+ "var.policy",
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_external"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "variables": {
+ "aliases": {
+ "default": [],
+ "description": "A list of aliases to create. Note - due to the use of `toset()`, values must be static strings and not computed values"
+ },
+ "aliases_use_name_prefix": {
+ "default": false,
+ "description": "Determines whether the alias name is used as a prefix"
+ },
+ "bypass_policy_lockout_safety_check": {
+ "default": null,
+ "description": "A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable"
+ },
+ "computed_aliases": {
+ "default": {},
+ "description": "A map of aliases to create. Values provided via the `name` key of the map can be computed from upstream resources"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether resources will be created (affects all resources)"
+ },
+ "create_external": {
+ "default": false,
+ "description": "Determines whether an external CMK (externally provided material) will be created or a standard CMK (AWS provided material)"
+ },
+ "customer_master_key_spec": {
+ "default": null,
+ "description": "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`"
+ },
+ "deletion_window_in_days": {
+ "default": null,
+ "description": "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`"
+ },
+ "description": {
+ "default": null,
+ "description": "The description of the key as viewed in AWS console"
+ },
+ "enable_default_policy": {
+ "default": true,
+ "description": "Specifies whether to enable the default key policy. Defaults to `true`"
+ },
+ "enable_key_rotation": {
+ "default": true,
+ "description": "Specifies whether key rotation is enabled. Defaults to `true`"
+ },
+ "grants": {
+ "default": {},
+ "description": "A map of grant definitions to create"
+ },
+ "is_enabled": {
+ "default": null,
+ "description": "Specifies whether the key is enabled. Defaults to `true`"
+ },
+ "key_administrators": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key administrators](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-administrators)"
+ },
+ "key_asymmetric_public_encryption_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key asymmetric public encryption users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-users-crypto)"
+ },
+ "key_asymmetric_sign_verify_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key asymmetric sign and verify users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-users-crypto)"
+ },
+ "key_hmac_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key HMAC users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-users-crypto)"
+ },
+ "key_material_base64": {
+ "default": null,
+ "description": "Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. External key only"
+ },
+ "key_owners": {
+ "default": [],
+ "description": "A list of IAM ARNs for those who will have full key permissions (`kms:*`)"
+ },
+ "key_service_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key service users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-service-integration)"
+ },
+ "key_symmetric_encryption_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key symmetric encryption users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-users-crypto)"
+ },
+ "key_usage": {
+ "default": null,
+ "description": "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. Defaults to `ENCRYPT_DECRYPT`"
+ },
+ "key_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-users)"
+ },
+ "multi_region": {
+ "default": false,
+ "description": "Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy": {
+ "default": null,
+ "description": "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws_iam_policy_document`, in the form that designates a principal, can be used"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "valid_to": {
+ "default": null,
+ "description": "Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire"
+ }
+ }
+ },
+ "version_constraint": "1.1.0"
+ },
+ "self_managed_node_group": {
+ "source": "./modules/self-managed-node-group",
+ "expressions": {
+ "ami_id": {
+ "references": [
+ "each.value.ami_id",
+ "each.value",
+ "var.self_managed_node_group_defaults.ami_id",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "autoscaling_group_tags": {
+ "references": [
+ "each.value.autoscaling_group_tags",
+ "each.value",
+ "var.self_managed_node_group_defaults.autoscaling_group_tags",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "availability_zones": {
+ "references": [
+ "each.value.availability_zones",
+ "each.value",
+ "var.self_managed_node_group_defaults.availability_zones",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "block_device_mappings": {
+ "references": [
+ "each.value.block_device_mappings",
+ "each.value",
+ "var.self_managed_node_group_defaults.block_device_mappings",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "bootstrap_extra_args": {
+ "references": [
+ "each.value.bootstrap_extra_args",
+ "each.value",
+ "var.self_managed_node_group_defaults.bootstrap_extra_args",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "capacity_rebalance": {
+ "references": [
+ "each.value.capacity_rebalance",
+ "each.value",
+ "var.self_managed_node_group_defaults.capacity_rebalance",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "capacity_reservation_specification": {
+ "references": [
+ "each.value.capacity_reservation_specification",
+ "each.value",
+ "var.self_managed_node_group_defaults.capacity_reservation_specification",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "cluster_auth_base64": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_certificate_authority_data\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_endpoint": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_endpoint\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_ip_family": {
+ "references": [
+ "var.cluster_ip_family"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "time_sleep.this[0].triggers[\"cluster_name\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "cluster_primary_security_group_id": {
+ "references": [
+ "each.value.attach_cluster_primary_security_group",
+ "each.value",
+ "var.self_managed_node_group_defaults.attach_cluster_primary_security_group",
+ "var.self_managed_node_group_defaults",
+ "aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id",
+ "aws_eks_cluster.this[0].vpc_config[0]",
+ "aws_eks_cluster.this[0].vpc_config",
+ "aws_eks_cluster.this[0]",
+ "aws_eks_cluster.this"
+ ]
+ },
+ "cluster_version": {
+ "references": [
+ "each.value.cluster_version",
+ "each.value",
+ "var.self_managed_node_group_defaults.cluster_version",
+ "var.self_managed_node_group_defaults",
+ "time_sleep.this[0].triggers[\"cluster_version\"]",
+ "time_sleep.this[0].triggers",
+ "time_sleep.this[0]",
+ "time_sleep.this"
+ ]
+ },
+ "context": {
+ "references": [
+ "each.value.context",
+ "each.value",
+ "var.self_managed_node_group_defaults.context",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "cpu_options": {
+ "references": [
+ "each.value.cpu_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.cpu_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "create": {
+ "references": [
+ "each.value.create",
+ "each.value"
+ ]
+ },
+ "create_autoscaling_group": {
+ "references": [
+ "each.value.create_autoscaling_group",
+ "each.value",
+ "var.self_managed_node_group_defaults.create_autoscaling_group",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "create_iam_instance_profile": {
+ "references": [
+ "each.value.create_iam_instance_profile",
+ "each.value",
+ "var.self_managed_node_group_defaults.create_iam_instance_profile",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "create_launch_template": {
+ "references": [
+ "each.value.create_launch_template",
+ "each.value",
+ "var.self_managed_node_group_defaults.create_launch_template",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "create_schedule": {
+ "references": [
+ "each.value.create_schedule",
+ "each.value",
+ "var.self_managed_node_group_defaults.create_schedule",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "credit_specification": {
+ "references": [
+ "each.value.credit_specification",
+ "each.value",
+ "var.self_managed_node_group_defaults.credit_specification",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "default_cooldown": {
+ "references": [
+ "each.value.default_cooldown",
+ "each.value",
+ "var.self_managed_node_group_defaults.default_cooldown",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "default_instance_warmup": {
+ "references": [
+ "each.value.default_instance_warmup",
+ "each.value",
+ "var.self_managed_node_group_defaults.default_instance_warmup",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "delete_timeout": {
+ "references": [
+ "each.value.delete_timeout",
+ "each.value",
+ "var.self_managed_node_group_defaults.delete_timeout",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "desired_size": {
+ "references": [
+ "each.value.desired_size",
+ "each.value",
+ "var.self_managed_node_group_defaults.desired_size",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "disable_api_termination": {
+ "references": [
+ "each.value.disable_api_termination",
+ "each.value",
+ "var.self_managed_node_group_defaults.disable_api_termination",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "ebs_optimized": {
+ "references": [
+ "each.value.ebs_optimized",
+ "each.value",
+ "var.self_managed_node_group_defaults.ebs_optimized",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "elastic_gpu_specifications": {
+ "references": [
+ "each.value.elastic_gpu_specifications",
+ "each.value",
+ "var.self_managed_node_group_defaults.elastic_gpu_specifications",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "elastic_inference_accelerator": {
+ "references": [
+ "each.value.elastic_inference_accelerator",
+ "each.value",
+ "var.self_managed_node_group_defaults.elastic_inference_accelerator",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "enable_monitoring": {
+ "references": [
+ "each.value.enable_monitoring",
+ "each.value",
+ "var.self_managed_node_group_defaults.enable_monitoring",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "enabled_metrics": {
+ "references": [
+ "each.value.enabled_metrics",
+ "each.value",
+ "var.self_managed_node_group_defaults.enabled_metrics",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "enclave_options": {
+ "references": [
+ "each.value.enclave_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.enclave_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "force_delete": {
+ "references": [
+ "each.value.force_delete",
+ "each.value",
+ "var.self_managed_node_group_defaults.force_delete",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "force_delete_warm_pool": {
+ "references": [
+ "each.value.force_delete_warm_pool",
+ "each.value",
+ "var.self_managed_node_group_defaults.force_delete_warm_pool",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "health_check_grace_period": {
+ "references": [
+ "each.value.health_check_grace_period",
+ "each.value",
+ "var.self_managed_node_group_defaults.health_check_grace_period",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "health_check_type": {
+ "references": [
+ "each.value.health_check_type",
+ "each.value",
+ "var.self_managed_node_group_defaults.health_check_type",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "hibernation_options": {
+ "references": [
+ "each.value.hibernation_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.hibernation_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_instance_profile_arn": {
+ "references": [
+ "each.value.iam_instance_profile_arn",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_instance_profile_arn",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_additional_policies": {
+ "references": [
+ "each.value",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_attach_cni_policy": {
+ "references": [
+ "each.value.iam_role_attach_cni_policy",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_attach_cni_policy",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_description": {
+ "references": [
+ "each.value.iam_role_description",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_description",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_name": {
+ "references": [
+ "each.value.iam_role_name",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_name",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_path": {
+ "references": [
+ "each.value.iam_role_path",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_path",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_permissions_boundary": {
+ "references": [
+ "each.value.iam_role_permissions_boundary",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_permissions_boundary",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_tags": {
+ "references": [
+ "each.value.iam_role_tags",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_tags",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "iam_role_use_name_prefix": {
+ "references": [
+ "each.value.iam_role_use_name_prefix",
+ "each.value",
+ "var.self_managed_node_group_defaults.iam_role_use_name_prefix",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "initial_lifecycle_hooks": {
+ "references": [
+ "each.value.initial_lifecycle_hooks",
+ "each.value",
+ "var.self_managed_node_group_defaults.initial_lifecycle_hooks",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "instance_initiated_shutdown_behavior": {
+ "references": [
+ "each.value.instance_initiated_shutdown_behavior",
+ "each.value",
+ "var.self_managed_node_group_defaults.instance_initiated_shutdown_behavior",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "instance_market_options": {
+ "references": [
+ "each.value.instance_market_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.instance_market_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "instance_refresh": {
+ "references": [
+ "each.value.instance_refresh",
+ "each.value",
+ "var.self_managed_node_group_defaults.instance_refresh",
+ "var.self_managed_node_group_defaults",
+ "local.default_instance_refresh"
+ ]
+ },
+ "instance_requirements": {
+ "references": [
+ "each.value.instance_requirements",
+ "each.value",
+ "var.self_managed_node_group_defaults.instance_requirements",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "instance_type": {
+ "references": [
+ "each.value.instance_type",
+ "each.value",
+ "var.self_managed_node_group_defaults.instance_type",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "kernel_id": {
+ "references": [
+ "each.value.kernel_id",
+ "each.value",
+ "var.self_managed_node_group_defaults.kernel_id",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "key_name": {
+ "references": [
+ "each.value.key_name",
+ "each.value",
+ "var.self_managed_node_group_defaults.key_name",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_default_version": {
+ "references": [
+ "each.value.launch_template_default_version",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_default_version",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_description": {
+ "references": [
+ "each.value.launch_template_description",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_description",
+ "var.self_managed_node_group_defaults",
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "launch_template_id": {
+ "references": [
+ "each.value.launch_template_id",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_id",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_name": {
+ "references": [
+ "each.value.launch_template_name",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_name",
+ "var.self_managed_node_group_defaults",
+ "each.key"
+ ]
+ },
+ "launch_template_tags": {
+ "references": [
+ "each.value.launch_template_tags",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_tags",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_use_name_prefix": {
+ "references": [
+ "each.value.launch_template_use_name_prefix",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_use_name_prefix",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "launch_template_version": {
+ "references": [
+ "each.value.launch_template_version",
+ "each.value",
+ "var.self_managed_node_group_defaults.launch_template_version",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "license_specifications": {
+ "references": [
+ "each.value.license_specifications",
+ "each.value",
+ "var.self_managed_node_group_defaults.license_specifications",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "maintenance_options": {
+ "references": [
+ "each.value.maintenance_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.maintenance_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "max_instance_lifetime": {
+ "references": [
+ "each.value.max_instance_lifetime",
+ "each.value",
+ "var.self_managed_node_group_defaults.max_instance_lifetime",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "each.value.max_size",
+ "each.value",
+ "var.self_managed_node_group_defaults.max_size",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "metadata_options": {
+ "references": [
+ "each.value.metadata_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.metadata_options",
+ "var.self_managed_node_group_defaults",
+ "local.metadata_options"
+ ]
+ },
+ "metrics_granularity": {
+ "references": [
+ "each.value.metrics_granularity",
+ "each.value",
+ "var.self_managed_node_group_defaults.metrics_granularity",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "min_elb_capacity": {
+ "references": [
+ "each.value.min_elb_capacity",
+ "each.value",
+ "var.self_managed_node_group_defaults.min_elb_capacity",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "each.value.min_size",
+ "each.value",
+ "var.self_managed_node_group_defaults.min_size",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "mixed_instances_policy": {
+ "references": [
+ "each.value.mixed_instances_policy",
+ "each.value",
+ "var.self_managed_node_group_defaults.mixed_instances_policy",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "network_interfaces": {
+ "references": [
+ "each.value.network_interfaces",
+ "each.value",
+ "var.self_managed_node_group_defaults.network_interfaces",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "placement": {
+ "references": [
+ "each.value.placement",
+ "each.value",
+ "var.self_managed_node_group_defaults.placement",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "placement_group": {
+ "references": [
+ "each.value.placement_group",
+ "each.value",
+ "var.self_managed_node_group_defaults.placement_group",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "platform": {
+ "references": [
+ "each.value.platform",
+ "each.value",
+ "var.self_managed_node_group_defaults.platform",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "post_bootstrap_user_data": {
+ "references": [
+ "each.value.post_bootstrap_user_data",
+ "each.value",
+ "var.self_managed_node_group_defaults.post_bootstrap_user_data",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "pre_bootstrap_user_data": {
+ "references": [
+ "each.value.pre_bootstrap_user_data",
+ "each.value",
+ "var.self_managed_node_group_defaults.pre_bootstrap_user_data",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "private_dns_name_options": {
+ "references": [
+ "each.value.private_dns_name_options",
+ "each.value",
+ "var.self_managed_node_group_defaults.private_dns_name_options",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "protect_from_scale_in": {
+ "references": [
+ "each.value.protect_from_scale_in",
+ "each.value",
+ "var.self_managed_node_group_defaults.protect_from_scale_in",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "ram_disk_id": {
+ "references": [
+ "each.value.ram_disk_id",
+ "each.value",
+ "var.self_managed_node_group_defaults.ram_disk_id",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "schedules": {
+ "references": [
+ "each.value.schedules",
+ "each.value",
+ "var.self_managed_node_group_defaults.schedules",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "service_linked_role_arn": {
+ "references": [
+ "each.value.service_linked_role_arn",
+ "each.value",
+ "var.self_managed_node_group_defaults.service_linked_role_arn",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "each.value.subnet_ids",
+ "each.value",
+ "var.self_managed_node_group_defaults.subnet_ids",
+ "var.self_managed_node_group_defaults",
+ "var.subnet_ids"
+ ]
+ },
+ "suspended_processes": {
+ "references": [
+ "each.value.suspended_processes",
+ "each.value",
+ "var.self_managed_node_group_defaults.suspended_processes",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "tag_specifications": {
+ "references": [
+ "each.value.tag_specifications",
+ "each.value",
+ "var.self_managed_node_group_defaults.tag_specifications",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "each.value.tags",
+ "each.value",
+ "var.self_managed_node_group_defaults.tags",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "target_group_arns": {
+ "references": [
+ "each.value.target_group_arns",
+ "each.value",
+ "var.self_managed_node_group_defaults.target_group_arns",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "termination_policies": {
+ "references": [
+ "each.value.termination_policies",
+ "each.value",
+ "var.self_managed_node_group_defaults.termination_policies",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "update_launch_template_default_version": {
+ "references": [
+ "each.value.update_launch_template_default_version",
+ "each.value",
+ "var.self_managed_node_group_defaults.update_launch_template_default_version",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "use_mixed_instances_policy": {
+ "references": [
+ "each.value.use_mixed_instances_policy",
+ "each.value",
+ "var.self_managed_node_group_defaults.use_mixed_instances_policy",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "use_name_prefix": {
+ "references": [
+ "each.value.use_name_prefix",
+ "each.value",
+ "var.self_managed_node_group_defaults.use_name_prefix",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "user_data_template_path": {
+ "references": [
+ "each.value.user_data_template_path",
+ "each.value",
+ "var.self_managed_node_group_defaults.user_data_template_path",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "vpc_security_group_ids": {
+ "references": [
+ "local.node_security_group_id",
+ "each.value.vpc_security_group_ids",
+ "each.value",
+ "var.self_managed_node_group_defaults.vpc_security_group_ids",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "wait_for_capacity_timeout": {
+ "references": [
+ "each.value.wait_for_capacity_timeout",
+ "each.value",
+ "var.self_managed_node_group_defaults.wait_for_capacity_timeout",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "wait_for_elb_capacity": {
+ "references": [
+ "each.value.wait_for_elb_capacity",
+ "each.value",
+ "var.self_managed_node_group_defaults.wait_for_elb_capacity",
+ "var.self_managed_node_group_defaults"
+ ]
+ },
+ "warm_pool": {
+ "references": [
+ "each.value.warm_pool",
+ "each.value",
+ "var.self_managed_node_group_defaults.warm_pool",
+ "var.self_managed_node_group_defaults"
+ ]
+ }
+ },
+ "for_each_expression": {
+ "references": [
+ "var.self_managed_node_groups",
+ "var.create"
+ ]
+ },
+ "module": {
+ "outputs": {
+ "autoscaling_group_arn": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].arn",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The ARN for this autoscaling group"
+ },
+ "autoscaling_group_availability_zones": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].availability_zones",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The availability zones of the autoscaling group"
+ },
+ "autoscaling_group_default_cooldown": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].default_cooldown",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "Time between a scaling activity and the succeeding scaling activity"
+ },
+ "autoscaling_group_desired_capacity": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].desired_capacity",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The number of Amazon EC2 instances that should be running in the group"
+ },
+ "autoscaling_group_health_check_grace_period": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].health_check_grace_period",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "Time after instance comes into service before checking health"
+ },
+ "autoscaling_group_health_check_type": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].health_check_type",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "EC2 or ELB. Controls how health checking is done"
+ },
+ "autoscaling_group_id": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].id",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The autoscaling group id"
+ },
+ "autoscaling_group_max_size": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].max_size",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The maximum size of the autoscaling group"
+ },
+ "autoscaling_group_min_size": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].min_size",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The minimum size of the autoscaling group"
+ },
+ "autoscaling_group_name": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].name",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The autoscaling group name"
+ },
+ "autoscaling_group_schedule_arns": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_schedule.this"
+ ]
+ },
+ "description": "ARNs of autoscaling group schedules"
+ },
+ "autoscaling_group_vpc_zone_identifier": {
+ "expression": {
+ "references": [
+ "aws_autoscaling_group.this[0].vpc_zone_identifier",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "description": "The VPC zone identifier"
+ },
+ "iam_instance_profile_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_instance_profile.this[0].arn",
+ "aws_iam_instance_profile.this[0]",
+ "aws_iam_instance_profile.this",
+ "var.iam_instance_profile_arn"
+ ]
+ },
+ "description": "ARN assigned by AWS to the instance profile"
+ },
+ "iam_instance_profile_id": {
+ "expression": {
+ "references": [
+ "aws_iam_instance_profile.this[0].id",
+ "aws_iam_instance_profile.this[0]",
+ "aws_iam_instance_profile.this"
+ ]
+ },
+ "description": "Instance profile's ID"
+ },
+ "iam_instance_profile_unique": {
+ "expression": {
+ "references": [
+ "aws_iam_instance_profile.this[0].unique_id",
+ "aws_iam_instance_profile.this[0]",
+ "aws_iam_instance_profile.this"
+ ]
+ },
+ "description": "Stable and unique string identifying the IAM instance profile"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "The Amazon Resource Name (ARN) specifying the IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "The name of the IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Stable and unique string identifying the IAM role"
+ },
+ "image_id": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].image_id",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "ID of the image"
+ },
+ "launch_template_arn": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].arn",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The ARN of the launch template"
+ },
+ "launch_template_id": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].id",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The ID of the launch template"
+ },
+ "launch_template_latest_version": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].latest_version",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The latest version of the launch template"
+ },
+ "launch_template_name": {
+ "expression": {
+ "references": [
+ "aws_launch_template.this[0].name",
+ "aws_launch_template.this[0]",
+ "aws_launch_template.this"
+ ]
+ },
+ "description": "The name of the launch template"
+ },
+ "platform": {
+ "expression": {
+ "references": [
+ "var.platform"
+ ]
+ },
+ "description": "Identifies if the OS platform is `bottlerocket`, `linux`, or `windows` based"
+ },
+ "user_data": {
+ "expression": {
+ "references": [
+ "module.user_data.user_data",
+ "module.user_data"
+ ]
+ },
+ "description": "Base64 encoded user data"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_autoscaling_group.this",
+ "mode": "managed",
+ "type": "aws_autoscaling_group",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "availability_zones": {
+ "references": [
+ "var.availability_zones"
+ ]
+ },
+ "capacity_rebalance": {
+ "references": [
+ "var.capacity_rebalance"
+ ]
+ },
+ "context": {
+ "references": [
+ "var.context"
+ ]
+ },
+ "default_cooldown": {
+ "references": [
+ "var.default_cooldown"
+ ]
+ },
+ "default_instance_warmup": {
+ "references": [
+ "var.default_instance_warmup"
+ ]
+ },
+ "desired_capacity": {
+ "references": [
+ "var.desired_size"
+ ]
+ },
+ "enabled_metrics": {
+ "references": [
+ "var.enabled_metrics"
+ ]
+ },
+ "force_delete": {
+ "references": [
+ "var.force_delete"
+ ]
+ },
+ "force_delete_warm_pool": {
+ "references": [
+ "var.force_delete_warm_pool"
+ ]
+ },
+ "health_check_grace_period": {
+ "references": [
+ "var.health_check_grace_period"
+ ]
+ },
+ "health_check_type": {
+ "references": [
+ "var.health_check_type"
+ ]
+ },
+ "max_instance_lifetime": {
+ "references": [
+ "var.max_instance_lifetime"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "var.max_size"
+ ]
+ },
+ "metrics_granularity": {
+ "references": [
+ "var.metrics_granularity"
+ ]
+ },
+ "min_elb_capacity": {
+ "references": [
+ "var.min_elb_capacity"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "var.min_size"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.use_name_prefix",
+ "var.name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "var.name"
+ ]
+ },
+ "placement_group": {
+ "references": [
+ "var.placement_group"
+ ]
+ },
+ "protect_from_scale_in": {
+ "references": [
+ "var.protect_from_scale_in"
+ ]
+ },
+ "service_linked_role_arn": {
+ "references": [
+ "var.service_linked_role_arn"
+ ]
+ },
+ "suspended_processes": {
+ "references": [
+ "var.suspended_processes"
+ ]
+ },
+ "target_group_arns": {
+ "references": [
+ "var.target_group_arns"
+ ]
+ },
+ "termination_policies": {
+ "references": [
+ "var.termination_policies"
+ ]
+ },
+ "timeouts": {
+ "delete": {
+ "references": [
+ "var.delete_timeout"
+ ]
+ }
+ },
+ "vpc_zone_identifier": {
+ "references": [
+ "var.subnet_ids"
+ ]
+ },
+ "wait_for_capacity_timeout": {
+ "references": [
+ "var.wait_for_capacity_timeout"
+ ]
+ },
+ "wait_for_elb_capacity": {
+ "references": [
+ "var.wait_for_elb_capacity"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_autoscaling_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_autoscaling_schedule.this",
+ "mode": "managed",
+ "type": "aws_autoscaling_schedule",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "autoscaling_group_name": {
+ "references": [
+ "aws_autoscaling_group.this[0].name",
+ "aws_autoscaling_group.this[0]",
+ "aws_autoscaling_group.this"
+ ]
+ },
+ "desired_capacity": {
+ "references": [
+ "each.value.desired_size",
+ "each.value"
+ ]
+ },
+ "end_time": {
+ "references": [
+ "each.value.end_time",
+ "each.value"
+ ]
+ },
+ "max_size": {
+ "references": [
+ "each.value.max_size",
+ "each.value"
+ ]
+ },
+ "min_size": {
+ "references": [
+ "each.value.min_size",
+ "each.value"
+ ]
+ },
+ "recurrence": {
+ "references": [
+ "each.value.recurrence",
+ "each.value"
+ ]
+ },
+ "scheduled_action_name": {
+ "references": [
+ "each.key"
+ ]
+ },
+ "start_time": {
+ "references": [
+ "each.value.start_time",
+ "each.value"
+ ]
+ },
+ "time_zone": {
+ "references": [
+ "each.value.time_zone",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.schedules",
+ "var.create",
+ "var.create_schedule"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_instance_profile.this",
+ "mode": "managed",
+ "type": "aws_iam_instance_profile",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "name": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.iam_role_path"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.iam_role_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_instance_profile"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume_role_policy[0].json",
+ "data.aws_iam_policy_document.assume_role_policy[0]",
+ "data.aws_iam_policy_document.assume_role_policy"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.iam_role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "name": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.iam_role_use_name_prefix",
+ "local.iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.iam_role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.iam_role_permissions_boundary"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.iam_role_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_instance_profile"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.iam_role_additional_policies",
+ "var.create",
+ "var.create_iam_instance_profile"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "var.iam_role_attach_cni_policy",
+ "local.cni_policy",
+ "var.create",
+ "var.create_iam_instance_profile"
+ ]
+ }
+ },
+ {
+ "address": "aws_launch_template.this",
+ "mode": "managed",
+ "type": "aws_launch_template",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "default_version": {
+ "references": [
+ "var.launch_template_default_version"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.launch_template_description"
+ ]
+ },
+ "disable_api_termination": {
+ "references": [
+ "var.disable_api_termination"
+ ]
+ },
+ "ebs_optimized": {
+ "references": [
+ "var.ebs_optimized"
+ ]
+ },
+ "iam_instance_profile": [
+ {
+ "arn": {
+ "references": [
+ "var.create_iam_instance_profile",
+ "aws_iam_instance_profile.this[0].arn",
+ "aws_iam_instance_profile.this[0]",
+ "aws_iam_instance_profile.this",
+ "var.iam_instance_profile_arn"
+ ]
+ }
+ }
+ ],
+ "image_id": {
+ "references": [
+ "var.ami_id",
+ "data.aws_ami.eks_default[0].image_id",
+ "data.aws_ami.eks_default[0]",
+ "data.aws_ami.eks_default"
+ ]
+ },
+ "instance_initiated_shutdown_behavior": {
+ "references": [
+ "var.instance_initiated_shutdown_behavior"
+ ]
+ },
+ "instance_type": {
+ "references": [
+ "var.instance_type"
+ ]
+ },
+ "kernel_id": {
+ "references": [
+ "var.kernel_id"
+ ]
+ },
+ "key_name": {
+ "references": [
+ "var.key_name"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.launch_template_use_name_prefix",
+ "local.launch_template_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.launch_template_use_name_prefix",
+ "local.launch_template_name"
+ ]
+ },
+ "ram_disk_id": {
+ "references": [
+ "var.ram_disk_id"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "update_default_version": {
+ "references": [
+ "var.update_launch_template_default_version"
+ ]
+ },
+ "user_data": {
+ "references": [
+ "module.user_data.user_data",
+ "module.user_data"
+ ]
+ },
+ "vpc_security_group_ids": {
+ "references": [
+ "var.network_interfaces",
+ "local.security_group_ids"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_launch_template"
+ ]
+ },
+ "depends_on": [
+ "aws_iam_role_policy_attachment.this"
+ ]
+ },
+ {
+ "address": "data.aws_ami.eks_default",
+ "mode": "data",
+ "type": "aws_ami",
+ "name": "eks_default",
+ "provider_config_key": "aws",
+ "expressions": {
+ "filter": [
+ {
+ "name": {
+ "constant_value": "name"
+ },
+ "values": {
+ "references": [
+ "var.cluster_version"
+ ]
+ }
+ }
+ ],
+ "most_recent": {
+ "constant_value": true
+ },
+ "owners": {
+ "constant_value": [
+ "amazon"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_launch_template"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume_role_policy",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume_role_policy",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "references": [
+ "data.aws_partition.current.dns_suffix",
+ "data.aws_partition.current"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ],
+ "sid": {
+ "constant_value": "EKSNodeAssumeRole"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_iam_instance_profile"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "module_calls": {
+ "user_data": {
+ "source": "../_user_data",
+ "expressions": {
+ "bootstrap_extra_args": {
+ "references": [
+ "var.bootstrap_extra_args"
+ ]
+ },
+ "cluster_auth_base64": {
+ "references": [
+ "var.cluster_auth_base64"
+ ]
+ },
+ "cluster_endpoint": {
+ "references": [
+ "var.cluster_endpoint"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "var.cluster_name"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.create"
+ ]
+ },
+ "enable_bootstrap_user_data": {
+ "constant_value": true
+ },
+ "is_eks_managed_node_group": {
+ "constant_value": false
+ },
+ "platform": {
+ "references": [
+ "var.platform"
+ ]
+ },
+ "post_bootstrap_user_data": {
+ "references": [
+ "var.post_bootstrap_user_data"
+ ]
+ },
+ "pre_bootstrap_user_data": {
+ "references": [
+ "var.pre_bootstrap_user_data"
+ ]
+ },
+ "user_data_template_path": {
+ "references": [
+ "var.user_data_template_path"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "user_data": {
+ "expression": {
+ "references": [
+ "local.platform",
+ "var.platform"
+ ]
+ },
+ "description": "Base64 encoded user data rendered for the provided inputs"
+ }
+ },
+ "resources": [
+ {
+ "address": "data.cloudinit_config.linux_eks_managed_node_group",
+ "mode": "data",
+ "type": "cloudinit_config",
+ "name": "linux_eks_managed_node_group",
+ "provider_config_key": "module.eks.module.self_managed_node_group.module.user_data:cloudinit",
+ "expressions": {
+ "base64_encode": {
+ "constant_value": true
+ },
+ "boundary": {
+ "constant_value": "//"
+ },
+ "gzip": {
+ "constant_value": false
+ },
+ "part": [
+ {
+ "content": {
+ "references": [
+ "var.pre_bootstrap_user_data"
+ ]
+ },
+ "content_type": {
+ "constant_value": "text/x-shellscript"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.platform",
+ "var.is_eks_managed_node_group",
+ "var.enable_bootstrap_user_data",
+ "var.pre_bootstrap_user_data",
+ "var.user_data_template_path"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "bootstrap_extra_args": {
+ "default": "",
+ "description": "Additional arguments passed to the bootstrap script. When `platform` = `bottlerocket`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
+ },
+ "cluster_auth_base64": {
+ "default": "",
+ "description": "Base64 encoded CA of associated EKS cluster"
+ },
+ "cluster_endpoint": {
+ "default": "",
+ "description": "Endpoint of associated EKS cluster"
+ },
+ "cluster_name": {
+ "default": "",
+ "description": "Name of the EKS cluster"
+ },
+ "cluster_service_ipv4_cidr": {
+ "default": null,
+ "description": "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether to create user-data or not"
+ },
+ "enable_bootstrap_user_data": {
+ "default": false,
+ "description": "Determines whether the bootstrap configurations are populated within the user data template"
+ },
+ "is_eks_managed_node_group": {
+ "default": true,
+ "description": "Determines whether the user data is used on nodes in an EKS managed node group. Used to determine if user data will be appended or not"
+ },
+ "platform": {
+ "default": "linux",
+ "description": "Identifies if the OS platform is `bottlerocket`, `linux`, or `windows` based"
+ },
+ "post_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "pre_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "user_data_template_path": {
+ "default": "",
+ "description": "Path to a local, custom user data template file to use when rendering user data"
+ }
+ }
+ }
+ }
+ },
+ "variables": {
+ "ami_id": {
+ "default": "",
+ "description": "The AMI from which to launch the instance"
+ },
+ "autoscaling_group_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the autoscaling group created. Tags are applied to the autoscaling group only and are NOT propagated to instances"
+ },
+ "availability_zones": {
+ "default": null,
+ "description": "A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `subnet_ids` argument. Conflicts with `subnet_ids`"
+ },
+ "block_device_mappings": {
+ "default": {},
+ "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI"
+ },
+ "bootstrap_extra_args": {
+ "default": "",
+ "description": "Additional arguments passed to the bootstrap script. When `platform` = `bottlerocket`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
+ },
+ "capacity_rebalance": {
+ "default": null,
+ "description": "Indicates whether capacity rebalance is enabled"
+ },
+ "capacity_reservation_specification": {
+ "default": {},
+ "description": "Targeting for EC2 capacity reservations"
+ },
+ "cluster_auth_base64": {
+ "default": "",
+ "description": "Base64 encoded CA of associated EKS cluster"
+ },
+ "cluster_endpoint": {
+ "default": "",
+ "description": "Endpoint of associated EKS cluster"
+ },
+ "cluster_ip_family": {
+ "default": null,
+ "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
+ },
+ "cluster_name": {
+ "default": "",
+ "description": "Name of associated EKS cluster"
+ },
+ "cluster_primary_security_group_id": {
+ "default": null,
+ "description": "The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service"
+ },
+ "cluster_version": {
+ "default": null,
+ "description": "Kubernetes cluster version - used to lookup default AMI ID if one is not provided"
+ },
+ "context": {
+ "default": null,
+ "description": "Reserved"
+ },
+ "cpu_options": {
+ "default": {},
+ "description": "The CPU options for the instance"
+ },
+ "create": {
+ "default": true,
+ "description": "Determines whether to create self managed node group or not"
+ },
+ "create_autoscaling_group": {
+ "default": true,
+ "description": "Determines whether to create autoscaling group or not"
+ },
+ "create_iam_instance_profile": {
+ "default": true,
+ "description": "Determines whether an IAM instance profile is created or to use an existing IAM instance profile"
+ },
+ "create_launch_template": {
+ "default": true,
+ "description": "Determines whether to create launch template or not"
+ },
+ "create_schedule": {
+ "default": true,
+ "description": "Determines whether to create autoscaling group schedule or not"
+ },
+ "credit_specification": {
+ "default": {},
+ "description": "Customize the credit specification of the instance"
+ },
+ "default_cooldown": {
+ "default": null,
+ "description": "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start"
+ },
+ "default_instance_warmup": {
+ "default": null,
+ "description": "Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data"
+ },
+ "delete_timeout": {
+ "default": null,
+ "description": "Delete timeout to wait for destroying autoscaling group"
+ },
+ "desired_size": {
+ "default": 1,
+ "description": "The number of Amazon EC2 instances that should be running in the autoscaling group"
+ },
+ "disable_api_termination": {
+ "default": null,
+ "description": "If true, enables EC2 instance termination protection"
+ },
+ "ebs_optimized": {
+ "default": null,
+ "description": "If true, the launched EC2 instance will be EBS-optimized"
+ },
+ "elastic_gpu_specifications": {
+ "default": {},
+ "description": "The elastic GPU to attach to the instance"
+ },
+ "elastic_inference_accelerator": {
+ "default": {},
+ "description": "Configuration block containing an Elastic Inference Accelerator to attach to the instance"
+ },
+ "enable_monitoring": {
+ "default": true,
+ "description": "Enables/disables detailed monitoring"
+ },
+ "enabled_metrics": {
+ "default": [],
+ "description": "A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances`"
+ },
+ "enclave_options": {
+ "default": {},
+ "description": "Enable Nitro Enclaves on launched instances"
+ },
+ "force_delete": {
+ "default": null,
+ "description": "Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling"
+ },
+ "force_delete_warm_pool": {
+ "default": null,
+ "description": "Allows deleting the Auto Scaling Group without waiting for all instances in the warm pool to terminate"
+ },
+ "health_check_grace_period": {
+ "default": null,
+ "description": "Time (in seconds) after instance comes into service before checking health"
+ },
+ "health_check_type": {
+ "default": null,
+ "description": "`EC2` or `ELB`. Controls how health checking is done"
+ },
+ "hibernation_options": {
+ "default": {},
+ "description": "The hibernation options for the instance"
+ },
+ "iam_instance_profile_arn": {
+ "default": null,
+ "description": "Amazon Resource Name (ARN) of an existing IAM instance profile that provides permissions for the node group. Required if `create_iam_instance_profile` = `false`"
+ },
+ "iam_role_additional_policies": {
+ "default": {},
+ "description": "Additional policies to be added to the IAM role"
+ },
+ "iam_role_attach_cni_policy": {
+ "default": true,
+ "description": "Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster"
+ },
+ "iam_role_description": {
+ "default": null,
+ "description": "Description of the role"
+ },
+ "iam_role_name": {
+ "default": null,
+ "description": "Name to use on IAM role created"
+ },
+ "iam_role_path": {
+ "default": null,
+ "description": "IAM role path"
+ },
+ "iam_role_permissions_boundary": {
+ "default": null,
+ "description": "ARN of the policy that is used to set the permissions boundary for the IAM role"
+ },
+ "iam_role_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the IAM role created"
+ },
+ "iam_role_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether cluster IAM role name (`iam_role_name`) is used as a prefix"
+ },
+ "initial_lifecycle_hooks": {
+ "default": [],
+ "description": "One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource"
+ },
+ "instance_initiated_shutdown_behavior": {
+ "default": null,
+ "description": "Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`)"
+ },
+ "instance_market_options": {
+ "default": {},
+ "description": "The market (purchasing) option for the instance"
+ },
+ "instance_refresh": {
+ "default": {
+ "preferences": {
+ "min_healthy_percentage": 66
+ },
+ "strategy": "Rolling"
+ },
+ "description": "If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated"
+ },
+ "instance_requirements": {
+ "default": {},
+ "description": "The attribute requirements for the type of instance. If present then `instance_type` cannot be present"
+ },
+ "instance_type": {
+ "default": "",
+ "description": "The type of the instance to launch"
+ },
+ "kernel_id": {
+ "default": null,
+ "description": "The kernel ID"
+ },
+ "key_name": {
+ "default": null,
+ "description": "The key name that should be used for the instance"
+ },
+ "launch_template_default_version": {
+ "default": null,
+ "description": "Default Version of the launch template"
+ },
+ "launch_template_description": {
+ "default": null,
+ "description": "Description of the launch template"
+ },
+ "launch_template_id": {
+ "default": "",
+ "description": "The ID of an existing launch template to use. Required when `create_launch_template` = `false`"
+ },
+ "launch_template_name": {
+ "default": null,
+ "description": "Name of launch template to be created"
+ },
+ "launch_template_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the tag_specifications of launch template created"
+ },
+ "launch_template_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether to use `launch_template_name` as is or create a unique name beginning with the `launch_template_name` as the prefix"
+ },
+ "launch_template_version": {
+ "default": null,
+ "description": "Launch template version. Can be version number, `$Latest`, or `$Default`"
+ },
+ "license_specifications": {
+ "default": {},
+ "description": "A map of license specifications to associate with"
+ },
+ "maintenance_options": {
+ "default": {},
+ "description": "The maintenance options for the instance"
+ },
+ "max_instance_lifetime": {
+ "default": null,
+ "description": "The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds"
+ },
+ "max_size": {
+ "default": 3,
+ "description": "The maximum size of the autoscaling group"
+ },
+ "metadata_options": {
+ "default": {
+ "http_endpoint": "enabled",
+ "http_put_response_hop_limit": "2",
+ "http_tokens": "required"
+ },
+ "description": "Customize the metadata options for the instance"
+ },
+ "metrics_granularity": {
+ "default": null,
+ "description": "The granularity to associate with the metrics to collect. The only valid value is `1Minute`"
+ },
+ "min_elb_capacity": {
+ "default": null,
+ "description": "Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes"
+ },
+ "min_size": {
+ "default": 0,
+ "description": "The minimum size of the autoscaling group"
+ },
+ "mixed_instances_policy": {
+ "default": null,
+ "description": "Configuration block containing settings to define launch targets for Auto Scaling groups"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Self managed Node Group"
+ },
+ "network_interfaces": {
+ "default": [],
+ "description": "Customize network interfaces to be attached at instance boot time"
+ },
+ "placement": {
+ "default": {},
+ "description": "The placement of the instance"
+ },
+ "placement_group": {
+ "default": null,
+ "description": "The name of the placement group into which you'll launch your instances, if any"
+ },
+ "platform": {
+ "default": "linux",
+ "description": "Identifies if the OS platform is `bottlerocket`, `linux`, or `windows` based"
+ },
+ "post_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "pre_bootstrap_user_data": {
+ "default": "",
+ "description": "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
+ },
+ "private_dns_name_options": {
+ "default": {},
+ "description": "The options for the instance hostname. The default values are inherited from the subnet"
+ },
+ "protect_from_scale_in": {
+ "default": false,
+ "description": "Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events."
+ },
+ "ram_disk_id": {
+ "default": null,
+ "description": "The ID of the ram disk"
+ },
+ "schedules": {
+ "default": {},
+ "description": "Map of autoscaling group schedule to create"
+ },
+ "service_linked_role_arn": {
+ "default": null,
+ "description": "The ARN of the service-linked role that the ASG will use to call other AWS services"
+ },
+ "subnet_ids": {
+ "default": null,
+ "description": "A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`"
+ },
+ "suspended_processes": {
+ "default": [],
+ "description": "A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly"
+ },
+ "tag_specifications": {
+ "default": [
+ "instance",
+ "volume",
+ "network-interface"
+ ],
+ "description": "The tags to apply to the resources during launch"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "target_group_arns": {
+ "default": [],
+ "description": "A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing"
+ },
+ "termination_policies": {
+ "default": [],
+ "description": "A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`"
+ },
+ "update_launch_template_default_version": {
+ "default": true,
+ "description": "Whether to update Default Version each update. Conflicts with `launch_template_default_version`"
+ },
+ "use_mixed_instances_policy": {
+ "default": false,
+ "description": "Determines whether to use a mixed instances policy in the autoscaling group or not"
+ },
+ "use_name_prefix": {
+ "default": true,
+ "description": "Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix"
+ },
+ "user_data_template_path": {
+ "default": "",
+ "description": "Path to a local, custom user data template file to use when rendering user data"
+ },
+ "vpc_security_group_ids": {
+ "default": [],
+ "description": "A list of security group IDs to associate"
+ },
+ "wait_for_capacity_timeout": {
+ "default": null,
+ "description": "A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior."
+ },
+ "wait_for_elb_capacity": {
+ "default": null,
+ "description": "Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior."
+ },
+ "warm_pool": {
+ "default": {},
+ "description": "If this block is configured, add a Warm Pool to the specified Auto Scaling group"
+ }
+ }
+ }
+ }
+ },
+ "variables": {
+ "attach_cluster_encryption_policy": {
+ "default": true,
+ "description": "Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided"
+ },
+ "aws_auth_accounts": {
+ "default": [],
+ "description": "List of account maps to add to the aws-auth configmap"
+ },
+ "aws_auth_fargate_profile_pod_execution_role_arns": {
+ "default": [],
+ "description": "List of Fargate profile pod execution role ARNs to add to the aws-auth configmap"
+ },
+ "aws_auth_node_iam_role_arns_non_windows": {
+ "default": [],
+ "description": "List of non-Windows based node IAM role ARNs to add to the aws-auth configmap"
+ },
+ "aws_auth_node_iam_role_arns_windows": {
+ "default": [],
+ "description": "List of Windows based node IAM role ARNs to add to the aws-auth configmap"
+ },
+ "aws_auth_roles": {
+ "default": [],
+ "description": "List of role maps to add to the aws-auth configmap"
+ },
+ "aws_auth_users": {
+ "default": [],
+ "description": "List of user maps to add to the aws-auth configmap"
+ },
+ "cloudwatch_log_group_kms_key_id": {
+ "default": null,
+ "description": "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
+ },
+ "cloudwatch_log_group_retention_in_days": {
+ "default": 90,
+ "description": "Number of days to retain log events. Default retention - 90 days"
+ },
+ "cluster_additional_security_group_ids": {
+ "default": [],
+ "description": "List of additional, externally created security group IDs to attach to the cluster control plane"
+ },
+ "cluster_addons": {
+ "default": {},
+ "description": "Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name`"
+ },
+ "cluster_addons_timeouts": {
+ "default": {},
+ "description": "Create, update, and delete timeout configurations for the cluster addons"
+ },
+ "cluster_enabled_log_types": {
+ "default": [
+ "audit",
+ "api",
+ "authenticator"
+ ],
+ "description": "A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
+ },
+ "cluster_encryption_config": {
+ "default": {
+ "resources": [
+ "secrets"
+ ]
+ },
+ "description": "Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to `{}`"
+ },
+ "cluster_encryption_policy_description": {
+ "default": "Cluster encryption policy to allow cluster role to utilize CMK provided",
+ "description": "Description of the cluster encryption policy created"
+ },
+ "cluster_encryption_policy_name": {
+ "default": null,
+ "description": "Name to use on cluster encryption policy created"
+ },
+ "cluster_encryption_policy_path": {
+ "default": null,
+ "description": "Cluster encryption policy path"
+ },
+ "cluster_encryption_policy_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the cluster encryption policy created"
+ },
+ "cluster_encryption_policy_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether cluster encryption policy name (`cluster_encryption_policy_name`) is used as a prefix"
+ },
+ "cluster_endpoint_private_access": {
+ "default": true,
+ "description": "Indicates whether or not the Amazon EKS private API server endpoint is enabled"
+ },
+ "cluster_endpoint_public_access": {
+ "default": false,
+ "description": "Indicates whether or not the Amazon EKS public API server endpoint is enabled"
+ },
+ "cluster_endpoint_public_access_cidrs": {
+ "default": [
+ "0.0.0.0/0"
+ ],
+ "description": "List of CIDR blocks which can access the Amazon EKS public API server endpoint"
+ },
+ "cluster_iam_role_dns_suffix": {
+ "default": null,
+ "description": "Base DNS domain name for the current partition (e.g., amazonaws.com in AWS Commercial, amazonaws.com.cn in AWS China)"
+ },
+ "cluster_identity_providers": {
+ "default": {},
+ "description": "Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA"
+ },
+ "cluster_ip_family": {
+ "default": null,
+ "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created"
+ },
+ "cluster_name": {
+ "default": "",
+ "description": "Name of the EKS cluster"
+ },
+ "cluster_security_group_additional_rules": {
+ "default": {},
+ "description": "List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source"
+ },
+ "cluster_security_group_description": {
+ "default": "EKS cluster security group",
+ "description": "Description of the cluster security group created"
+ },
+ "cluster_security_group_id": {
+ "default": "",
+ "description": "Existing security group ID to be attached to the cluster"
+ },
+ "cluster_security_group_name": {
+ "default": null,
+ "description": "Name to use on cluster security group created"
+ },
+ "cluster_security_group_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the cluster security group created"
+ },
+ "cluster_security_group_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix"
+ },
+ "cluster_service_ipv4_cidr": {
+ "default": null,
+ "description": "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ },
+ "cluster_service_ipv6_cidr": {
+ "default": null,
+ "description": "The CIDR block to assign Kubernetes pod and service IP addresses from if `ipv6` was specified when the cluster was created. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster"
+ },
+ "cluster_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the cluster"
+ },
+ "cluster_timeouts": {
+ "default": {},
+ "description": "Create, update, and delete timeout configurations for the cluster"
+ },
+ "cluster_version": {
+ "default": null,
+ "description": "Kubernetes version to use for the EKS cluster (i.e.: `1.27`)"
+ },
+ "control_plane_subnet_ids": {
+ "default": [],
+ "description": "A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if EKS resources should be created (affects nearly all resources)"
+ },
+ "create_aws_auth_configmap": {
+ "default": false,
+ "description": "Determines whether to create the aws-auth configmap. NOTE - this is only intended for scenarios where the configmap does not exist (i.e. - when using only self-managed node groups). Most users should use `manage_aws_auth_configmap`"
+ },
+ "create_cloudwatch_log_group": {
+ "default": true,
+ "description": "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
+ },
+ "create_cluster_primary_security_group_tags": {
+ "default": true,
+ "description": "Indicates whether or not to tag the cluster's primary security group. This security group is created by the EKS service, not the module, and therefore tagging is handled after cluster creation"
+ },
+ "create_cluster_security_group": {
+ "default": true,
+ "description": "Determines if a security group is created for the cluster. Note: the EKS service creates a primary security group for the cluster by default"
+ },
+ "create_cni_ipv6_iam_policy": {
+ "default": false,
+ "description": "Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy)"
+ },
+ "create_iam_role": {
+ "default": true,
+ "description": "Determines whether a an IAM role is created or to use an existing IAM role"
+ },
+ "create_kms_key": {
+ "default": true,
+ "description": "Controls if a KMS key for cluster encryption should be created"
+ },
+ "create_node_security_group": {
+ "default": true,
+ "description": "Determines whether to create a security group for the node groups or use the existing `node_security_group_id`"
+ },
+ "custom_oidc_thumbprints": {
+ "default": [],
+ "description": "Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s)"
+ },
+ "dataplane_wait_duration": {
+ "default": "30s",
+ "description": "Duration to wait after the EKS cluster has become active before creating the dataplane components (EKS managed nodegroup(s), self-managed nodegroup(s), Fargate profile(s))"
+ },
+ "eks_managed_node_group_defaults": {
+ "default": {},
+ "description": "Map of EKS managed node group default configurations"
+ },
+ "eks_managed_node_groups": {
+ "default": {},
+ "description": "Map of EKS managed node group definitions to create"
+ },
+ "enable_irsa": {
+ "default": true,
+ "description": "Determines whether to create an OpenID Connect Provider for EKS to enable IRSA"
+ },
+ "enable_kms_key_rotation": {
+ "default": true,
+ "description": "Specifies whether key rotation is enabled. Defaults to `true`"
+ },
+ "fargate_profile_defaults": {
+ "default": {},
+ "description": "Map of Fargate Profile default configurations"
+ },
+ "fargate_profiles": {
+ "default": {},
+ "description": "Map of Fargate Profile definitions to create"
+ },
+ "iam_role_additional_policies": {
+ "default": {},
+ "description": "Additional policies to be added to the IAM role"
+ },
+ "iam_role_arn": {
+ "default": null,
+ "description": "Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false`"
+ },
+ "iam_role_description": {
+ "default": null,
+ "description": "Description of the role"
+ },
+ "iam_role_name": {
+ "default": null,
+ "description": "Name to use on IAM role created"
+ },
+ "iam_role_path": {
+ "default": null,
+ "description": "Cluster IAM role path"
+ },
+ "iam_role_permissions_boundary": {
+ "default": null,
+ "description": "ARN of the policy that is used to set the permissions boundary for the IAM role"
+ },
+ "iam_role_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the IAM role created"
+ },
+ "iam_role_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
+ },
+ "kms_key_administrators": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key administrators](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-administrators). If no value is provided, the current caller identity is used to ensure at least one key admin is available"
+ },
+ "kms_key_aliases": {
+ "default": [],
+ "description": "A list of aliases to create. Note - due to the use of `toset()`, values must be static strings and not computed values"
+ },
+ "kms_key_deletion_window_in_days": {
+ "default": null,
+ "description": "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`"
+ },
+ "kms_key_description": {
+ "default": null,
+ "description": "The description of the key as viewed in AWS console"
+ },
+ "kms_key_enable_default_policy": {
+ "default": false,
+ "description": "Specifies whether to enable the default key policy. Defaults to `false`"
+ },
+ "kms_key_override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "kms_key_owners": {
+ "default": [],
+ "description": "A list of IAM ARNs for those who will have full key permissions (`kms:*`)"
+ },
+ "kms_key_service_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key service users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-service-integration)"
+ },
+ "kms_key_source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "kms_key_users": {
+ "default": [],
+ "description": "A list of IAM ARNs for [key users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-users)"
+ },
+ "manage_aws_auth_configmap": {
+ "default": false,
+ "description": "Determines whether to manage the aws-auth configmap"
+ },
+ "node_security_group_additional_rules": {
+ "default": {},
+ "description": "List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source"
+ },
+ "node_security_group_description": {
+ "default": "EKS node shared security group",
+ "description": "Description of the node security group created"
+ },
+ "node_security_group_enable_recommended_rules": {
+ "default": true,
+ "description": "Determines whether to enable recommended security group rules for the node security group created. This includes node-to-node TCP ingress on ephemeral ports and allows all egress traffic"
+ },
+ "node_security_group_id": {
+ "default": "",
+ "description": "ID of an existing security group to attach to the node groups created"
+ },
+ "node_security_group_name": {
+ "default": null,
+ "description": "Name to use on node security group created"
+ },
+ "node_security_group_tags": {
+ "default": {},
+ "description": "A map of additional tags to add to the node security group created"
+ },
+ "node_security_group_use_name_prefix": {
+ "default": true,
+ "description": "Determines whether node security group name (`node_security_group_name`) is used as a prefix"
+ },
+ "openid_connect_audiences": {
+ "default": [],
+ "description": "List of OpenID Connect audience client IDs to add to the IRSA provider"
+ },
+ "outpost_config": {
+ "default": {},
+ "description": "Configuration for the AWS Outpost to provision the cluster on"
+ },
+ "prefix_separator": {
+ "default": "-",
+ "description": "The separator to use between the prefix and the generated timestamp for resource names"
+ },
+ "putin_khuylo": {
+ "default": true,
+ "description": "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ },
+ "self_managed_node_group_defaults": {
+ "default": {},
+ "description": "Map of self-managed node group default configurations"
+ },
+ "self_managed_node_groups": {
+ "default": {},
+ "description": "Map of self-managed node group definitions to create"
+ },
+ "subnet_ids": {
+ "default": [],
+ "description": "A list of subnet IDs where the nodes/node groups will be provisioned. If `control_plane_subnet_ids` is not provided, the EKS cluster control plane (ENIs) will be provisioned in these subnets"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "vpc_id": {
+ "default": null,
+ "description": "ID of the VPC where the cluster security group will be provisioned"
+ }
+ }
+ },
+ "version_constraint": "~> 19.16"
+ },
+ "eks_blueprints_addons": {
+ "source": "aws-ia/eks-blueprints-addons/aws",
+ "expressions": {
+ "aws_load_balancer_controller": {
+ "references": [
+ "module.vpc.vpc_id",
+ "module.vpc"
+ ]
+ },
+ "cluster_endpoint": {
+ "references": [
+ "module.eks.cluster_endpoint",
+ "module.eks"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "module.eks.cluster_name",
+ "module.eks"
+ ]
+ },
+ "cluster_version": {
+ "references": [
+ "module.eks.cluster_version",
+ "module.eks"
+ ]
+ },
+ "create_delay_dependencies": {
+ "references": [
+ "module.eks.fargate_profiles",
+ "module.eks"
+ ]
+ },
+ "eks_addons": {},
+ "enable_aws_load_balancer_controller": {
+ "constant_value": true
+ },
+ "enable_fargate_fluentbit": {
+ "constant_value": true
+ },
+ "fargate_fluentbit": {
+ "constant_value": {
+ "flb_log_cw": true
+ }
+ },
+ "oidc_provider_arn": {
+ "references": [
+ "module.eks.oidc_provider_arn",
+ "module.eks"
+ ]
+ },
+ "tags": {
+ "references": [
+ "local.tags"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "argo_events": {
+ "expression": {
+ "references": [
+ "module.argo_events"
+ ]
+ },
+ "description": "Map of attributes of the Helm release created"
+ },
+ "argo_rollouts": {
+ "expression": {
+ "references": [
+ "module.argo_rollouts"
+ ]
+ },
+ "description": "Map of attributes of the Helm release created"
+ },
+ "argo_workflows": {
+ "expression": {
+ "references": [
+ "module.argo_workflows"
+ ]
+ },
+ "description": "Map of attributes of the Helm release created"
+ },
+ "argocd": {
+ "expression": {
+ "references": [
+ "module.argocd"
+ ]
+ },
+ "description": "Map of attributes of the Helm release created"
+ },
+ "aws_cloudwatch_metrics": {
+ "expression": {
+ "references": [
+ "module.aws_cloudwatch_metrics"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_efs_csi_driver": {
+ "expression": {
+ "references": [
+ "module.aws_efs_csi_driver"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_for_fluentbit": {
+ "expression": {
+ "references": [
+ "module.aws_for_fluentbit"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_fsx_csi_driver": {
+ "expression": {
+ "references": [
+ "module.aws_fsx_csi_driver"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_gateway_api_controller": {
+ "expression": {
+ "references": [
+ "module.aws_gateway_api_controller"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_load_balancer_controller": {
+ "expression": {
+ "references": [
+ "module.aws_load_balancer_controller"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_node_termination_handler": {
+ "expression": {
+ "references": [
+ "module.aws_node_termination_handler",
+ "module.aws_node_termination_handler_sqs"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "aws_privateca_issuer": {
+ "expression": {
+ "references": [
+ "module.aws_privateca_issuer"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "cert_manager": {
+ "expression": {
+ "references": [
+ "module.cert_manager"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "cluster_autoscaler": {
+ "expression": {
+ "references": [
+ "module.cluster_autoscaler"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "cluster_proportional_autoscaler": {
+ "expression": {
+ "references": [
+ "module.cluster_proportional_autoscaler"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "eks_addons": {
+ "expression": {
+ "references": [
+ "aws_eks_addon.this"
+ ]
+ },
+ "description": "Map of attributes for each EKS addons enabled"
+ },
+ "external_dns": {
+ "expression": {
+ "references": [
+ "module.external_dns"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "external_secrets": {
+ "expression": {
+ "references": [
+ "module.external_secrets"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "fargate_fluentbit": {
+ "expression": {
+ "references": [
+ "kubernetes_config_map_v1.aws_logging",
+ "aws_iam_policy.fargate_fluentbit"
+ ]
+ },
+ "description": "Map of attributes of the configmap and IAM policy created"
+ },
+ "gatekeeper": {
+ "expression": {
+ "references": [
+ "module.gatekeeper"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "gitops_metadata": {
+ "expression": {
+ "references": [
+ "module.cert_manager.iam_role_arn",
+ "module.cert_manager",
+ "local.cert_manager_namespace",
+ "local.cert_manager_service_account",
+ "var.enable_cert_manager",
+ "module.cluster_autoscaler.iam_role_arn",
+ "module.cluster_autoscaler",
+ "local.cluster_autoscaler_namespace",
+ "local.cluster_autoscaler_service_account",
+ "var.enable_cluster_autoscaler",
+ "module.aws_cloudwatch_metrics.iam_role_arn",
+ "module.aws_cloudwatch_metrics",
+ "local.aws_cloudwatch_metrics_namespace",
+ "local.aws_cloudwatch_metrics_service_account",
+ "var.enable_aws_cloudwatch_metrics",
+ "module.aws_efs_csi_driver.iam_role_arn",
+ "module.aws_efs_csi_driver",
+ "local.aws_efs_csi_driver_namespace",
+ "local.aws_efs_csi_driver_controller_service_account",
+ "local.aws_efs_csi_driver_node_service_account",
+ "var.enable_aws_efs_csi_driver",
+ "module.aws_fsx_csi_driver.iam_role_arn",
+ "module.aws_fsx_csi_driver",
+ "local.aws_fsx_csi_driver_namespace",
+ "local.aws_fsx_csi_driver_controller_service_account",
+ "local.aws_fsx_csi_driver_node_service_account",
+ "var.enable_aws_fsx_csi_driver",
+ "module.aws_privateca_issuer.iam_role_arn",
+ "module.aws_privateca_issuer",
+ "local.aws_privateca_issuer_namespace",
+ "local.aws_privateca_issuer_service_account",
+ "var.enable_aws_privateca_issuer",
+ "module.external_dns.iam_role_arn",
+ "module.external_dns",
+ "local.external_dns_namespace",
+ "local.external_dns_service_account",
+ "var.enable_external_dns",
+ "module.external_secrets.iam_role_arn",
+ "module.external_secrets",
+ "local.external_secrets_namespace",
+ "local.external_secrets_service_account",
+ "var.enable_external_secrets",
+ "module.aws_load_balancer_controller.iam_role_arn",
+ "module.aws_load_balancer_controller",
+ "local.aws_load_balancer_controller_namespace",
+ "local.aws_load_balancer_controller_service_account",
+ "var.enable_aws_load_balancer_controller",
+ "module.aws_for_fluentbit.iam_role_arn",
+ "module.aws_for_fluentbit",
+ "local.aws_for_fluentbit_namespace",
+ "local.aws_for_fluentbit_service_account",
+ "aws_cloudwatch_log_group.aws_for_fluentbit[0].name",
+ "aws_cloudwatch_log_group.aws_for_fluentbit[0]",
+ "aws_cloudwatch_log_group.aws_for_fluentbit",
+ "var.enable_aws_for_fluentbit",
+ "module.aws_node_termination_handler.iam_role_arn",
+ "module.aws_node_termination_handler",
+ "local.aws_node_termination_handler_namespace",
+ "local.aws_node_termination_handler_service_account",
+ "module.aws_node_termination_handler_sqs.queue_url",
+ "module.aws_node_termination_handler_sqs",
+ "var.enable_aws_node_termination_handler",
+ "module.karpenter.iam_role_arn",
+ "module.karpenter",
+ "local.karpenter_namespace",
+ "local.karpenter_service_account_name",
+ "module.karpenter_sqs.queue_name",
+ "module.karpenter_sqs",
+ "local.karpenter_node_instance_profile_name",
+ "var.enable_karpenter",
+ "module.velero.iam_role_arn",
+ "module.velero",
+ "local.velero_namespace",
+ "local.velero_service_account",
+ "var.enable_velero",
+ "module.aws_gateway_api_controller.iam_role_arn",
+ "module.aws_gateway_api_controller",
+ "local.aws_gateway_api_controller_namespace",
+ "local.aws_gateway_api_controller_service_account",
+ "var.enable_aws_gateway_api_controller",
+ "var.fargate_fluentbit.cwlog_group",
+ "var.fargate_fluentbit",
+ "aws_cloudwatch_log_group.fargate_fluentbit[0].name",
+ "aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "aws_cloudwatch_log_group.fargate_fluentbit",
+ "local.fargate_fluentbit_cwlog_stream_prefix",
+ "var.enable_fargate_fluentbit"
+ ]
+ },
+ "description": "GitOps Bridge metadata"
+ },
+ "helm_releases": {
+ "expression": {
+ "references": [
+ "helm_release.this"
+ ]
+ },
+ "description": "Map of attributes of the Helm release created"
+ },
+ "ingress_nginx": {
+ "expression": {
+ "references": [
+ "module.ingress_nginx"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "karpenter": {
+ "expression": {
+ "references": [
+ "module.karpenter",
+ "aws_iam_instance_profile.karpenter[0].name",
+ "aws_iam_instance_profile.karpenter[0]",
+ "aws_iam_instance_profile.karpenter",
+ "aws_iam_role.karpenter[0].arn",
+ "aws_iam_role.karpenter[0]",
+ "aws_iam_role.karpenter",
+ "module.karpenter_sqs"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "kube_prometheus_stack": {
+ "expression": {
+ "references": [
+ "module.kube_prometheus_stack"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "metrics_server": {
+ "expression": {
+ "references": [
+ "module.metrics_server"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "secrets_store_csi_driver": {
+ "expression": {
+ "references": [
+ "module.secrets_store_csi_driver"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "secrets_store_csi_driver_provider_aws": {
+ "expression": {
+ "references": [
+ "module.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "velero": {
+ "expression": {
+ "references": [
+ "module.velero"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ },
+ "vpa": {
+ "expression": {
+ "references": [
+ "module.vpa"
+ ]
+ },
+ "description": "Map of attributes of the Helm release and IRSA created"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_autoscaling_group_tag.aws_node_termination_handler",
+ "mode": "managed",
+ "type": "aws_autoscaling_group_tag",
+ "name": "aws_node_termination_handler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "autoscaling_group_name": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "tag": [
+ {
+ "key": {
+ "constant_value": "aws-node-termination-handler/managed"
+ },
+ "propagate_at_launch": {
+ "constant_value": true
+ },
+ "value": {
+ "constant_value": "true"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.aws_node_termination_handler_asg_arns",
+ "var.enable_aws_node_termination_handler"
+ ]
+ }
+ },
+ {
+ "address": "aws_autoscaling_lifecycle_hook.aws_node_termination_handler",
+ "mode": "managed",
+ "type": "aws_autoscaling_lifecycle_hook",
+ "name": "aws_node_termination_handler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "autoscaling_group_name": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "default_result": {
+ "constant_value": "CONTINUE"
+ },
+ "heartbeat_timeout": {
+ "constant_value": 300
+ },
+ "lifecycle_transition": {
+ "constant_value": "autoscaling:EC2_INSTANCE_TERMINATING"
+ },
+ "name": {
+ "constant_value": "aws_node_termination_handler"
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.aws_node_termination_handler_asg_arns",
+ "var.enable_aws_node_termination_handler"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_event_rule.aws_node_termination_handler",
+ "mode": "managed",
+ "type": "aws_cloudwatch_event_rule",
+ "name": "aws_node_termination_handler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "each.value.description",
+ "each.value"
+ ]
+ },
+ "event_pattern": {
+ "references": [
+ "each.value.event_pattern",
+ "each.value"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "each.value.name",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.cluster_name",
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.aws_node_termination_handler_events",
+ "var.enable_aws_node_termination_handler"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_event_rule.karpenter",
+ "mode": "managed",
+ "type": "aws_cloudwatch_event_rule",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "each.value.description",
+ "each.value"
+ ]
+ },
+ "event_pattern": {
+ "references": [
+ "each.value.event_pattern",
+ "each.value"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "each.value.name",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.cluster_name",
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.ec2_events",
+ "local.karpenter_enable_spot_termination"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_event_target.aws_node_termination_handler",
+ "mode": "managed",
+ "type": "aws_cloudwatch_event_target",
+ "name": "aws_node_termination_handler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "arn": {
+ "references": [
+ "module.aws_node_termination_handler_sqs.queue_arn",
+ "module.aws_node_termination_handler_sqs"
+ ]
+ },
+ "rule": {
+ "references": [
+ "aws_cloudwatch_event_rule.aws_node_termination_handler",
+ "each.key"
+ ]
+ },
+ "target_id": {
+ "constant_value": "AWSNodeTerminationHandlerQueueTarget"
+ }
+ },
+ "schema_version": 1,
+ "for_each_expression": {
+ "references": [
+ "local.aws_node_termination_handler_events",
+ "var.enable_aws_node_termination_handler"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_event_target.karpenter",
+ "mode": "managed",
+ "type": "aws_cloudwatch_event_target",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "arn": {
+ "references": [
+ "module.karpenter_sqs.queue_arn",
+ "module.karpenter_sqs"
+ ]
+ },
+ "rule": {
+ "references": [
+ "aws_cloudwatch_event_rule.karpenter",
+ "each.key"
+ ]
+ },
+ "target_id": {
+ "constant_value": "KarpenterQueueTarget"
+ }
+ },
+ "schema_version": 1,
+ "for_each_expression": {
+ "references": [
+ "local.ec2_events",
+ "local.karpenter_enable_spot_termination"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_log_group.aws_for_fluentbit",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "aws_for_fluentbit",
+ "provider_config_key": "aws",
+ "expressions": {
+ "kms_key_id": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.kms_key_arn",
+ "var.aws_for_fluentbit_cw_log_group"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.use_name_prefix",
+ "var.aws_for_fluentbit_cw_log_group",
+ "local.aws_for_fluentbit_cw_log_group_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.use_name_prefix",
+ "var.aws_for_fluentbit_cw_log_group",
+ "var.aws_for_fluentbit_cw_log_group.name_prefix",
+ "var.aws_for_fluentbit_cw_log_group",
+ "local.aws_for_fluentbit_cw_log_group_name"
+ ]
+ },
+ "retention_in_days": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.retention",
+ "var.aws_for_fluentbit_cw_log_group"
+ ]
+ },
+ "skip_destroy": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.skip_destroy",
+ "var.aws_for_fluentbit_cw_log_group"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.aws_for_fluentbit_cw_log_group.tags",
+ "var.aws_for_fluentbit_cw_log_group"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.create",
+ "var.aws_for_fluentbit_cw_log_group",
+ "var.enable_aws_for_fluentbit"
+ ]
+ }
+ },
+ {
+ "address": "aws_cloudwatch_log_group.fargate_fluentbit",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "fargate_fluentbit",
+ "provider_config_key": "aws",
+ "expressions": {
+ "kms_key_id": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.kms_key_arn",
+ "var.fargate_fluentbit_cw_log_group"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.use_name_prefix",
+ "var.fargate_fluentbit_cw_log_group",
+ "local.fargate_fluentbit_cw_log_group_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.use_name_prefix",
+ "var.fargate_fluentbit_cw_log_group",
+ "local.fargate_fluentbit_cw_log_group_name"
+ ]
+ },
+ "retention_in_days": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.retention",
+ "var.fargate_fluentbit_cw_log_group"
+ ]
+ },
+ "skip_destroy": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.skip_destroy",
+ "var.fargate_fluentbit_cw_log_group"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.fargate_fluentbit_cw_log_group.tags",
+ "var.fargate_fluentbit_cw_log_group"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.create",
+ "var.fargate_fluentbit_cw_log_group",
+ "var.enable_fargate_fluentbit"
+ ]
+ }
+ },
+ {
+ "address": "aws_eks_addon.this",
+ "mode": "managed",
+ "type": "aws_eks_addon",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "addon_name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "addon_version": {
+ "references": [
+ "each.value.addon_version",
+ "each.value",
+ "data.aws_eks_addon_version.this",
+ "each.key"
+ ]
+ },
+ "cluster_name": {
+ "references": [
+ "local.cluster_name"
+ ]
+ },
+ "configuration_values": {
+ "references": [
+ "each.value.configuration_values",
+ "each.value"
+ ]
+ },
+ "preserve": {
+ "references": [
+ "each.value.preserve",
+ "each.value"
+ ]
+ },
+ "resolve_conflicts_on_create": {
+ "references": [
+ "each.value.resolve_conflicts",
+ "each.value"
+ ]
+ },
+ "resolve_conflicts_on_update": {
+ "references": [
+ "each.value.resolve_conflicts",
+ "each.value"
+ ]
+ },
+ "service_account_role_arn": {
+ "references": [
+ "each.value.service_account_role_arn",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "references": [
+ "each.value.timeouts.create",
+ "each.value.timeouts",
+ "each.value",
+ "var.eks_addons_timeouts.create",
+ "var.eks_addons_timeouts"
+ ]
+ },
+ "delete": {
+ "references": [
+ "each.value.timeouts.delete",
+ "each.value.timeouts",
+ "each.value",
+ "var.eks_addons_timeouts.delete",
+ "var.eks_addons_timeouts"
+ ]
+ },
+ "update": {
+ "references": [
+ "each.value.timeouts.update",
+ "each.value.timeouts",
+ "each.value",
+ "var.eks_addons_timeouts.update",
+ "var.eks_addons_timeouts"
+ ]
+ }
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.eks_addons"
+ ]
+ },
+ "depends_on": [
+ "module.cert_manager.name",
+ "module.cert_manager.namespace"
+ ]
+ },
+ {
+ "address": "aws_iam_instance_profile.karpenter",
+ "mode": "managed",
+ "type": "aws_iam_instance_profile",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "name": {
+ "references": [
+ "var.karpenter_node.iam_role_use_name_prefix",
+ "var.karpenter_node",
+ "local.karpenter_node_iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.karpenter_node.iam_role_use_name_prefix",
+ "var.karpenter_node",
+ "local.karpenter_node_iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.karpenter_node.iam_role_path",
+ "var.karpenter_node"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.karpenter[0].name",
+ "aws_iam_role.karpenter[0]",
+ "aws_iam_role.karpenter",
+ "var.karpenter_node.iam_role_name",
+ "var.karpenter_node"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.karpenter_node.instance_profile_tags",
+ "var.karpenter_node"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_karpenter",
+ "var.karpenter_node.create_instance_profile",
+ "var.karpenter_node"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_policy.fargate_fluentbit",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "fargate_fluentbit",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.fargate_fluentbit.policy_description",
+ "var.fargate_fluentbit"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.fargate_fluentbit.policy_name_use_prefix",
+ "var.fargate_fluentbit",
+ "local.fargate_fluentbit_policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.fargate_fluentbit.policy_name_use_prefix",
+ "var.fargate_fluentbit",
+ "var.fargate_fluentbit.policy_name_prefix",
+ "var.fargate_fluentbit",
+ "local.fargate_fluentbit_policy_name"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.fargate_fluentbit[0].json",
+ "data.aws_iam_policy_document.fargate_fluentbit[0]",
+ "data.aws_iam_policy_document.fargate_fluentbit"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.create",
+ "var.fargate_fluentbit_cw_log_group",
+ "var.enable_fargate_fluentbit"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.karpenter",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.karpenter_assume_role[0].json",
+ "data.aws_iam_policy_document.karpenter_assume_role[0]",
+ "data.aws_iam_policy_document.karpenter_assume_role"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.karpenter_node.iam_role_description",
+ "var.karpenter_node"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.karpenter_node.iam_role_max_session_duration",
+ "var.karpenter_node"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.karpenter_node.iam_role_use_name_prefix",
+ "var.karpenter_node",
+ "local.karpenter_node_iam_role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.karpenter_node.iam_role_use_name_prefix",
+ "var.karpenter_node",
+ "local.karpenter_node_iam_role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.karpenter_node.iam_role_path",
+ "var.karpenter_node"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.karpenter_node.iam_role_permissions_boundary",
+ "var.karpenter_node"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.karpenter_node.iam_role_tags",
+ "var.karpenter_node"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_karpenter_node_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.karpenter[0].name",
+ "aws_iam_role.karpenter[0]",
+ "aws_iam_role.karpenter"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.karpenter_node.iam_role_additional_policies",
+ "var.karpenter_node",
+ "local.create_karpenter_node_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.karpenter",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.karpenter[0].name",
+ "aws_iam_role.karpenter[0]",
+ "aws_iam_role.karpenter"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "local.iam_role_policy_prefix",
+ "local.create_karpenter_node_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "each.value.atomic",
+ "each.value"
+ ]
+ },
+ "chart": {
+ "references": [
+ "each.value.chart",
+ "each.value"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "each.value.cleanup_on_fail",
+ "each.value"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "each.value.create_namespace",
+ "each.value"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "each.value.dependency_update",
+ "each.value"
+ ]
+ },
+ "description": {
+ "references": [
+ "each.value.description",
+ "each.value"
+ ]
+ },
+ "devel": {
+ "references": [
+ "each.value.devel",
+ "each.value"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "each.value.disable_openapi_validation",
+ "each.value"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "each.value.disable_webhooks",
+ "each.value"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "each.value.force_update",
+ "each.value"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "each.value.keyring",
+ "each.value"
+ ]
+ },
+ "lint": {
+ "references": [
+ "each.value.lint",
+ "each.value"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "each.value.max_history",
+ "each.value"
+ ]
+ },
+ "name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "each.value.namespace",
+ "each.value"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "each.value.recreate_pods",
+ "each.value"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "each.value.render_subchart_notes",
+ "each.value"
+ ]
+ },
+ "replace": {
+ "references": [
+ "each.value.replace",
+ "each.value"
+ ]
+ },
+ "repository": {
+ "references": [
+ "each.value.repository",
+ "each.value"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "each.value.repository_ca_file",
+ "each.value"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "each.value.repository_cert_file",
+ "each.value"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "each.value.repository_key_file",
+ "each.value"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "each.value.repository_password",
+ "each.value"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "each.value.repository_username",
+ "each.value"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "each.value.reset_values",
+ "each.value"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "each.value.reuse_values",
+ "each.value"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "each.value.skip_crds",
+ "each.value"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "each.value.timeout",
+ "each.value"
+ ]
+ },
+ "values": {
+ "references": [
+ "each.value.values",
+ "each.value"
+ ]
+ },
+ "verify": {
+ "references": [
+ "each.value.verify",
+ "each.value"
+ ]
+ },
+ "version": {
+ "references": [
+ "each.value.chart_version",
+ "each.value"
+ ]
+ },
+ "wait": {
+ "references": [
+ "each.value.wait",
+ "each.value"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "each.value.wait_for_jobs",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "for_each_expression": {
+ "references": [
+ "var.helm_releases"
+ ]
+ },
+ "depends_on": [
+ "aws_eks_addon.this"
+ ]
+ },
+ {
+ "address": "kubernetes_config_map_v1.aws_logging",
+ "mode": "managed",
+ "type": "kubernetes_config_map_v1",
+ "name": "aws_logging",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "data": {
+ "references": [
+ "var.fargate_fluentbit.parsers_conf",
+ "var.fargate_fluentbit",
+ "var.fargate_fluentbit.filters_conf",
+ "var.fargate_fluentbit",
+ "var.fargate_fluentbit.output_conf",
+ "var.fargate_fluentbit",
+ "local.region",
+ "var.fargate_fluentbit.cwlog_group",
+ "var.fargate_fluentbit",
+ "aws_cloudwatch_log_group.fargate_fluentbit[0].name",
+ "aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "aws_cloudwatch_log_group.fargate_fluentbit",
+ "local.fargate_fluentbit_cwlog_stream_prefix",
+ "var.fargate_fluentbit.flb_log_cw",
+ "var.fargate_fluentbit"
+ ]
+ },
+ "metadata": [
+ {
+ "name": {
+ "constant_value": "aws-logging"
+ },
+ "namespace": {
+ "references": [
+ "kubernetes_namespace_v1.aws_observability[0].id",
+ "kubernetes_namespace_v1.aws_observability[0]",
+ "kubernetes_namespace_v1.aws_observability"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_fargate_fluentbit",
+ "var.create_kubernetes_resources"
+ ]
+ }
+ },
+ {
+ "address": "kubernetes_config_map_v1_data.aws_for_fluentbit_containerinsights",
+ "mode": "managed",
+ "type": "kubernetes_config_map_v1_data",
+ "name": "aws_for_fluentbit_containerinsights",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "data": {
+ "references": [
+ "var.aws_for_fluentbit.fluentbit_conf",
+ "var.aws_for_fluentbit",
+ "var.aws_for_fluentbit.application_log_conf",
+ "var.aws_for_fluentbit",
+ "var.aws_for_fluentbit.kubelet_monitoring",
+ "var.aws_for_fluentbit",
+ "var.aws_for_fluentbit.kubelet_monitoring",
+ "var.aws_for_fluentbit",
+ "local.region",
+ "local.cluster_name",
+ "var.aws_for_fluentbit.dataplane_log_conf",
+ "var.aws_for_fluentbit",
+ "local.region",
+ "local.cluster_name",
+ "var.aws_for_fluentbit.host_log_conf",
+ "var.aws_for_fluentbit",
+ "local.region",
+ "local.cluster_name",
+ "var.aws_for_fluentbit.parsers_conf",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "force": {
+ "constant_value": true
+ },
+ "metadata": [
+ {
+ "name": {
+ "constant_value": "aws-for-fluent-bit"
+ },
+ "namespace": {
+ "references": [
+ "local.aws_for_fluentbit_namespace"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_for_fluentbit",
+ "var.aws_for_fluentbit.enable_containerinsights",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "depends_on": [
+ "module.aws_for_fluentbit"
+ ]
+ },
+ {
+ "address": "kubernetes_namespace_v1.aws_observability",
+ "mode": "managed",
+ "type": "kubernetes_namespace_v1",
+ "name": "aws_observability",
+ "provider_config_key": "kubernetes",
+ "expressions": {
+ "metadata": [
+ {
+ "labels": {
+ "constant_value": {
+ "aws-observability": "enabled"
+ }
+ },
+ "name": {
+ "constant_value": "aws-observability"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_fargate_fluentbit",
+ "var.create_kubernetes_resources"
+ ]
+ }
+ },
+ {
+ "address": "time_sleep.this",
+ "mode": "managed",
+ "type": "time_sleep",
+ "name": "this",
+ "provider_config_key": "module.eks_blueprints_addons:time",
+ "expressions": {
+ "create_duration": {
+ "references": [
+ "var.create_delay_duration"
+ ]
+ },
+ "triggers": {
+ "references": [
+ "var.cluster_endpoint",
+ "var.cluster_name",
+ "var.create_delay_dependencies",
+ "var.oidc_provider_arn"
+ ]
+ }
+ },
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_eks_addon_version.this",
+ "mode": "data",
+ "type": "aws_eks_addon_version",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "addon_name": {
+ "references": [
+ "each.value.name",
+ "each.value",
+ "each.key"
+ ]
+ },
+ "kubernetes_version": {
+ "references": [
+ "var.cluster_version"
+ ]
+ },
+ "most_recent": {
+ "references": [
+ "each.value.most_recent",
+ "each.value"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.eks_addons"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_efs_csi_driver",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_efs_csi_driver",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:DescribeAvailabilityZones"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowDescribeAvailabilityZones"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticfilesystem:DescribeAccessPoints",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeMountTargets"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.efs_arns",
+ "local.efs_access_point_arns"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowDescribeFileSystems"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticfilesystem:CreateAccessPoint",
+ "elasticfilesystem:TagResource"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringLike"
+ },
+ "values": {
+ "constant_value": [
+ "true"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/efs.csi.aws.com/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.efs_arns"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticfilesystem:DeleteAccessPoint"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringLike"
+ },
+ "values": {
+ "constant_value": [
+ "true"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:ResourceTag/efs.csi.aws.com/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.efs_access_point_arns"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowDeleteAccessPoint"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticfilesystem:ClientRootAccess",
+ "elasticfilesystem:ClientWrite",
+ "elasticfilesystem:ClientMount"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Bool"
+ },
+ "values": {
+ "constant_value": [
+ "true"
+ ]
+ },
+ "variable": {
+ "constant_value": "elasticfilesystem:AccessedViaMountTarget"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.efs_arns"
+ ]
+ },
+ "sid": {
+ "constant_value": "ClientReadWrite"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_efs_csi_driver"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_for_fluentbit",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_for_fluentbit",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_for_fluentbit"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.aws_for_fluentbit_cw_log_group.create",
+ "var.aws_for_fluentbit_cw_log_group",
+ "var.aws_for_fluentbit",
+ "var.enable_aws_for_fluentbit"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_fsx_csi_driver",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_fsx_csi_driver",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "iam:CreateServiceLinkedRole",
+ "iam:AttachRolePolicy",
+ "iam:PutRolePolicy"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.dns_suffix"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowCreateServiceLinkedRoles"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "iam:CreateServiceLinkedRole"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringLike"
+ },
+ "values": {
+ "references": [
+ "local.dns_suffix"
+ ]
+ },
+ "variable": {
+ "constant_value": "iam:AWSServiceName"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.account_id"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowCreateServiceLinkedRole"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "s3:ListBucket"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition"
+ ]
+ },
+ "sid": {
+ "constant_value": "AllowListBuckets"
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "fsx:CreateFileSystem",
+ "fsx:DeleteFileSystem",
+ "fsx:UpdateFileSystem"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region",
+ "local.account_id"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "fsx:DescribeFileSystems",
+ "fsx:TagResource"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region",
+ "local.account_id"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_fsx_csi_driver"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_gateway_api_controller",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_gateway_api_controller",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "vpc-lattice:*",
+ "iam:CreateServiceLinkedRole",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeTags"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_gateway_api_controller"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_load_balancer_controller",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_load_balancer_controller",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "iam:CreateServiceLinkedRole"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringEquals"
+ },
+ "values": {
+ "references": [
+ "local.dns_suffix"
+ ]
+ },
+ "variable": {
+ "constant_value": "iam:AWSServiceName"
+ }
+ }
+ ],
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeVpcPeeringConnections",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeInstances",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeTags",
+ "ec2:GetCoipPoolUsage",
+ "ec2:DescribeCoipPools",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeListenerCertificates",
+ "elasticloadbalancing:DescribeSSLPolicies",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeTargetGroups",
+ "elasticloadbalancing:DescribeTargetGroupAttributes",
+ "elasticloadbalancing:DescribeTargetHealth",
+ "elasticloadbalancing:DescribeTags"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "cognito-idp:DescribeUserPoolClient",
+ "acm:ListCertificates",
+ "acm:DescribeCertificate",
+ "iam:ListServerCertificates",
+ "iam:GetServerCertificate",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource",
+ "waf-regional:AssociateWebACL",
+ "waf-regional:DisassociateWebACL",
+ "wafv2:GetWebACL",
+ "wafv2:GetWebACLForResource",
+ "wafv2:AssociateWebACL",
+ "wafv2:DisassociateWebACL",
+ "shield:GetSubscriptionState",
+ "shield:DescribeProtection",
+ "shield:CreateProtection",
+ "shield:DeleteProtection"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:RevokeSecurityGroupIngress"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateSecurityGroup"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateTags"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringEquals"
+ },
+ "values": {
+ "constant_value": [
+ "CreateSecurityGroup"
+ ]
+ },
+ "variable": {
+ "constant_value": "ec2:CreateAction"
+ }
+ },
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "true"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ },
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:DeleteSecurityGroup"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:CreateLoadBalancer",
+ "elasticloadbalancing:CreateTargetGroup"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:CreateListener",
+ "elasticloadbalancing:DeleteListener",
+ "elasticloadbalancing:CreateRule",
+ "elasticloadbalancing:DeleteRule"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:AddTags",
+ "elasticloadbalancing:RemoveTags"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "true"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ },
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.partition",
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:AddTags",
+ "elasticloadbalancing:RemoveTags"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.partition",
+ "local.partition",
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:ModifyLoadBalancerAttributes",
+ "elasticloadbalancing:SetIpAddressType",
+ "elasticloadbalancing:SetSecurityGroups",
+ "elasticloadbalancing:SetSubnets",
+ "elasticloadbalancing:DeleteLoadBalancer",
+ "elasticloadbalancing:ModifyTargetGroup",
+ "elasticloadbalancing:ModifyTargetGroupAttributes",
+ "elasticloadbalancing:DeleteTargetGroup"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:ResourceTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:AddTags"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringEquals"
+ },
+ "values": {
+ "constant_value": [
+ "CreateTargetGroup",
+ "CreateLoadBalancer"
+ ]
+ },
+ "variable": {
+ "constant_value": "elasticloadbalancing:CreateAction"
+ }
+ },
+ {
+ "test": {
+ "constant_value": "Null"
+ },
+ "values": {
+ "constant_value": [
+ "false"
+ ]
+ },
+ "variable": {
+ "constant_value": "aws:RequestTag/elbv2.k8s.aws/cluster"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.partition",
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:RegisterTargets",
+ "elasticloadbalancing:DeregisterTargets"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "elasticloadbalancing:SetWebAcl",
+ "elasticloadbalancing:ModifyListener",
+ "elasticloadbalancing:AddListenerCertificates",
+ "elasticloadbalancing:RemoveListenerCertificates",
+ "elasticloadbalancing:ModifyRule"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_load_balancer_controller"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_node_termination_handler",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_node_termination_handler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "autoscaling:DescribeAutoScalingInstances",
+ "autoscaling:DescribeTags",
+ "ec2:DescribeInstances"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "autoscaling:CompleteLifecycleAction"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.aws_node_termination_handler_asg_arns"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "sqs:DeleteMessage",
+ "sqs:ReceiveMessage"
+ ]
+ },
+ "resources": {
+ "references": [
+ "module.aws_node_termination_handler_sqs.queue_arn",
+ "module.aws_node_termination_handler_sqs"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_node_termination_handler"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.aws_privateca_issuer",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "aws_privateca_issuer",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "acm-pca:DescribeCertificateAuthority",
+ "acm-pca:GetCertificate",
+ "acm-pca:IssueCertificate"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.aws_privateca_issuer.acmca_arn",
+ "var.aws_privateca_issuer",
+ "local.partition",
+ "local.region",
+ "local.account_id"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_aws_privateca_issuer"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.cert_manager",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "cert_manager",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.cert_manager"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.cert_manager"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "route53:GetChange"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "route53:ChangeResourceRecordSets",
+ "route53:ListResourceRecordSets"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.cert_manager_route53_hosted_zone_arns"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "route53:ListHostedZonesByName"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_cert_manager_irsa"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.cluster_autoscaler",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "cluster_autoscaler",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.cluster_autoscaler"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.cluster_autoscaler"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeAutoScalingInstances",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeScalingActivities",
+ "autoscaling:DescribeTags",
+ "ec2:DescribeLaunchTemplateVersions",
+ "ec2:DescribeInstanceTypes",
+ "eks:DescribeNodegroup",
+ "ec2:DescribeImages",
+ "ec2:GetInstanceTypesFromInstanceRequirements"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "autoscaling:SetDesiredCapacity",
+ "autoscaling:TerminateInstanceInAutoScalingGroup",
+ "autoscaling:UpdateAutoScalingGroup"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringEquals"
+ },
+ "values": {
+ "constant_value": [
+ "owned"
+ ]
+ },
+ "variable": {
+ "references": [
+ "var.cluster_name"
+ ]
+ }
+ }
+ ],
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_cluster_autoscaler"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.external_dns",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "external_dns",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.external_dns"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.external_dns"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "route53:ChangeResourceRecordSets"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.external_dns_route53_zone_arns"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "route53:ListTagsForResource"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.external_dns_route53_zone_arns"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "route53:ListHostedZones",
+ "route53:ListResourceRecordSets"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_external_dns",
+ "var.external_dns_route53_zone_arns"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.external_secrets",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "external_secrets",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.external_secrets"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.external_secrets"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_external_secrets"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.fargate_fluentbit",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "fargate_fluentbit",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.fargate_fluentbit_cw_log_group.create",
+ "var.fargate_fluentbit_cw_log_group",
+ "var.fargate_fluentbit",
+ "var.enable_fargate_fluentbit"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.karpenter",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "karpenter",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.karpenter"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.karpenter"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceTypeOfferings",
+ "ec2:DescribeInstanceTypes",
+ "ec2:DescribeLaunchTemplates",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSpotPriceHistory",
+ "ec2:DescribeSubnets"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateFleet",
+ "ec2:CreateLaunchTemplate",
+ "ec2:CreateTags",
+ "ec2:DeleteLaunchTemplate",
+ "ec2:RunInstances"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region",
+ "local.account_id",
+ "local.partition",
+ "local.region"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "iam:PassRole"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.karpenter_node_iam_role_arn"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "pricing:GetProducts"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ssm:GetParameter"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "eks:DescribeCluster"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.account_id",
+ "var.cluster_name"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:TerminateInstances"
+ ]
+ },
+ "condition": [
+ {
+ "test": {
+ "constant_value": "StringLike"
+ },
+ "values": {
+ "constant_value": [
+ "*karpenter*"
+ ]
+ },
+ "variable": {
+ "constant_value": "ec2:ResourceTag/Name"
+ }
+ }
+ ],
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region",
+ "local.account_id"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_karpenter"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.karpenter_assume_role",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "karpenter_assume_role",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "references": [
+ "local.dns_suffix"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ],
+ "sid": {
+ "constant_value": "KarpenterNodeAssumeRole"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_karpenter_node_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.velero",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "velero",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.velero"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.velero"
+ ]
+ },
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:CreateSnapshot",
+ "ec2:CreateSnapshots",
+ "ec2:CreateTags",
+ "ec2:CreateVolume",
+ "ec2:DeleteSnapshot"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.partition",
+ "local.region",
+ "local.account_id",
+ "local.partition",
+ "local.region",
+ "local.partition",
+ "local.region",
+ "local.account_id"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeVolumes"
+ ]
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "s3:AbortMultipartUpload",
+ "s3:DeleteObject",
+ "s3:GetObject",
+ "s3:ListMultipartUploadParts",
+ "s3:PutObject"
+ ]
+ },
+ "resources": {
+ "references": [
+ "var.velero.s3_backup_location",
+ "var.velero"
+ ]
+ }
+ },
+ {
+ "actions": {
+ "constant_value": [
+ "s3:ListBucket"
+ ]
+ },
+ "resources": {
+ "references": [
+ "local.velero_backup_s3_bucket_arn"
+ ]
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.enable_velero"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ },
+ {
+ "address": "data.aws_region.current",
+ "mode": "data",
+ "type": "aws_region",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0
+ }
+ ],
+ "module_calls": {
+ "argo_events": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.argo_events.atomic",
+ "var.argo_events"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.argo_events.chart",
+ "var.argo_events"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.argo_events.chart_version",
+ "var.argo_events"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.argo_events.cleanup_on_fail",
+ "var.argo_events"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_argo_events"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.argo_events.create_namespace",
+ "var.argo_events"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.argo_events.dependency_update",
+ "var.argo_events"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.argo_events.description",
+ "var.argo_events"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.argo_events.devel",
+ "var.argo_events"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.argo_events.disable_openapi_validation",
+ "var.argo_events"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.argo_events.disable_webhooks",
+ "var.argo_events"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.argo_events.force_update",
+ "var.argo_events"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.argo_events.keyring",
+ "var.argo_events"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.argo_events.lint",
+ "var.argo_events"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.argo_events.max_history",
+ "var.argo_events"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.argo_events.name",
+ "var.argo_events"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.argo_events.namespace",
+ "var.argo_events"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.argo_events.postrender",
+ "var.argo_events"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.argo_events.recreate_pods",
+ "var.argo_events"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.argo_events.render_subchart_notes",
+ "var.argo_events"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.argo_events.replace",
+ "var.argo_events"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.argo_events.repository",
+ "var.argo_events"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.argo_events.repository_ca_file",
+ "var.argo_events"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.argo_events.repository_cert_file",
+ "var.argo_events"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.argo_events.repository_key_file",
+ "var.argo_events"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.argo_events.repository_password",
+ "var.argo_events"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.argo_events.repository_username",
+ "var.argo_events"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.argo_events.reset_values",
+ "var.argo_events"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.argo_events.reuse_values",
+ "var.argo_events"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.argo_events.set",
+ "var.argo_events"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.argo_events.set_sensitive",
+ "var.argo_events"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.argo_events.skip_crds",
+ "var.argo_events"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.argo_events.timeout",
+ "var.argo_events"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.argo_events.values",
+ "var.argo_events"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.argo_events.verify",
+ "var.argo_events"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.argo_events.wait",
+ "var.argo_events"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.argo_events.wait_for_jobs",
+ "var.argo_events"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "argo_rollouts": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.argo_rollouts.atomic",
+ "var.argo_rollouts"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.argo_rollouts.chart",
+ "var.argo_rollouts"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.argo_rollouts.chart_version",
+ "var.argo_rollouts"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.argo_rollouts.cleanup_on_fail",
+ "var.argo_rollouts"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_argo_rollouts"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.argo_rollouts.create_namespace",
+ "var.argo_rollouts"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.argo_rollouts.dependency_update",
+ "var.argo_rollouts"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.argo_rollouts.description",
+ "var.argo_rollouts"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.argo_rollouts.devel",
+ "var.argo_rollouts"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.argo_rollouts.disable_openapi_validation",
+ "var.argo_rollouts"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.argo_rollouts.disable_webhooks",
+ "var.argo_rollouts"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.argo_rollouts.force_update",
+ "var.argo_rollouts"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.argo_rollouts.keyring",
+ "var.argo_rollouts"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.argo_rollouts.lint",
+ "var.argo_rollouts"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.argo_rollouts.max_history",
+ "var.argo_rollouts"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.argo_rollouts.name",
+ "var.argo_rollouts"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.argo_rollouts.namespace",
+ "var.argo_rollouts"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.argo_rollouts.postrender",
+ "var.argo_rollouts"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.argo_rollouts.recreate_pods",
+ "var.argo_rollouts"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.argo_rollouts.render_subchart_notes",
+ "var.argo_rollouts"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.argo_rollouts.replace",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.argo_rollouts.repository",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.argo_rollouts.repository_ca_file",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.argo_rollouts.repository_cert_file",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.argo_rollouts.repository_key_file",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.argo_rollouts.repository_password",
+ "var.argo_rollouts"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.argo_rollouts.repository_username",
+ "var.argo_rollouts"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.argo_rollouts.reset_values",
+ "var.argo_rollouts"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.argo_rollouts.reuse_values",
+ "var.argo_rollouts"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.argo_rollouts.set",
+ "var.argo_rollouts"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.argo_rollouts.set_sensitive",
+ "var.argo_rollouts"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.argo_rollouts.skip_crds",
+ "var.argo_rollouts"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.argo_rollouts.timeout",
+ "var.argo_rollouts"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.argo_rollouts.values",
+ "var.argo_rollouts"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.argo_rollouts.verify",
+ "var.argo_rollouts"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.argo_rollouts.wait",
+ "var.argo_rollouts"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.argo_rollouts.wait_for_jobs",
+ "var.argo_rollouts"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "argo_workflows": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.argo_workflows.atomic",
+ "var.argo_workflows"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.argo_workflows.chart",
+ "var.argo_workflows"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.argo_workflows.chart_version",
+ "var.argo_workflows"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.argo_workflows.cleanup_on_fail",
+ "var.argo_workflows"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_argo_workflows"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.argo_workflows.create_namespace",
+ "var.argo_workflows"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.argo_workflows.dependency_update",
+ "var.argo_workflows"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.argo_workflows.description",
+ "var.argo_workflows"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.argo_workflows.devel",
+ "var.argo_workflows"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.argo_workflows.disable_openapi_validation",
+ "var.argo_workflows"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.argo_workflows.disable_webhooks",
+ "var.argo_workflows"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.argo_workflows.force_update",
+ "var.argo_workflows"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.argo_workflows.keyring",
+ "var.argo_workflows"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.argo_workflows.lint",
+ "var.argo_workflows"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.argo_workflows.max_history",
+ "var.argo_workflows"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.argo_workflows.name",
+ "var.argo_workflows"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.argo_workflows.namespace",
+ "var.argo_workflows"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.argo_workflows.postrender",
+ "var.argo_workflows"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.argo_workflows.recreate_pods",
+ "var.argo_workflows"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.argo_workflows.render_subchart_notes",
+ "var.argo_workflows"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.argo_workflows.replace",
+ "var.argo_workflows"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.argo_workflows.repository",
+ "var.argo_workflows"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.argo_workflows.repository_ca_file",
+ "var.argo_workflows"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.argo_workflows.repository_cert_file",
+ "var.argo_workflows"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.argo_workflows.repository_key_file",
+ "var.argo_workflows"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.argo_workflows.repository_password",
+ "var.argo_workflows"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.argo_workflows.repository_username",
+ "var.argo_workflows"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.argo_workflows.reset_values",
+ "var.argo_workflows"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.argo_workflows.reuse_values",
+ "var.argo_workflows"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.argo_workflows.set",
+ "var.argo_workflows"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.argo_workflows.set_sensitive",
+ "var.argo_workflows"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.argo_workflows.skip_crds",
+ "var.argo_workflows"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.argo_workflows.timeout",
+ "var.argo_workflows"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.argo_workflows.values",
+ "var.argo_workflows"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.argo_workflows.verify",
+ "var.argo_workflows"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.argo_workflows.wait",
+ "var.argo_workflows"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.argo_workflows.wait_for_jobs",
+ "var.argo_workflows"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "argocd": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.argocd.atomic",
+ "var.argocd"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.argocd.chart",
+ "var.argocd"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.argocd.chart_version",
+ "var.argocd"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.argocd.cleanup_on_fail",
+ "var.argocd"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_argocd"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.argocd.create_namespace",
+ "var.argocd"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.argocd.dependency_update",
+ "var.argocd"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.argocd.description",
+ "var.argocd"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.argocd.devel",
+ "var.argocd"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.argocd.disable_openapi_validation",
+ "var.argocd"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.argocd.disable_webhooks",
+ "var.argocd"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.argocd.force_update",
+ "var.argocd"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.argocd.keyring",
+ "var.argocd"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.argocd.lint",
+ "var.argocd"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.argocd.max_history",
+ "var.argocd"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.argocd.name",
+ "var.argocd"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.argocd.namespace",
+ "var.argocd"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.argocd.postrender",
+ "var.argocd"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.argocd.recreate_pods",
+ "var.argocd"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.argocd.render_subchart_notes",
+ "var.argocd"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.argocd.replace",
+ "var.argocd"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.argocd.repository",
+ "var.argocd"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.argocd.repository_ca_file",
+ "var.argocd"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.argocd.repository_cert_file",
+ "var.argocd"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.argocd.repository_key_file",
+ "var.argocd"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.argocd.repository_password",
+ "var.argocd"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.argocd.repository_username",
+ "var.argocd"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.argocd.reset_values",
+ "var.argocd"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.argocd.reuse_values",
+ "var.argocd"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.argocd.set",
+ "var.argocd"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.argocd.set_sensitive",
+ "var.argocd"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.argocd.skip_crds",
+ "var.argocd"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.argocd.timeout",
+ "var.argocd"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.argocd.values",
+ "var.argocd"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.argocd.verify",
+ "var.argocd"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.argocd.wait",
+ "var.argocd"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.argocd.wait_for_jobs",
+ "var.argocd"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_cloudwatch_metrics": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_cloudwatch_metrics.atomic",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_cloudwatch_metrics.chart",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_cloudwatch_metrics.chart_version",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_cloudwatch_metrics.cleanup_on_fail",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_cloudwatch_metrics"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_cloudwatch_metrics.create_namespace",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "create_policy": {
+ "references": [
+ "var.aws_cloudwatch_metrics.create_policy",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_cloudwatch_metrics.create_role",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_cloudwatch_metrics.dependency_update",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_cloudwatch_metrics.description",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_cloudwatch_metrics.devel",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_cloudwatch_metrics.disable_openapi_validation",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_cloudwatch_metrics.disable_webhooks",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_cloudwatch_metrics.force_update",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_cloudwatch_metrics.keyring",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_cloudwatch_metrics.lint",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_cloudwatch_metrics.max_history",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_cloudwatch_metrics.name",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_cloudwatch_metrics_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_cloudwatch_metrics_service_account"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_cloudwatch_metrics.postrender",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_cloudwatch_metrics.recreate_pods",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_cloudwatch_metrics.render_subchart_notes",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_cloudwatch_metrics.replace",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository_ca_file",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository_cert_file",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository_key_file",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository_password",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_cloudwatch_metrics.repository_username",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_cloudwatch_metrics.reset_values",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_cloudwatch_metrics.reuse_values",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_cloudwatch_metrics.role_description",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_cloudwatch_metrics.role_name",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_cloudwatch_metrics.role_name_use_prefix",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_cloudwatch_metrics.role_path",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_cloudwatch_metrics.role_permissions_boundary_arn",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_cloudwatch_metrics",
+ "local.partition"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.cluster_name",
+ "local.aws_cloudwatch_metrics_service_account",
+ "var.aws_cloudwatch_metrics.set",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_cloudwatch_metrics.set_sensitive",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_cloudwatch_metrics.skip_crds",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_cloudwatch_metrics.timeout",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_cloudwatch_metrics.values",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_cloudwatch_metrics.verify",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_cloudwatch_metrics.wait",
+ "var.aws_cloudwatch_metrics"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_cloudwatch_metrics.wait_for_jobs",
+ "var.aws_cloudwatch_metrics"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_efs_csi_driver": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_efs_csi_driver.atomic",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_efs_csi_driver.chart",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_efs_csi_driver.chart_version",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_efs_csi_driver.cleanup_on_fail",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_efs_csi_driver"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_efs_csi_driver.create_namespace",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_efs_csi_driver.create_role",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_efs_csi_driver.dependency_update",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_efs_csi_driver.description",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_efs_csi_driver.devel",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_efs_csi_driver.disable_openapi_validation",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_efs_csi_driver.disable_webhooks",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_efs_csi_driver.force_update",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_efs_csi_driver.keyring",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_efs_csi_driver.lint",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_efs_csi_driver.max_history",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_efs_csi_driver.name",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_efs_csi_driver_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_efs_csi_driver_controller_service_account",
+ "local.oidc_provider_arn",
+ "local.aws_efs_csi_driver_node_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_efs_csi_driver.policy_description",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_efs_csi_driver.policy_name",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_efs_csi_driver.policy_name_use_prefix",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_efs_csi_driver.policy_path",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_efs_csi_driver.postrender",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_efs_csi_driver.recreate_pods",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_efs_csi_driver.render_subchart_notes",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_efs_csi_driver.replace",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_efs_csi_driver.repository",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_efs_csi_driver.repository_ca_file",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_efs_csi_driver.repository_cert_file",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_efs_csi_driver.repository_key_file",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_efs_csi_driver.repository_password",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_efs_csi_driver.repository_username",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_efs_csi_driver.reset_values",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_efs_csi_driver.reuse_values",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_efs_csi_driver.role_description",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_efs_csi_driver.role_name",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_efs_csi_driver.role_name_use_prefix",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_efs_csi_driver.role_path",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_efs_csi_driver_controller_service_account",
+ "local.aws_efs_csi_driver_node_service_account",
+ "var.aws_efs_csi_driver.set",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
+ "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_efs_csi_driver.set_sensitive",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_efs_csi_driver.skip_crds",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_efs_csi_driver"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_efs_csi_driver.timeout",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_efs_csi_driver.values",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_efs_csi_driver.verify",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_efs_csi_driver.wait",
+ "var.aws_efs_csi_driver"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_efs_csi_driver.wait_for_jobs",
+ "var.aws_efs_csi_driver"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_for_fluentbit": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_for_fluentbit.atomic",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_for_fluentbit.chart",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_for_fluentbit.chart_version",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_for_fluentbit.cleanup_on_fail",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_for_fluentbit"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_for_fluentbit.create_namespace",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_for_fluentbit.create_role",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_for_fluentbit.dependency_update",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_for_fluentbit.description",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_for_fluentbit.devel",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_for_fluentbit.disable_openapi_validation",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_for_fluentbit.disable_webhooks",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_for_fluentbit.force_update",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_for_fluentbit.keyring",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_for_fluentbit.lint",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_for_fluentbit.max_history",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_for_fluentbit.name",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_for_fluentbit_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_for_fluentbit_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_for_fluentbit.policy_description",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_for_fluentbit.policy_name",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_for_fluentbit.policy_name_use_prefix",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_for_fluentbit.policy_path",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_for_fluentbit.postrender",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_for_fluentbit.recreate_pods",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_for_fluentbit.render_subchart_notes",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_for_fluentbit.replace",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_for_fluentbit.repository",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_for_fluentbit.repository_ca_file",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_for_fluentbit.repository_cert_file",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_for_fluentbit.repository_key_file",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_for_fluentbit.repository_password",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_for_fluentbit.repository_username",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_for_fluentbit.reset_values",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_for_fluentbit.reuse_values",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_for_fluentbit.role_description",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_for_fluentbit.role_name",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_for_fluentbit.role_name_use_prefix",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_for_fluentbit.role_path",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_for_fluentbit_service_account",
+ "local.region",
+ "local.aws_for_fluentbit_cw_log_group_name",
+ "local.region",
+ "var.aws_for_fluentbit.set",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_for_fluentbit.set_sensitive",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_for_fluentbit.skip_crds",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_for_fluentbit"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_for_fluentbit.timeout",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_for_fluentbit.values",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_for_fluentbit.verify",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_for_fluentbit.wait",
+ "var.aws_for_fluentbit"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_for_fluentbit.wait_for_jobs",
+ "var.aws_for_fluentbit"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_fsx_csi_driver": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_fsx_csi_driver.atomic",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_fsx_csi_driver.chart",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_fsx_csi_driver.chart_version",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_fsx_csi_driver.cleanup_on_fail",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_fsx_csi_driver"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_fsx_csi_driver.create_namespace",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_fsx_csi_driver.create_role",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_fsx_csi_driver.dependency_update",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_fsx_csi_driver.description",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_fsx_csi_driver.devel",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_fsx_csi_driver.disable_openapi_validation",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_fsx_csi_driver.disable_webhooks",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_fsx_csi_driver.force_update",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_fsx_csi_driver.keyring",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_fsx_csi_driver.lint",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_fsx_csi_driver.max_history",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_fsx_csi_driver.name",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_fsx_csi_driver_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_fsx_csi_driver_controller_service_account",
+ "local.oidc_provider_arn",
+ "local.aws_fsx_csi_driver_node_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_fsx_csi_driver.policy_description",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_fsx_csi_driver.policy_name",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_fsx_csi_driver.policy_name_use_prefix",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_fsx_csi_driver.policy_path",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_fsx_csi_driver.postrender",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_fsx_csi_driver.recreate_pods",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_fsx_csi_driver.render_subchart_notes",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_fsx_csi_driver.replace",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository_ca_file",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository_cert_file",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository_key_file",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository_password",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_fsx_csi_driver.repository_username",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_fsx_csi_driver.reset_values",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_fsx_csi_driver.reuse_values",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_fsx_csi_driver.role_description",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_fsx_csi_driver.role_name",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_fsx_csi_driver.role_name_use_prefix",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_fsx_csi_driver.role_path",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_fsx_csi_driver_controller_service_account",
+ "local.aws_fsx_csi_driver_node_service_account",
+ "var.aws_fsx_csi_driver.set",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
+ "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_fsx_csi_driver.set_sensitive",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_fsx_csi_driver.skip_crds",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_fsx_csi_driver"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_fsx_csi_driver.timeout",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_fsx_csi_driver.values",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_fsx_csi_driver.verify",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_fsx_csi_driver.wait",
+ "var.aws_fsx_csi_driver"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_fsx_csi_driver.wait_for_jobs",
+ "var.aws_fsx_csi_driver"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_gateway_api_controller": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_gateway_api_controller.atomic",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_gateway_api_controller.chart",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_gateway_api_controller.chart_version",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_gateway_api_controller.cleanup_on_fail",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_gateway_api_controller"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_gateway_api_controller.create_namespace",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_gateway_api_controller.create_role",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_gateway_api_controller.dependency_update",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_gateway_api_controller.description",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_gateway_api_controller.devel",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_gateway_api_controller.disable_openapi_validation",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_gateway_api_controller.disable_webhooks",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_gateway_api_controller.force_update",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_gateway_api_controller.keyring",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_gateway_api_controller.lint",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_gateway_api_controller.max_history",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_gateway_api_controller.name",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_gateway_api_controller_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_gateway_api_controller_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_gateway_api_controller.policy_description",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_gateway_api_controller.policy_name",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_gateway_api_controller.policy_name_use_prefix",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_gateway_api_controller.policy_path",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_gateway_api_controller.postrender",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_gateway_api_controller.recreate_pods",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_gateway_api_controller.render_subchart_notes",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_gateway_api_controller.replace",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_gateway_api_controller.repository",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_gateway_api_controller.repository_ca_file",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_gateway_api_controller.repository_cert_file",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_gateway_api_controller.repository_key_file",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_gateway_api_controller.repository_password",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_gateway_api_controller.repository_username",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_gateway_api_controller.reset_values",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_gateway_api_controller.reuse_values",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_gateway_api_controller.role_description",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_gateway_api_controller.role_name",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_gateway_api_controller.role_name_use_prefix",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_gateway_api_controller.role_path",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_gateway_api_controller_service_account",
+ "local.region",
+ "local.account_id",
+ "var.aws_gateway_api_controller.set",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_gateway_api_controller.set_sensitive",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_gateway_api_controller.skip_crds",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_gateway_api_controller"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_gateway_api_controller.timeout",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_gateway_api_controller.values",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_gateway_api_controller.verify",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_gateway_api_controller.wait",
+ "var.aws_gateway_api_controller"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_gateway_api_controller.wait_for_jobs",
+ "var.aws_gateway_api_controller"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_load_balancer_controller": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_load_balancer_controller.atomic",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_load_balancer_controller.chart",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_load_balancer_controller.chart_version",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_load_balancer_controller.cleanup_on_fail",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_load_balancer_controller"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_load_balancer_controller.create_namespace",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_load_balancer_controller.create_role",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_load_balancer_controller.dependency_update",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_load_balancer_controller.description",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_load_balancer_controller.devel",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_load_balancer_controller.disable_openapi_validation",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_load_balancer_controller.disable_webhooks",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_load_balancer_controller.force_update",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_load_balancer_controller.keyring",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_load_balancer_controller.lint",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_load_balancer_controller.max_history",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_load_balancer_controller.name",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_load_balancer_controller_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_load_balancer_controller_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_load_balancer_controller.policy_description",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_load_balancer_controller.policy_name",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_load_balancer_controller.policy_name_use_prefix",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_load_balancer_controller.policy_path",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_load_balancer_controller.postrender",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_load_balancer_controller.recreate_pods",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_load_balancer_controller.render_subchart_notes",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_load_balancer_controller.replace",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_load_balancer_controller.repository",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_load_balancer_controller.repository_ca_file",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_load_balancer_controller.repository_cert_file",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_load_balancer_controller.repository_key_file",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_load_balancer_controller.repository_password",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_load_balancer_controller.repository_username",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_load_balancer_controller.reset_values",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_load_balancer_controller.reuse_values",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_load_balancer_controller.role_description",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_load_balancer_controller.role_name",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_load_balancer_controller.role_name_use_prefix",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_load_balancer_controller.role_path",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_load_balancer_controller_service_account",
+ "local.cluster_name",
+ "var.aws_load_balancer_controller.set",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_load_balancer_controller.set_sensitive",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_load_balancer_controller.skip_crds",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_load_balancer_controller"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_load_balancer_controller.timeout",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_load_balancer_controller.values",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_load_balancer_controller.verify",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_load_balancer_controller.wait",
+ "var.aws_load_balancer_controller"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_load_balancer_controller.wait_for_jobs",
+ "var.aws_load_balancer_controller"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_node_termination_handler": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_node_termination_handler.atomic",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_node_termination_handler.chart",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_node_termination_handler.chart_version",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_node_termination_handler.cleanup_on_fail",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_node_termination_handler"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_node_termination_handler.create_namespace",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_node_termination_handler.create_role",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_node_termination_handler.dependency_update",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_node_termination_handler.description",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_node_termination_handler.devel",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_node_termination_handler.disable_openapi_validation",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_node_termination_handler.disable_webhooks",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_node_termination_handler.force_update",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_node_termination_handler.keyring",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_node_termination_handler.lint",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_node_termination_handler.max_history",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_node_termination_handler.name",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_node_termination_handler_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_node_termination_handler_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_node_termination_handler.policy_description",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_node_termination_handler.policy_name",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_node_termination_handler.policy_name_use_prefix",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_node_termination_handler.policy_path",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_node_termination_handler.postrender",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_node_termination_handler.recreate_pods",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_node_termination_handler.render_subchart_notes",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_node_termination_handler.replace",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_node_termination_handler.repository",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_node_termination_handler.repository_ca_file",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_node_termination_handler.repository_cert_file",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_node_termination_handler.repository_key_file",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_node_termination_handler.repository_password",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_node_termination_handler.repository_username",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_node_termination_handler.reset_values",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_node_termination_handler.reuse_values",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_node_termination_handler.role_description",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_node_termination_handler.role_name",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_node_termination_handler.role_name_use_prefix",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_node_termination_handler.role_path",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_node_termination_handler_service_account",
+ "local.region",
+ "module.aws_node_termination_handler_sqs.queue_url",
+ "module.aws_node_termination_handler_sqs",
+ "var.aws_node_termination_handler.set",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_node_termination_handler.set_sensitive",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_node_termination_handler.skip_crds",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_node_termination_handler"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_node_termination_handler.timeout",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_node_termination_handler.values",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_node_termination_handler.verify",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_node_termination_handler.wait",
+ "var.aws_node_termination_handler"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_node_termination_handler.wait_for_jobs",
+ "var.aws_node_termination_handler"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "aws_node_termination_handler_sqs": {
+ "source": "terraform-aws-modules/sqs/aws",
+ "expressions": {
+ "create": {
+ "references": [
+ "var.enable_aws_node_termination_handler"
+ ]
+ },
+ "create_queue_policy": {
+ "constant_value": true
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.aws_node_termination_handler_sqs.kms_data_key_reuse_period_seconds",
+ "var.aws_node_termination_handler_sqs"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "var.aws_node_termination_handler_sqs.kms_master_key_id",
+ "var.aws_node_termination_handler_sqs"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.aws_node_termination_handler_sqs.message_retention_seconds",
+ "var.aws_node_termination_handler_sqs"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_node_termination_handler_sqs.queue_name",
+ "var.aws_node_termination_handler_sqs",
+ "var.cluster_name"
+ ]
+ },
+ "queue_policy_statements": {
+ "references": [
+ "local.dns_suffix",
+ "local.dns_suffix"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "var.aws_node_termination_handler_sqs.sse_enabled",
+ "var.aws_node_termination_handler_sqs"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.aws_node_termination_handler_sqs.tags",
+ "var.aws_node_termination_handler_sqs"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "dead_letter_queue_arn": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].arn",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The ARN of the SQS queue"
+ },
+ "dead_letter_queue_id": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].id",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The URL for the created Amazon SQS queue"
+ },
+ "dead_letter_queue_name": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].name",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The name of the SQS queue"
+ },
+ "dead_letter_queue_url": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue"
+ },
+ "queue_arn": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].arn",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The ARN of the SQS queue"
+ },
+ "queue_id": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].id",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The URL for the created Amazon SQS queue"
+ },
+ "queue_name": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].name",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The name of the SQS queue"
+ },
+ "queue_url": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "Same as `queue_id`: The URL for the created Amazon SQS queue"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_sqs_queue.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "content_based_deduplication": {
+ "references": [
+ "var.dlq_content_based_deduplication",
+ "var.content_based_deduplication"
+ ]
+ },
+ "deduplication_scope": {
+ "references": [
+ "var.dlq_deduplication_scope",
+ "var.deduplication_scope"
+ ]
+ },
+ "delay_seconds": {
+ "references": [
+ "var.dlq_delay_seconds",
+ "var.delay_seconds"
+ ]
+ },
+ "fifo_queue": {
+ "references": [
+ "var.fifo_queue"
+ ]
+ },
+ "fifo_throughput_limit": {
+ "references": [
+ "var.fifo_throughput_limit"
+ ]
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.dlq_kms_data_key_reuse_period_seconds",
+ "var.kms_data_key_reuse_period_seconds"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "local.dlq_kms_master_key_id"
+ ]
+ },
+ "max_message_size": {
+ "references": [
+ "var.max_message_size"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.dlq_message_retention_seconds",
+ "var.message_retention_seconds"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.use_name_prefix",
+ "local.dlq_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "local.dlq_name"
+ ]
+ },
+ "receive_wait_time_seconds": {
+ "references": [
+ "var.dlq_receive_wait_time_seconds",
+ "var.receive_wait_time_seconds"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "local.dlq_kms_master_key_id",
+ "local.dlq_sqs_managed_sse_enabled"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.dlq_tags"
+ ]
+ },
+ "visibility_timeout_seconds": {
+ "references": [
+ "var.dlq_visibility_timeout_seconds",
+ "var.visibility_timeout_seconds"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "content_based_deduplication": {
+ "references": [
+ "var.content_based_deduplication"
+ ]
+ },
+ "deduplication_scope": {
+ "references": [
+ "var.deduplication_scope"
+ ]
+ },
+ "delay_seconds": {
+ "references": [
+ "var.delay_seconds"
+ ]
+ },
+ "fifo_queue": {
+ "references": [
+ "var.fifo_queue"
+ ]
+ },
+ "fifo_throughput_limit": {
+ "references": [
+ "var.fifo_throughput_limit"
+ ]
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.kms_data_key_reuse_period_seconds"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "var.kms_master_key_id"
+ ]
+ },
+ "max_message_size": {
+ "references": [
+ "var.max_message_size"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.message_retention_seconds"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.use_name_prefix",
+ "var.fifo_queue",
+ "local.name",
+ "local.name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "local.name"
+ ]
+ },
+ "receive_wait_time_seconds": {
+ "references": [
+ "var.receive_wait_time_seconds"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "var.kms_master_key_id",
+ "var.sqs_managed_sse_enabled"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "visibility_timeout_seconds": {
+ "references": [
+ "var.visibility_timeout_seconds"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.dlq[0].json",
+ "data.aws_iam_policy_document.dlq[0]",
+ "data.aws_iam_policy_document.dlq"
+ ]
+ },
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.create_dlq_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_allow_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_allow_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "redrive_allow_policy": {
+ "references": [
+ "aws_sqs_queue.this[0].arn",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this",
+ "var.dlq_redrive_allow_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_allow_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_allow_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_allow_policy": {
+ "references": [
+ "var.redrive_allow_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.redrive_allow_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_policy": {
+ "references": [
+ "aws_sqs_queue.dlq[0].arn",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq",
+ "var.redrive_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_policy": {
+ "references": [
+ "var.redrive_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.redrive_policy"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.dlq",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_dlq_queue_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_dlq_queue_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.create_dlq_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_queue_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_queue_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_queue_policy"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "content_based_deduplication": {
+ "default": null,
+ "description": "Enables content-based deduplication for FIFO queues"
+ },
+ "create": {
+ "default": true,
+ "description": "Whether to create SQS queue"
+ },
+ "create_dlq": {
+ "default": false,
+ "description": "Determines whether to create SQS dead letter queue"
+ },
+ "create_dlq_queue_policy": {
+ "default": false,
+ "description": "Whether to create SQS queue policy"
+ },
+ "create_queue_policy": {
+ "default": false,
+ "description": "Whether to create SQS queue policy"
+ },
+ "deduplication_scope": {
+ "default": null,
+ "description": "Specifies whether message deduplication occurs at the message group or queue level"
+ },
+ "delay_seconds": {
+ "default": null,
+ "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)"
+ },
+ "dlq_content_based_deduplication": {
+ "default": null,
+ "description": "Enables content-based deduplication for FIFO queues"
+ },
+ "dlq_deduplication_scope": {
+ "default": null,
+ "description": "Specifies whether message deduplication occurs at the message group or queue level"
+ },
+ "dlq_delay_seconds": {
+ "default": null,
+ "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)"
+ },
+ "dlq_kms_data_key_reuse_period_seconds": {
+ "default": null,
+ "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)"
+ },
+ "dlq_kms_master_key_id": {
+ "default": null,
+ "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
+ },
+ "dlq_message_retention_seconds": {
+ "default": null,
+ "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)"
+ },
+ "dlq_name": {
+ "default": null,
+ "description": "This is the human-readable name of the queue. If omitted, Terraform will assign a random name"
+ },
+ "dlq_queue_policy_statements": {
+ "default": {},
+ "description": "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+ },
+ "dlq_receive_wait_time_seconds": {
+ "default": null,
+ "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)"
+ },
+ "dlq_redrive_allow_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs."
+ },
+ "dlq_sqs_managed_sse_enabled": {
+ "default": true,
+ "description": "Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys"
+ },
+ "dlq_tags": {
+ "default": {},
+ "description": "A mapping of additional tags to assign to the dead letter queue"
+ },
+ "dlq_visibility_timeout_seconds": {
+ "default": null,
+ "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)"
+ },
+ "fifo_queue": {
+ "default": false,
+ "description": "Boolean designating a FIFO queue"
+ },
+ "fifo_throughput_limit": {
+ "default": null,
+ "description": "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group"
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "default": null,
+ "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)"
+ },
+ "kms_master_key_id": {
+ "default": null,
+ "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
+ },
+ "max_message_size": {
+ "default": null,
+ "description": "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)"
+ },
+ "message_retention_seconds": {
+ "default": null,
+ "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)"
+ },
+ "name": {
+ "default": null,
+ "description": "This is the human-readable name of the queue. If omitted, Terraform will assign a random name"
+ },
+ "override_dlq_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "override_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "queue_policy_statements": {
+ "default": {},
+ "description": "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+ },
+ "receive_wait_time_seconds": {
+ "default": null,
+ "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)"
+ },
+ "redrive_allow_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs."
+ },
+ "redrive_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string (\"5\")"
+ },
+ "source_dlq_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "source_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "sqs_managed_sse_enabled": {
+ "default": true,
+ "description": "Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys"
+ },
+ "tags": {
+ "default": {},
+ "description": "A mapping of tags to assign to all resources"
+ },
+ "use_name_prefix": {
+ "default": false,
+ "description": "Determines whether `name` is used as a prefix"
+ },
+ "visibility_timeout_seconds": {
+ "default": null,
+ "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)"
+ }
+ }
+ },
+ "version_constraint": "4.0.1"
+ },
+ "aws_privateca_issuer": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.aws_privateca_issuer.atomic",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.aws_privateca_issuer.chart",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.aws_privateca_issuer.chart_version",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.aws_privateca_issuer.cleanup_on_fail",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_aws_privateca_issuer"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.aws_privateca_issuer.create_namespace",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.aws_privateca_issuer.create_role",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.aws_privateca_issuer.dependency_update",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.aws_privateca_issuer.description",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.aws_privateca_issuer.devel",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.aws_privateca_issuer.disable_openapi_validation",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.aws_privateca_issuer.disable_webhooks",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.aws_privateca_issuer.force_update",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.aws_privateca_issuer.keyring",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.aws_privateca_issuer.lint",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.aws_privateca_issuer.max_history",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.aws_privateca_issuer.name",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.aws_privateca_issuer_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.aws_privateca_issuer_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.aws_privateca_issuer.policy_description",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.aws_privateca_issuer.policy_name",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.aws_privateca_issuer.policy_name_use_prefix",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.aws_privateca_issuer.policy_path",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.aws_privateca_issuer.postrender",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.aws_privateca_issuer.recreate_pods",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.aws_privateca_issuer.render_subchart_notes",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.aws_privateca_issuer.replace",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.aws_privateca_issuer.repository",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.aws_privateca_issuer.repository_ca_file",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.aws_privateca_issuer.repository_cert_file",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.aws_privateca_issuer.repository_key_file",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.aws_privateca_issuer.repository_password",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.aws_privateca_issuer.repository_username",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.aws_privateca_issuer.reset_values",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.aws_privateca_issuer.reuse_values",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.aws_privateca_issuer.role_description",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.aws_privateca_issuer.role_name",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.aws_privateca_issuer.role_name_use_prefix",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.aws_privateca_issuer.role_path",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.aws_privateca_issuer_service_account",
+ "var.aws_privateca_issuer.set",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.aws_privateca_issuer.set_sensitive",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.aws_privateca_issuer.skip_crds",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.aws_privateca_issuer"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.aws_privateca_issuer.timeout",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.aws_privateca_issuer.values",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.aws_privateca_issuer.verify",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.aws_privateca_issuer.wait",
+ "var.aws_privateca_issuer"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.aws_privateca_issuer.wait_for_jobs",
+ "var.aws_privateca_issuer"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "cert_manager": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "allow_self_assume_role": {
+ "references": [
+ "var.cert_manager.allow_self_assume_role",
+ "var.cert_manager"
+ ]
+ },
+ "atomic": {
+ "references": [
+ "var.cert_manager.atomic",
+ "var.cert_manager"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.cert_manager.chart",
+ "var.cert_manager"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.cert_manager.chart_version",
+ "var.cert_manager"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cert_manager.cleanup_on_fail",
+ "var.cert_manager"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_cert_manager"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.cert_manager.create_namespace",
+ "var.cert_manager"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "local.create_cert_manager_irsa",
+ "var.cert_manager.create_role",
+ "var.cert_manager"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.cert_manager.dependency_update",
+ "var.cert_manager"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.cert_manager.description",
+ "var.cert_manager"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.cert_manager.devel",
+ "var.cert_manager"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.cert_manager.disable_openapi_validation",
+ "var.cert_manager"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.cert_manager.disable_webhooks",
+ "var.cert_manager"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.cert_manager.force_update",
+ "var.cert_manager"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.cert_manager.keyring",
+ "var.cert_manager"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.cert_manager.lint",
+ "var.cert_manager"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.cert_manager.max_history",
+ "var.cert_manager"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cert_manager.name",
+ "var.cert_manager"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.cert_manager_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.cert_manager_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.cert_manager.policy_description",
+ "var.cert_manager"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.cert_manager.policy_name",
+ "var.cert_manager"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.cert_manager.policy_name_use_prefix",
+ "var.cert_manager"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.cert_manager.policy_path",
+ "var.cert_manager"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.cert_manager"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.cert_manager.postrender",
+ "var.cert_manager"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.cert_manager.recreate_pods",
+ "var.cert_manager"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.cert_manager.render_subchart_notes",
+ "var.cert_manager"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.cert_manager.replace",
+ "var.cert_manager"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.cert_manager.repository",
+ "var.cert_manager"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.cert_manager.repository_ca_file",
+ "var.cert_manager"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.cert_manager.repository_cert_file",
+ "var.cert_manager"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.cert_manager.repository_key_file",
+ "var.cert_manager"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.cert_manager.repository_password",
+ "var.cert_manager"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.cert_manager.repository_username",
+ "var.cert_manager"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.cert_manager.reset_values",
+ "var.cert_manager"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.cert_manager.reuse_values",
+ "var.cert_manager"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.cert_manager.role_description",
+ "var.cert_manager"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.cert_manager.role_name",
+ "var.cert_manager"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.cert_manager.role_name_use_prefix",
+ "var.cert_manager"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.cert_manager.role_path",
+ "var.cert_manager"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.cert_manager"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.cert_manager"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.cert_manager_service_account",
+ "var.cert_manager.set",
+ "var.cert_manager"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.cert_manager.set_sensitive",
+ "var.cert_manager"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.cert_manager.skip_crds",
+ "var.cert_manager"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.cert_manager"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.cert_manager.timeout",
+ "var.cert_manager"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.cert_manager.values",
+ "var.cert_manager"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.cert_manager.verify",
+ "var.cert_manager"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.cert_manager.wait",
+ "var.cert_manager"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.cert_manager.wait_for_jobs",
+ "var.cert_manager"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "cluster_autoscaler": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.cluster_autoscaler.atomic",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.cluster_autoscaler.chart",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.cluster_autoscaler.chart_version",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cluster_autoscaler.cleanup_on_fail",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_cluster_autoscaler"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.cluster_autoscaler.create_namespace",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.cluster_autoscaler.create_role",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.cluster_autoscaler.dependency_update",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.cluster_autoscaler.description",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.cluster_autoscaler.devel",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.cluster_autoscaler.disable_openapi_validation",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.cluster_autoscaler.disable_webhooks",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.cluster_autoscaler.force_update",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.cluster_autoscaler.keyring",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.cluster_autoscaler.lint",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.cluster_autoscaler.max_history",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_autoscaler.name",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.cluster_autoscaler_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.cluster_autoscaler_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.cluster_autoscaler.policy_description",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.cluster_autoscaler.policy_name",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.cluster_autoscaler.policy_name_use_prefix",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.cluster_autoscaler.policy_path",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.cluster_autoscaler"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.cluster_autoscaler.postrender",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.cluster_autoscaler.recreate_pods",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.cluster_autoscaler.render_subchart_notes",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.cluster_autoscaler.replace",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.cluster_autoscaler.repository",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.cluster_autoscaler.repository_ca_file",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.cluster_autoscaler.repository_cert_file",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.cluster_autoscaler.repository_key_file",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.cluster_autoscaler.repository_password",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.cluster_autoscaler.repository_username",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.cluster_autoscaler.reset_values",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.cluster_autoscaler.reuse_values",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.cluster_autoscaler.role_description",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.cluster_autoscaler.role_name",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.cluster_autoscaler.role_name_use_prefix",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.cluster_autoscaler.role_path",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.cluster_autoscaler"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.cluster_autoscaler"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.region",
+ "local.cluster_name",
+ "local.cluster_autoscaler_image_tag_selected",
+ "local.cluster_autoscaler_service_account",
+ "var.cluster_autoscaler.set",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.cluster_autoscaler.set_sensitive",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.cluster_autoscaler.skip_crds",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.cluster_autoscaler"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.cluster_autoscaler.timeout",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.cluster_autoscaler.values",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.cluster_autoscaler.verify",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.cluster_autoscaler.wait",
+ "var.cluster_autoscaler"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.cluster_autoscaler.wait_for_jobs",
+ "var.cluster_autoscaler"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "cluster_proportional_autoscaler": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.cluster_proportional_autoscaler.atomic",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.cluster_proportional_autoscaler.chart",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.cluster_proportional_autoscaler.chart_version",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cluster_proportional_autoscaler.cleanup_on_fail",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_cluster_proportional_autoscaler"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.cluster_proportional_autoscaler.create_namespace",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.cluster_proportional_autoscaler.dependency_update",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.cluster_proportional_autoscaler.description",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.cluster_proportional_autoscaler.devel",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.cluster_proportional_autoscaler.disable_openapi_validation",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.cluster_proportional_autoscaler.disable_webhooks",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.cluster_proportional_autoscaler.force_update",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.cluster_proportional_autoscaler.keyring",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.cluster_proportional_autoscaler.lint",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.cluster_proportional_autoscaler.max_history",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.cluster_proportional_autoscaler.name",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.cluster_proportional_autoscaler.namespace",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.cluster_proportional_autoscaler.postrender",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.cluster_proportional_autoscaler.recreate_pods",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.cluster_proportional_autoscaler.render_subchart_notes",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.cluster_proportional_autoscaler.replace",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository_ca_file",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository_cert_file",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository_key_file",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository_password",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.cluster_proportional_autoscaler.repository_username",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.cluster_proportional_autoscaler.reset_values",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.cluster_proportional_autoscaler.reuse_values",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.cluster_proportional_autoscaler.set",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.cluster_proportional_autoscaler.set_sensitive",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.cluster_proportional_autoscaler.skip_crds",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.cluster_proportional_autoscaler.timeout",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.cluster_proportional_autoscaler.values",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.cluster_proportional_autoscaler.verify",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.cluster_proportional_autoscaler.wait",
+ "var.cluster_proportional_autoscaler"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.cluster_proportional_autoscaler.wait_for_jobs",
+ "var.cluster_proportional_autoscaler"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "external_dns": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.external_dns.atomic",
+ "var.external_dns"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.external_dns.chart",
+ "var.external_dns"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.external_dns.chart_version",
+ "var.external_dns"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.external_dns.cleanup_on_fail",
+ "var.external_dns"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_external_dns"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.external_dns.create_namespace",
+ "var.external_dns"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.external_dns.create_role",
+ "var.external_dns",
+ "var.external_dns_route53_zone_arns"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.external_dns.dependency_update",
+ "var.external_dns"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.external_dns.description",
+ "var.external_dns"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.external_dns.devel",
+ "var.external_dns"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.external_dns.disable_openapi_validation",
+ "var.external_dns"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.external_dns.disable_webhooks",
+ "var.external_dns"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.external_dns.force_update",
+ "var.external_dns"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.external_dns.keyring",
+ "var.external_dns"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.external_dns.lint",
+ "var.external_dns"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.external_dns.max_history",
+ "var.external_dns"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.external_dns.name",
+ "var.external_dns"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.external_dns_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.external_dns_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.external_dns.policy_description",
+ "var.external_dns"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.external_dns.policy_name",
+ "var.external_dns"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.external_dns.policy_name_use_prefix",
+ "var.external_dns"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.external_dns.policy_path",
+ "var.external_dns"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.external_dns"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.external_dns.postrender",
+ "var.external_dns"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.external_dns.recreate_pods",
+ "var.external_dns"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.external_dns.render_subchart_notes",
+ "var.external_dns"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.external_dns.replace",
+ "var.external_dns"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.external_dns.repository",
+ "var.external_dns"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.external_dns.repository_ca_file",
+ "var.external_dns"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.external_dns.repository_cert_file",
+ "var.external_dns"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.external_dns.repository_key_file",
+ "var.external_dns"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.external_dns.repository_password",
+ "var.external_dns"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.external_dns.repository_username",
+ "var.external_dns"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.external_dns.reset_values",
+ "var.external_dns"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.external_dns.reuse_values",
+ "var.external_dns"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.external_dns.role_description",
+ "var.external_dns"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.external_dns.role_name",
+ "var.external_dns"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.external_dns.role_name_use_prefix",
+ "var.external_dns"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.external_dns.role_path",
+ "var.external_dns"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.external_dns"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.external_dns"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.external_dns_service_account",
+ "var.external_dns.set",
+ "var.external_dns"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.external_dns.set_sensitive",
+ "var.external_dns"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.external_dns.skip_crds",
+ "var.external_dns"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.external_dns"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.external_dns.timeout",
+ "var.external_dns"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.external_dns.values",
+ "var.external_dns"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.external_dns.verify",
+ "var.external_dns"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.external_dns.wait",
+ "var.external_dns"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.external_dns.wait_for_jobs",
+ "var.external_dns"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "external_secrets": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.external_secrets.atomic",
+ "var.external_secrets"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.external_secrets.chart",
+ "var.external_secrets"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.external_secrets.chart_version",
+ "var.external_secrets"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.external_secrets.cleanup_on_fail",
+ "var.external_secrets"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_external_secrets"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.external_secrets.create_namespace",
+ "var.external_secrets"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.external_secrets.create_role",
+ "var.external_secrets"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.external_secrets.dependency_update",
+ "var.external_secrets"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.external_secrets.description",
+ "var.external_secrets"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.external_secrets.devel",
+ "var.external_secrets"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.external_secrets.disable_openapi_validation",
+ "var.external_secrets"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.external_secrets.disable_webhooks",
+ "var.external_secrets"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.external_secrets.force_update",
+ "var.external_secrets"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.external_secrets.keyring",
+ "var.external_secrets"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.external_secrets.lint",
+ "var.external_secrets"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.external_secrets.max_history",
+ "var.external_secrets"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.external_secrets.name",
+ "var.external_secrets"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.external_secrets_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.external_secrets_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.external_secrets.policy_description",
+ "var.external_secrets"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.external_secrets.policy_name",
+ "var.external_secrets"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.external_secrets.policy_name_use_prefix",
+ "var.external_secrets"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.external_secrets.policy_path",
+ "var.external_secrets"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.external_secrets"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.external_secrets.postrender",
+ "var.external_secrets"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.external_secrets.recreate_pods",
+ "var.external_secrets"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.external_secrets.render_subchart_notes",
+ "var.external_secrets"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.external_secrets.replace",
+ "var.external_secrets"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.external_secrets.repository",
+ "var.external_secrets"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.external_secrets.repository_ca_file",
+ "var.external_secrets"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.external_secrets.repository_cert_file",
+ "var.external_secrets"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.external_secrets.repository_key_file",
+ "var.external_secrets"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.external_secrets.repository_password",
+ "var.external_secrets"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.external_secrets.repository_username",
+ "var.external_secrets"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.external_secrets.reset_values",
+ "var.external_secrets"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.external_secrets.reuse_values",
+ "var.external_secrets"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.external_secrets.role_description",
+ "var.external_secrets"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.external_secrets.role_name",
+ "var.external_secrets"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.external_secrets.role_name_use_prefix",
+ "var.external_secrets"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.external_secrets.role_path",
+ "var.external_secrets"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.external_secrets"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.external_secrets"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.external_secrets_service_account",
+ "var.external_secrets.set",
+ "var.external_secrets"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.external_secrets.set_sensitive",
+ "var.external_secrets"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.external_secrets.skip_crds",
+ "var.external_secrets"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.external_secrets"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.external_secrets.timeout",
+ "var.external_secrets"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.external_secrets.values",
+ "var.external_secrets"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.external_secrets.verify",
+ "var.external_secrets"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.external_secrets.wait",
+ "var.external_secrets"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.external_secrets.wait_for_jobs",
+ "var.external_secrets"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "gatekeeper": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.gatekeeper.atomic",
+ "var.gatekeeper"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.gatekeeper.chart",
+ "var.gatekeeper"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.gatekeeper.chart_version",
+ "var.gatekeeper"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.gatekeeper.cleanup_on_fail",
+ "var.gatekeeper"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_gatekeeper"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.gatekeeper.create_namespace",
+ "var.gatekeeper"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.gatekeeper.dependency_update",
+ "var.gatekeeper"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.gatekeeper.description",
+ "var.gatekeeper"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.gatekeeper.devel",
+ "var.gatekeeper"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.gatekeeper.disable_openapi_validation",
+ "var.gatekeeper"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.gatekeeper.disable_webhooks",
+ "var.gatekeeper"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.gatekeeper.force_update",
+ "var.gatekeeper"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.gatekeeper.keyring",
+ "var.gatekeeper"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.gatekeeper.lint",
+ "var.gatekeeper"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.gatekeeper.max_history",
+ "var.gatekeeper"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.gatekeeper.name",
+ "var.gatekeeper"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.gatekeeper.namespace",
+ "var.gatekeeper"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.gatekeeper.postrender",
+ "var.gatekeeper"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.gatekeeper.recreate_pods",
+ "var.gatekeeper"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.gatekeeper.render_subchart_notes",
+ "var.gatekeeper"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.gatekeeper.replace",
+ "var.gatekeeper"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.gatekeeper.repository",
+ "var.gatekeeper"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.gatekeeper.repository_ca_file",
+ "var.gatekeeper"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.gatekeeper.repository_cert_file",
+ "var.gatekeeper"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.gatekeeper.repository_key_file",
+ "var.gatekeeper"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.gatekeeper.repository_password",
+ "var.gatekeeper"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.gatekeeper.repository_username",
+ "var.gatekeeper"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.gatekeeper.reset_values",
+ "var.gatekeeper"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.gatekeeper.reuse_values",
+ "var.gatekeeper"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.gatekeeper.set",
+ "var.gatekeeper"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.gatekeeper.set_sensitive",
+ "var.gatekeeper"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.gatekeeper.skip_crds",
+ "var.gatekeeper"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.gatekeeper.timeout",
+ "var.gatekeeper"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.gatekeeper.values",
+ "var.gatekeeper"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.gatekeeper.verify",
+ "var.gatekeeper"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.gatekeeper.wait",
+ "var.gatekeeper"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.gatekeeper.wait_for_jobs",
+ "var.gatekeeper"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "ingress_nginx": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.ingress_nginx.atomic",
+ "var.ingress_nginx"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.ingress_nginx.chart",
+ "var.ingress_nginx"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.ingress_nginx.chart_version",
+ "var.ingress_nginx"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.ingress_nginx.cleanup_on_fail",
+ "var.ingress_nginx"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_ingress_nginx"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.ingress_nginx.create_namespace",
+ "var.ingress_nginx"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.ingress_nginx.dependency_update",
+ "var.ingress_nginx"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.ingress_nginx.description",
+ "var.ingress_nginx"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.ingress_nginx.devel",
+ "var.ingress_nginx"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.ingress_nginx.disable_openapi_validation",
+ "var.ingress_nginx"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.ingress_nginx.disable_webhooks",
+ "var.ingress_nginx"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.ingress_nginx.force_update",
+ "var.ingress_nginx"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.ingress_nginx.keyring",
+ "var.ingress_nginx"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.ingress_nginx.lint",
+ "var.ingress_nginx"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.ingress_nginx.max_history",
+ "var.ingress_nginx"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.ingress_nginx.name",
+ "var.ingress_nginx"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.ingress_nginx.namespace",
+ "var.ingress_nginx"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.ingress_nginx.postrender",
+ "var.ingress_nginx"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.ingress_nginx.recreate_pods",
+ "var.ingress_nginx"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.ingress_nginx.render_subchart_notes",
+ "var.ingress_nginx"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.ingress_nginx.replace",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.ingress_nginx.repository",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.ingress_nginx.repository_ca_file",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.ingress_nginx.repository_cert_file",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.ingress_nginx.repository_key_file",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.ingress_nginx.repository_password",
+ "var.ingress_nginx"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.ingress_nginx.repository_username",
+ "var.ingress_nginx"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.ingress_nginx.reset_values",
+ "var.ingress_nginx"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.ingress_nginx.reuse_values",
+ "var.ingress_nginx"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.ingress_nginx.set",
+ "var.ingress_nginx"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.ingress_nginx.set_sensitive",
+ "var.ingress_nginx"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.ingress_nginx.skip_crds",
+ "var.ingress_nginx"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.ingress_nginx.timeout",
+ "var.ingress_nginx"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.ingress_nginx.values",
+ "var.ingress_nginx"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.ingress_nginx.verify",
+ "var.ingress_nginx"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.ingress_nginx.wait",
+ "var.ingress_nginx"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.ingress_nginx.wait_for_jobs",
+ "var.ingress_nginx"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "karpenter": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.karpenter.atomic",
+ "var.karpenter"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.karpenter.chart",
+ "var.karpenter"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.karpenter.chart_version",
+ "var.karpenter"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.karpenter.cleanup_on_fail",
+ "var.karpenter"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_karpenter"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.karpenter.create_namespace",
+ "var.karpenter"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.karpenter.create_role",
+ "var.karpenter"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.karpenter.dependency_update",
+ "var.karpenter"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.karpenter.description",
+ "var.karpenter"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.karpenter.devel",
+ "var.karpenter"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.karpenter.disable_openapi_validation",
+ "var.karpenter"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.karpenter.disable_webhooks",
+ "var.karpenter"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.karpenter.force_update",
+ "var.karpenter"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.karpenter.keyring",
+ "var.karpenter"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.karpenter.lint",
+ "var.karpenter"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.karpenter.max_history",
+ "var.karpenter"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.karpenter.name",
+ "var.karpenter"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.karpenter_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.karpenter_service_account_name"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.karpenter.policy_description",
+ "var.karpenter"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.karpenter.policy_name",
+ "var.karpenter"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.karpenter.policy_name_use_prefix",
+ "var.karpenter"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.karpenter.policy_path",
+ "var.karpenter"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.karpenter"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.karpenter.postrender",
+ "var.karpenter"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.karpenter.recreate_pods",
+ "var.karpenter"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.karpenter.render_subchart_notes",
+ "var.karpenter"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.karpenter.replace",
+ "var.karpenter"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.karpenter.repository",
+ "var.karpenter"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.karpenter.repository_ca_file",
+ "var.karpenter"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.karpenter.repository_cert_file",
+ "var.karpenter"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.karpenter.repository_key_file",
+ "var.karpenter"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.karpenter.repository_password",
+ "var.karpenter"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.karpenter.repository_username",
+ "var.karpenter"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.karpenter.reset_values",
+ "var.karpenter"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.karpenter.reuse_values",
+ "var.karpenter"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.karpenter.role_description",
+ "var.karpenter"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.karpenter.role_name",
+ "var.karpenter"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.karpenter.role_name_use_prefix",
+ "var.karpenter"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.karpenter.role_path",
+ "var.karpenter"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.karpenter"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.karpenter"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.cluster_name",
+ "local.cluster_endpoint",
+ "local.karpenter_node_instance_profile_name",
+ "local.karpenter_enable_spot_termination",
+ "module.karpenter_sqs.queue_name",
+ "module.karpenter_sqs",
+ "local.karpenter_service_account_name",
+ "var.karpenter.set",
+ "var.karpenter"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.karpenter.set_sensitive",
+ "var.karpenter"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.karpenter.skip_crds",
+ "var.karpenter"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.karpenter"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.karpenter.timeout",
+ "var.karpenter"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.karpenter.values",
+ "var.karpenter"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.karpenter.verify",
+ "var.karpenter"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.karpenter.wait",
+ "var.karpenter"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.karpenter.wait_for_jobs",
+ "var.karpenter"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "karpenter_sqs": {
+ "source": "terraform-aws-modules/sqs/aws",
+ "expressions": {
+ "create": {
+ "references": [
+ "local.karpenter_enable_spot_termination"
+ ]
+ },
+ "create_queue_policy": {
+ "constant_value": true
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.karpenter_sqs.kms_data_key_reuse_period_seconds",
+ "var.karpenter_sqs"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "var.karpenter_sqs.kms_master_key_id",
+ "var.karpenter_sqs"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.karpenter_sqs.message_retention_seconds",
+ "var.karpenter_sqs"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.karpenter_sqs.queue_name",
+ "var.karpenter_sqs",
+ "var.cluster_name"
+ ]
+ },
+ "queue_policy_statements": {
+ "references": [
+ "local.dns_suffix",
+ "local.dns_suffix"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "var.karpenter_sqs.sse_enabled",
+ "var.karpenter_sqs"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.karpenter_sqs.tags",
+ "var.karpenter_sqs"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "dead_letter_queue_arn": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].arn",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The ARN of the SQS queue"
+ },
+ "dead_letter_queue_id": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].id",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The URL for the created Amazon SQS queue"
+ },
+ "dead_letter_queue_name": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].name",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "The name of the SQS queue"
+ },
+ "dead_letter_queue_url": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "description": "Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue"
+ },
+ "queue_arn": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].arn",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The ARN of the SQS queue"
+ },
+ "queue_id": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].id",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The URL for the created Amazon SQS queue"
+ },
+ "queue_name": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].name",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "The name of the SQS queue"
+ },
+ "queue_url": {
+ "expression": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "description": "Same as `queue_id`: The URL for the created Amazon SQS queue"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_sqs_queue.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "content_based_deduplication": {
+ "references": [
+ "var.dlq_content_based_deduplication",
+ "var.content_based_deduplication"
+ ]
+ },
+ "deduplication_scope": {
+ "references": [
+ "var.dlq_deduplication_scope",
+ "var.deduplication_scope"
+ ]
+ },
+ "delay_seconds": {
+ "references": [
+ "var.dlq_delay_seconds",
+ "var.delay_seconds"
+ ]
+ },
+ "fifo_queue": {
+ "references": [
+ "var.fifo_queue"
+ ]
+ },
+ "fifo_throughput_limit": {
+ "references": [
+ "var.fifo_throughput_limit"
+ ]
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.dlq_kms_data_key_reuse_period_seconds",
+ "var.kms_data_key_reuse_period_seconds"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "local.dlq_kms_master_key_id"
+ ]
+ },
+ "max_message_size": {
+ "references": [
+ "var.max_message_size"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.dlq_message_retention_seconds",
+ "var.message_retention_seconds"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.use_name_prefix",
+ "local.dlq_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "local.dlq_name"
+ ]
+ },
+ "receive_wait_time_seconds": {
+ "references": [
+ "var.dlq_receive_wait_time_seconds",
+ "var.receive_wait_time_seconds"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "local.dlq_kms_master_key_id",
+ "local.dlq_sqs_managed_sse_enabled"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.dlq_tags"
+ ]
+ },
+ "visibility_timeout_seconds": {
+ "references": [
+ "var.dlq_visibility_timeout_seconds",
+ "var.visibility_timeout_seconds"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "content_based_deduplication": {
+ "references": [
+ "var.content_based_deduplication"
+ ]
+ },
+ "deduplication_scope": {
+ "references": [
+ "var.deduplication_scope"
+ ]
+ },
+ "delay_seconds": {
+ "references": [
+ "var.delay_seconds"
+ ]
+ },
+ "fifo_queue": {
+ "references": [
+ "var.fifo_queue"
+ ]
+ },
+ "fifo_throughput_limit": {
+ "references": [
+ "var.fifo_throughput_limit"
+ ]
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "references": [
+ "var.kms_data_key_reuse_period_seconds"
+ ]
+ },
+ "kms_master_key_id": {
+ "references": [
+ "var.kms_master_key_id"
+ ]
+ },
+ "max_message_size": {
+ "references": [
+ "var.max_message_size"
+ ]
+ },
+ "message_retention_seconds": {
+ "references": [
+ "var.message_retention_seconds"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.use_name_prefix",
+ "var.fifo_queue",
+ "local.name",
+ "local.name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.use_name_prefix",
+ "local.name"
+ ]
+ },
+ "receive_wait_time_seconds": {
+ "references": [
+ "var.receive_wait_time_seconds"
+ ]
+ },
+ "sqs_managed_sse_enabled": {
+ "references": [
+ "var.kms_master_key_id",
+ "var.sqs_managed_sse_enabled"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "visibility_timeout_seconds": {
+ "references": [
+ "var.visibility_timeout_seconds"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.dlq[0].json",
+ "data.aws_iam_policy_document.dlq[0]",
+ "data.aws_iam_policy_document.dlq"
+ ]
+ },
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.create_dlq_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_allow_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_allow_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.dlq[0].url",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq"
+ ]
+ },
+ "redrive_allow_policy": {
+ "references": [
+ "aws_sqs_queue.this[0].arn",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this",
+ "var.dlq_redrive_allow_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_allow_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_allow_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_allow_policy": {
+ "references": [
+ "var.redrive_allow_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.redrive_allow_policy"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_policy.dlq",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_policy",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_policy": {
+ "references": [
+ "aws_sqs_queue.dlq[0].arn",
+ "aws_sqs_queue.dlq[0]",
+ "aws_sqs_queue.dlq",
+ "var.redrive_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq"
+ ]
+ }
+ },
+ {
+ "address": "aws_sqs_queue_redrive_policy.this",
+ "mode": "managed",
+ "type": "aws_sqs_queue_redrive_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "queue_url": {
+ "references": [
+ "aws_sqs_queue.this[0].url",
+ "aws_sqs_queue.this[0]",
+ "aws_sqs_queue.this"
+ ]
+ },
+ "redrive_policy": {
+ "references": [
+ "var.redrive_policy"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.redrive_policy"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.dlq",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "dlq",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_dlq_queue_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_dlq_queue_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_dlq",
+ "var.create_dlq_queue_policy"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_queue_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_queue_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_queue_policy"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "content_based_deduplication": {
+ "default": null,
+ "description": "Enables content-based deduplication for FIFO queues"
+ },
+ "create": {
+ "default": true,
+ "description": "Whether to create SQS queue"
+ },
+ "create_dlq": {
+ "default": false,
+ "description": "Determines whether to create SQS dead letter queue"
+ },
+ "create_dlq_queue_policy": {
+ "default": false,
+ "description": "Whether to create SQS queue policy"
+ },
+ "create_queue_policy": {
+ "default": false,
+ "description": "Whether to create SQS queue policy"
+ },
+ "deduplication_scope": {
+ "default": null,
+ "description": "Specifies whether message deduplication occurs at the message group or queue level"
+ },
+ "delay_seconds": {
+ "default": null,
+ "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)"
+ },
+ "dlq_content_based_deduplication": {
+ "default": null,
+ "description": "Enables content-based deduplication for FIFO queues"
+ },
+ "dlq_deduplication_scope": {
+ "default": null,
+ "description": "Specifies whether message deduplication occurs at the message group or queue level"
+ },
+ "dlq_delay_seconds": {
+ "default": null,
+ "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)"
+ },
+ "dlq_kms_data_key_reuse_period_seconds": {
+ "default": null,
+ "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)"
+ },
+ "dlq_kms_master_key_id": {
+ "default": null,
+ "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
+ },
+ "dlq_message_retention_seconds": {
+ "default": null,
+ "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)"
+ },
+ "dlq_name": {
+ "default": null,
+ "description": "This is the human-readable name of the queue. If omitted, Terraform will assign a random name"
+ },
+ "dlq_queue_policy_statements": {
+ "default": {},
+ "description": "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+ },
+ "dlq_receive_wait_time_seconds": {
+ "default": null,
+ "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)"
+ },
+ "dlq_redrive_allow_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs."
+ },
+ "dlq_sqs_managed_sse_enabled": {
+ "default": true,
+ "description": "Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys"
+ },
+ "dlq_tags": {
+ "default": {},
+ "description": "A mapping of additional tags to assign to the dead letter queue"
+ },
+ "dlq_visibility_timeout_seconds": {
+ "default": null,
+ "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)"
+ },
+ "fifo_queue": {
+ "default": false,
+ "description": "Boolean designating a FIFO queue"
+ },
+ "fifo_throughput_limit": {
+ "default": null,
+ "description": "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group"
+ },
+ "kms_data_key_reuse_period_seconds": {
+ "default": null,
+ "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)"
+ },
+ "kms_master_key_id": {
+ "default": null,
+ "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
+ },
+ "max_message_size": {
+ "default": null,
+ "description": "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)"
+ },
+ "message_retention_seconds": {
+ "default": null,
+ "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)"
+ },
+ "name": {
+ "default": null,
+ "description": "This is the human-readable name of the queue. If omitted, Terraform will assign a random name"
+ },
+ "override_dlq_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "override_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "queue_policy_statements": {
+ "default": {},
+ "description": "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+ },
+ "receive_wait_time_seconds": {
+ "default": null,
+ "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)"
+ },
+ "redrive_allow_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs."
+ },
+ "redrive_policy": {
+ "default": {},
+ "description": "The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string (\"5\")"
+ },
+ "source_dlq_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "source_queue_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "sqs_managed_sse_enabled": {
+ "default": true,
+ "description": "Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys"
+ },
+ "tags": {
+ "default": {},
+ "description": "A mapping of tags to assign to all resources"
+ },
+ "use_name_prefix": {
+ "default": false,
+ "description": "Determines whether `name` is used as a prefix"
+ },
+ "visibility_timeout_seconds": {
+ "default": null,
+ "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)"
+ }
+ }
+ },
+ "version_constraint": "4.0.1"
+ },
+ "kube_prometheus_stack": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.kube_prometheus_stack.atomic",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.kube_prometheus_stack.chart",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.kube_prometheus_stack.chart_version",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.kube_prometheus_stack.cleanup_on_fail",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_kube_prometheus_stack"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.kube_prometheus_stack.create_namespace",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.kube_prometheus_stack.dependency_update",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.kube_prometheus_stack.description",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.kube_prometheus_stack.devel",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.kube_prometheus_stack.disable_openapi_validation",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.kube_prometheus_stack.disable_webhooks",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.kube_prometheus_stack.force_update",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.kube_prometheus_stack.keyring",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.kube_prometheus_stack.lint",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.kube_prometheus_stack.max_history",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.kube_prometheus_stack.name",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.kube_prometheus_stack.namespace",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.kube_prometheus_stack.postrender",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.kube_prometheus_stack.recreate_pods",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.kube_prometheus_stack.render_subchart_notes",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.kube_prometheus_stack.replace",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.kube_prometheus_stack.repository",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.kube_prometheus_stack.repository_ca_file",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.kube_prometheus_stack.repository_cert_file",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.kube_prometheus_stack.repository_key_file",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.kube_prometheus_stack.repository_password",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.kube_prometheus_stack.repository_username",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.kube_prometheus_stack.reset_values",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.kube_prometheus_stack.reuse_values",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.kube_prometheus_stack.set",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.kube_prometheus_stack.set_sensitive",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.kube_prometheus_stack.skip_crds",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.kube_prometheus_stack.timeout",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.kube_prometheus_stack.values",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.kube_prometheus_stack.verify",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.kube_prometheus_stack.wait",
+ "var.kube_prometheus_stack"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.kube_prometheus_stack.wait_for_jobs",
+ "var.kube_prometheus_stack"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "metrics_server": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.metrics_server.atomic",
+ "var.metrics_server"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.metrics_server.chart",
+ "var.metrics_server"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.metrics_server.chart_version",
+ "var.metrics_server"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.metrics_server.cleanup_on_fail",
+ "var.metrics_server"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_metrics_server"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.metrics_server.create_namespace",
+ "var.metrics_server"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.metrics_server.dependency_update",
+ "var.metrics_server"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.metrics_server.description",
+ "var.metrics_server"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.metrics_server.devel",
+ "var.metrics_server"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.metrics_server.disable_openapi_validation",
+ "var.metrics_server"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.metrics_server.disable_webhooks",
+ "var.metrics_server"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.metrics_server.force_update",
+ "var.metrics_server"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.metrics_server.keyring",
+ "var.metrics_server"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.metrics_server.lint",
+ "var.metrics_server"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.metrics_server.max_history",
+ "var.metrics_server"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.metrics_server.name",
+ "var.metrics_server"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.metrics_server.namespace",
+ "var.metrics_server"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.metrics_server.postrender",
+ "var.metrics_server"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.metrics_server.recreate_pods",
+ "var.metrics_server"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.metrics_server.render_subchart_notes",
+ "var.metrics_server"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.metrics_server.replace",
+ "var.metrics_server"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.metrics_server.repository",
+ "var.metrics_server"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.metrics_server.repository_ca_file",
+ "var.metrics_server"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.metrics_server.repository_cert_file",
+ "var.metrics_server"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.metrics_server.repository_key_file",
+ "var.metrics_server"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.metrics_server.repository_password",
+ "var.metrics_server"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.metrics_server.repository_username",
+ "var.metrics_server"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.metrics_server.reset_values",
+ "var.metrics_server"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.metrics_server.reuse_values",
+ "var.metrics_server"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.metrics_server.set",
+ "var.metrics_server"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.metrics_server.set_sensitive",
+ "var.metrics_server"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.metrics_server.skip_crds",
+ "var.metrics_server"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.metrics_server.timeout",
+ "var.metrics_server"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.metrics_server.values",
+ "var.metrics_server"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.metrics_server.verify",
+ "var.metrics_server"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.metrics_server.wait",
+ "var.metrics_server"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.metrics_server.wait_for_jobs",
+ "var.metrics_server"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "secrets_store_csi_driver": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.secrets_store_csi_driver.atomic",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.secrets_store_csi_driver.chart",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.secrets_store_csi_driver.chart_version",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.secrets_store_csi_driver.cleanup_on_fail",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_secrets_store_csi_driver"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.secrets_store_csi_driver.create_namespace",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.secrets_store_csi_driver.dependency_update",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.secrets_store_csi_driver.description",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.secrets_store_csi_driver.devel",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.secrets_store_csi_driver.disable_openapi_validation",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.secrets_store_csi_driver.disable_webhooks",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.secrets_store_csi_driver.force_update",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.secrets_store_csi_driver.keyring",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.secrets_store_csi_driver.lint",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.secrets_store_csi_driver.max_history",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.secrets_store_csi_driver.name",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.secrets_store_csi_driver.namespace",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.secrets_store_csi_driver.postrender",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.secrets_store_csi_driver.recreate_pods",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.secrets_store_csi_driver.render_subchart_notes",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.secrets_store_csi_driver.replace",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.secrets_store_csi_driver.repository",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.secrets_store_csi_driver.repository_ca_file",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.secrets_store_csi_driver.repository_cert_file",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.secrets_store_csi_driver.repository_key_file",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.secrets_store_csi_driver.repository_password",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.secrets_store_csi_driver.repository_username",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.secrets_store_csi_driver.reset_values",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.secrets_store_csi_driver.reuse_values",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.secrets_store_csi_driver.set",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.secrets_store_csi_driver.set_sensitive",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.secrets_store_csi_driver.skip_crds",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.secrets_store_csi_driver.timeout",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.secrets_store_csi_driver.values",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.secrets_store_csi_driver.verify",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.secrets_store_csi_driver.wait",
+ "var.secrets_store_csi_driver"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.secrets_store_csi_driver.wait_for_jobs",
+ "var.secrets_store_csi_driver"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "secrets_store_csi_driver_provider_aws": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.atomic",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.chart",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.chart_version",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.cleanup_on_fail",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.create_namespace",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.dependency_update",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.description",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.devel",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.disable_openapi_validation",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.disable_webhooks",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.force_update",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.keyring",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.lint",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.max_history",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.name",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.namespace",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.postrender",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.recreate_pods",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.render_subchart_notes",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.replace",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository_ca_file",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository_cert_file",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository_key_file",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository_password",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.repository_username",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.reset_values",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.reuse_values",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.set",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.set_sensitive",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.skip_crds",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.timeout",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.values",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.verify",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.wait",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.secrets_store_csi_driver_provider_aws.wait_for_jobs",
+ "var.secrets_store_csi_driver_provider_aws"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "velero": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.velero.atomic",
+ "var.velero"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.velero.chart",
+ "var.velero"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.velero.chart_version",
+ "var.velero"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.velero.cleanup_on_fail",
+ "var.velero"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_velero"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.velero.create_namespace",
+ "var.velero"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "create_role": {
+ "references": [
+ "var.velero.create_role",
+ "var.velero"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.velero.dependency_update",
+ "var.velero"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.velero.description",
+ "var.velero"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.velero.devel",
+ "var.velero"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.velero.disable_openapi_validation",
+ "var.velero"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.velero.disable_webhooks",
+ "var.velero"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.velero.force_update",
+ "var.velero"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.velero.keyring",
+ "var.velero"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.velero.lint",
+ "var.velero"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.velero.max_history",
+ "var.velero"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.velero.name",
+ "var.velero"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.velero_namespace"
+ ]
+ },
+ "oidc_providers": {
+ "references": [
+ "local.oidc_provider_arn",
+ "local.velero_service_account"
+ ]
+ },
+ "policy_description": {
+ "references": [
+ "var.velero.policy_description",
+ "var.velero"
+ ]
+ },
+ "policy_name": {
+ "references": [
+ "var.velero.policy_name",
+ "var.velero"
+ ]
+ },
+ "policy_name_use_prefix": {
+ "references": [
+ "var.velero.policy_name_use_prefix",
+ "var.velero"
+ ]
+ },
+ "policy_path": {
+ "references": [
+ "var.velero.policy_path",
+ "var.velero"
+ ]
+ },
+ "policy_statements": {
+ "references": [
+ "var.velero"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.velero.postrender",
+ "var.velero"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.velero.recreate_pods",
+ "var.velero"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.velero.render_subchart_notes",
+ "var.velero"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.velero.replace",
+ "var.velero"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.velero.repository",
+ "var.velero"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.velero.repository_ca_file",
+ "var.velero"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.velero.repository_cert_file",
+ "var.velero"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.velero.repository_key_file",
+ "var.velero"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.velero.repository_password",
+ "var.velero"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.velero.repository_username",
+ "var.velero"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.velero.reset_values",
+ "var.velero"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.velero.reuse_values",
+ "var.velero"
+ ]
+ },
+ "role_description": {
+ "references": [
+ "var.velero.role_description",
+ "var.velero"
+ ]
+ },
+ "role_name": {
+ "references": [
+ "var.velero.role_name",
+ "var.velero"
+ ]
+ },
+ "role_name_use_prefix": {
+ "references": [
+ "var.velero.role_name_use_prefix",
+ "var.velero"
+ ]
+ },
+ "role_path": {
+ "references": [
+ "var.velero.role_path",
+ "var.velero"
+ ]
+ },
+ "role_permissions_boundary_arn": {
+ "references": [
+ "var.velero"
+ ]
+ },
+ "role_policies": {
+ "references": [
+ "var.velero"
+ ]
+ },
+ "set": {
+ "references": [
+ "local.velero_service_account",
+ "local.velero_backup_s3_bucket_prefix",
+ "local.velero_backup_s3_bucket_name",
+ "local.region",
+ "local.region",
+ "var.velero.set",
+ "var.velero"
+ ]
+ },
+ "set_irsa_names": {
+ "constant_value": [
+ "serviceAccount.server.annotations.eks\\.amazonaws\\.com/role-arn"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.velero.set_sensitive",
+ "var.velero"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.velero.skip_crds",
+ "var.velero"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "data.aws_iam_policy_document.velero"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.velero.timeout",
+ "var.velero"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.velero.values",
+ "var.velero"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.velero.verify",
+ "var.velero"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.velero.wait",
+ "var.velero"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.velero.wait_for_jobs",
+ "var.velero"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ },
+ "vpa": {
+ "source": "aws-ia/eks-blueprints-addon/aws",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.vpa.atomic",
+ "var.vpa"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.vpa.chart",
+ "var.vpa"
+ ]
+ },
+ "chart_version": {
+ "references": [
+ "var.vpa.chart_version",
+ "var.vpa"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.vpa.cleanup_on_fail",
+ "var.vpa"
+ ]
+ },
+ "create": {
+ "references": [
+ "var.enable_vpa"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.vpa.create_namespace",
+ "var.vpa"
+ ]
+ },
+ "create_release": {
+ "references": [
+ "var.create_kubernetes_resources"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.vpa.dependency_update",
+ "var.vpa"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.vpa.description",
+ "var.vpa"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.vpa.devel",
+ "var.vpa"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.vpa.disable_openapi_validation",
+ "var.vpa"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.vpa.disable_webhooks",
+ "var.vpa"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.vpa.force_update",
+ "var.vpa"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.vpa.keyring",
+ "var.vpa"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.vpa.lint",
+ "var.vpa"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.vpa.max_history",
+ "var.vpa"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.vpa.name",
+ "var.vpa"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "var.vpa.namespace",
+ "var.vpa"
+ ]
+ },
+ "postrender": {
+ "references": [
+ "var.vpa.postrender",
+ "var.vpa"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.vpa.recreate_pods",
+ "var.vpa"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.vpa.render_subchart_notes",
+ "var.vpa"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.vpa.replace",
+ "var.vpa"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.vpa.repository",
+ "var.vpa"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.vpa.repository_ca_file",
+ "var.vpa"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.vpa.repository_cert_file",
+ "var.vpa"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.vpa.repository_key_file",
+ "var.vpa"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.vpa.repository_password",
+ "var.vpa"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.vpa.repository_username",
+ "var.vpa"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.vpa.reset_values",
+ "var.vpa"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.vpa.reuse_values",
+ "var.vpa"
+ ]
+ },
+ "set": {
+ "references": [
+ "var.vpa.set",
+ "var.vpa"
+ ]
+ },
+ "set_sensitive": {
+ "references": [
+ "var.vpa.set_sensitive",
+ "var.vpa"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.vpa.skip_crds",
+ "var.vpa"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.vpa.timeout",
+ "var.vpa"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.vpa.values",
+ "var.vpa"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.vpa.verify",
+ "var.vpa"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.vpa.wait",
+ "var.vpa"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.vpa.wait_for_jobs",
+ "var.vpa"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "app_version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].app_version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The version number of the application being deployed"
+ },
+ "chart": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].chart",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The name of the chart"
+ },
+ "iam_policy": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].policy",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The policy document"
+ },
+ "iam_policy_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "description": "The ARN assigned by AWS to this policy"
+ },
+ "iam_role_arn": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].arn",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "ARN of IAM role"
+ },
+ "iam_role_name": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Name of IAM role"
+ },
+ "iam_role_path": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].path",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Path of IAM role"
+ },
+ "iam_role_unique_id": {
+ "expression": {
+ "references": [
+ "aws_iam_role.this[0].unique_id",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ },
+ "description": "Unique ID of IAM role"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].name",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name is the name of the release"
+ },
+ "namespace": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].namespace",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Name of Kubernetes namespace"
+ },
+ "revision": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].revision",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "Version is an int32 which represents the version of the release"
+ },
+ "values": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].values",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "The compounded values from `values` and `set*` attributes"
+ },
+ "version": {
+ "expression": {
+ "references": [
+ "helm_release.this[0].metadata[0].version",
+ "helm_release.this[0].metadata[0]",
+ "helm_release.this[0].metadata",
+ "helm_release.this[0]",
+ "helm_release.this"
+ ]
+ },
+ "description": "A SemVer 2 conformant version string of the chart"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_iam_policy.this",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.policy_description",
+ "var.role_description"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.policy_name_use_prefix",
+ "local.policy_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.policy_path",
+ "var.role_path"
+ ]
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.this[0].json",
+ "data.aws_iam_policy_document.this[0]",
+ "data.aws_iam_policy_document.this"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.this",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.assume[0].json",
+ "data.aws_iam_policy_document.assume[0]",
+ "data.aws_iam_policy_document.assume"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.role_description"
+ ]
+ },
+ "force_detach_policies": {
+ "constant_value": true
+ },
+ "max_session_duration": {
+ "references": [
+ "var.max_session_duration"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "name_prefix": {
+ "references": [
+ "var.role_name_use_prefix",
+ "local.role_name"
+ ]
+ },
+ "path": {
+ "references": [
+ "var.role_path"
+ ]
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.role_permissions_boundary_arn"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.additional",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "additional",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.role_policies",
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.this",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.this[0].arn",
+ "aws_iam_policy.this[0]",
+ "aws_iam_policy.this"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.this[0].name",
+ "aws_iam_role.this[0]",
+ "aws_iam_role.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "helm_release.this",
+ "mode": "managed",
+ "type": "helm_release",
+ "name": "this",
+ "provider_config_key": "helm",
+ "expressions": {
+ "atomic": {
+ "references": [
+ "var.atomic"
+ ]
+ },
+ "chart": {
+ "references": [
+ "var.chart"
+ ]
+ },
+ "cleanup_on_fail": {
+ "references": [
+ "var.cleanup_on_fail"
+ ]
+ },
+ "create_namespace": {
+ "references": [
+ "var.create_namespace"
+ ]
+ },
+ "dependency_update": {
+ "references": [
+ "var.dependency_update"
+ ]
+ },
+ "description": {
+ "references": [
+ "var.description"
+ ]
+ },
+ "devel": {
+ "references": [
+ "var.devel"
+ ]
+ },
+ "disable_openapi_validation": {
+ "references": [
+ "var.disable_openapi_validation"
+ ]
+ },
+ "disable_webhooks": {
+ "references": [
+ "var.disable_webhooks"
+ ]
+ },
+ "force_update": {
+ "references": [
+ "var.force_update"
+ ]
+ },
+ "keyring": {
+ "references": [
+ "var.keyring"
+ ]
+ },
+ "lint": {
+ "references": [
+ "var.lint"
+ ]
+ },
+ "max_history": {
+ "references": [
+ "var.max_history"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.name",
+ "var.chart"
+ ]
+ },
+ "namespace": {
+ "references": [
+ "local.namespace"
+ ]
+ },
+ "recreate_pods": {
+ "references": [
+ "var.recreate_pods"
+ ]
+ },
+ "render_subchart_notes": {
+ "references": [
+ "var.render_subchart_notes"
+ ]
+ },
+ "replace": {
+ "references": [
+ "var.replace"
+ ]
+ },
+ "repository": {
+ "references": [
+ "var.repository"
+ ]
+ },
+ "repository_ca_file": {
+ "references": [
+ "var.repository_ca_file"
+ ]
+ },
+ "repository_cert_file": {
+ "references": [
+ "var.repository_cert_file"
+ ]
+ },
+ "repository_key_file": {
+ "references": [
+ "var.repository_key_file"
+ ]
+ },
+ "repository_password": {
+ "references": [
+ "var.repository_password"
+ ]
+ },
+ "repository_username": {
+ "references": [
+ "var.repository_username"
+ ]
+ },
+ "reset_values": {
+ "references": [
+ "var.reset_values"
+ ]
+ },
+ "reuse_values": {
+ "references": [
+ "var.reuse_values"
+ ]
+ },
+ "skip_crds": {
+ "references": [
+ "var.skip_crds"
+ ]
+ },
+ "timeout": {
+ "references": [
+ "var.timeout"
+ ]
+ },
+ "values": {
+ "references": [
+ "var.values"
+ ]
+ },
+ "verify": {
+ "references": [
+ "var.verify"
+ ]
+ },
+ "version": {
+ "references": [
+ "var.chart_version"
+ ]
+ },
+ "wait": {
+ "references": [
+ "var.wait"
+ ]
+ },
+ "wait_for_jobs": {
+ "references": [
+ "var.wait_for_jobs"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.create",
+ "var.create_release"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_caller_identity.current",
+ "mode": "data",
+ "type": "aws_caller_identity",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.assume",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "assume",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.this",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "override_policy_documents": {
+ "references": [
+ "var.override_policy_documents"
+ ]
+ },
+ "source_policy_documents": {
+ "references": [
+ "var.source_policy_documents"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_policy",
+ "local.perms"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_partition.current",
+ "mode": "data",
+ "type": "aws_partition",
+ "name": "current",
+ "provider_config_key": "aws",
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "allow_self_assume_role": {
+ "default": false,
+ "description": "Determines whether to allow the role to be [assume itself](https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/)"
+ },
+ "assume_role_condition_test": {
+ "default": "StringEquals",
+ "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
+ },
+ "atomic": {
+ "default": null,
+ "description": "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`"
+ },
+ "chart": {
+ "default": "",
+ "description": "Chart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if `repository` is specified"
+ },
+ "chart_version": {
+ "default": null,
+ "description": "Specify the exact chart version to install. If this is not specified, the latest version is installed"
+ },
+ "cleanup_on_fail": {
+ "default": null,
+ "description": "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults to `false`"
+ },
+ "create": {
+ "default": true,
+ "description": "Controls if resources should be created (affects all resources)"
+ },
+ "create_namespace": {
+ "default": null,
+ "description": "Create the namespace if it does not yet exist. Defaults to `false`"
+ },
+ "create_policy": {
+ "default": true,
+ "description": "Whether to create an IAM policy that is attached to the IAM role created"
+ },
+ "create_release": {
+ "default": true,
+ "description": "Determines whether the Helm release is created"
+ },
+ "create_role": {
+ "default": false,
+ "description": "Determines whether to create an IAM role"
+ },
+ "dependency_update": {
+ "default": null,
+ "description": "Runs helm dependency update before installing the chart. Defaults to `false`"
+ },
+ "description": {
+ "default": null,
+ "description": "Set release description attribute (visible in the history)"
+ },
+ "devel": {
+ "default": null,
+ "description": "Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored"
+ },
+ "disable_openapi_validation": {
+ "default": null,
+ "description": "If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to `false`"
+ },
+ "disable_webhooks": {
+ "default": null,
+ "description": "Prevent hooks from running. Defaults to `false`"
+ },
+ "force_update": {
+ "default": null,
+ "description": "Force resource update through delete/recreate if needed. Defaults to `false`"
+ },
+ "keyring": {
+ "default": null,
+ "description": "Location of public keys used for verification. Used only if verify is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`"
+ },
+ "lint": {
+ "default": null,
+ "description": "Run the helm chart linter during the plan. Defaults to `false`"
+ },
+ "max_history": {
+ "default": null,
+ "description": "Maximum number of release versions stored per release. Defaults to `0` (no limit)"
+ },
+ "max_session_duration": {
+ "default": null,
+ "description": "Maximum CLI/API session duration in seconds between 3600 and 43200"
+ },
+ "name": {
+ "default": "",
+ "description": "Name of the Helm release"
+ },
+ "namespace": {
+ "default": null,
+ "description": "The namespace to install the release into. Defaults to `default`"
+ },
+ "oidc_providers": {
+ "default": {},
+ "description": "Map of OIDC providers where each provider map should contain the `provider_arn`, and `service_accounts`"
+ },
+ "override_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`"
+ },
+ "policy_description": {
+ "default": null,
+ "description": "IAM policy description"
+ },
+ "policy_name": {
+ "default": null,
+ "description": "Name of IAM policy"
+ },
+ "policy_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM policy name (`policy_name`) is used as a prefix"
+ },
+ "policy_path": {
+ "default": null,
+ "description": "Path of IAM policy"
+ },
+ "policy_statements": {
+ "default": [],
+ "description": "List of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement)"
+ },
+ "postrender": {
+ "default": {},
+ "description": "Configure a command to run after helm renders the manifest which can alter the manifest contents"
+ },
+ "recreate_pods": {
+ "default": null,
+ "description": "Perform pods restart during upgrade/rollback. Defaults to `false`"
+ },
+ "render_subchart_notes": {
+ "default": null,
+ "description": "If set, render subchart notes along with the parent. Defaults to `true`"
+ },
+ "replace": {
+ "default": null,
+ "description": "Re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`"
+ },
+ "repository": {
+ "default": null,
+ "description": "Repository URL where to locate the requested chart"
+ },
+ "repository_ca_file": {
+ "default": null,
+ "description": "The Repositories CA File"
+ },
+ "repository_cert_file": {
+ "default": null,
+ "description": "The repositories cert file"
+ },
+ "repository_key_file": {
+ "default": null,
+ "description": "The repositories cert key file"
+ },
+ "repository_password": {
+ "default": null,
+ "description": "Password for HTTP basic authentication against the repository"
+ },
+ "repository_username": {
+ "default": null,
+ "description": "Username for HTTP basic authentication against the repository"
+ },
+ "reset_values": {
+ "default": null,
+ "description": "When upgrading, reset the values to the ones built into the chart. Defaults to `false`"
+ },
+ "reuse_values": {
+ "default": null,
+ "description": "When upgrading, reuse the last release's values and merge in any overrides. If `reset_values` is specified, this is ignored. Defaults to `false`"
+ },
+ "role_description": {
+ "default": null,
+ "description": "IAM Role description"
+ },
+ "role_name": {
+ "default": null,
+ "description": "Name of IAM role"
+ },
+ "role_name_use_prefix": {
+ "default": true,
+ "description": "Determines whether the IAM role name (`role_name`) is used as a prefix"
+ },
+ "role_path": {
+ "default": "/",
+ "description": "Path of IAM role"
+ },
+ "role_permissions_boundary_arn": {
+ "default": null,
+ "description": "Permissions boundary ARN to use for IAM role"
+ },
+ "role_policies": {
+ "default": {},
+ "description": "Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format"
+ },
+ "set": {
+ "default": [],
+ "description": "Value block with custom values to be merged with the values yaml"
+ },
+ "set_irsa_names": {
+ "default": [],
+ "description": "Value annotations name where IRSA role ARN created by module will be assigned to the `value`"
+ },
+ "set_sensitive": {
+ "default": [],
+ "description": "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff"
+ },
+ "skip_crds": {
+ "default": null,
+ "description": "If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`"
+ },
+ "source_policy_documents": {
+ "default": [],
+ "description": "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "timeout": {
+ "default": null,
+ "description": "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to `300` seconds"
+ },
+ "values": {
+ "default": null,
+ "description": "List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple `-f` options"
+ },
+ "verify": {
+ "default": null,
+ "description": "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to `false`"
+ },
+ "wait": {
+ "default": false,
+ "description": "Will wait until all resources are in a ready state before marking the release as successful. If set to `true`, it will wait for as long as `timeout`. If set to `null` fallback on `300s` timeout. Defaults to `false`"
+ },
+ "wait_for_jobs": {
+ "default": null,
+ "description": "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as `timeout`. Defaults to `false`"
+ }
+ }
+ },
+ "version_constraint": "1.1.1"
+ }
+ },
+ "variables": {
+ "argo_events": {
+ "default": {},
+ "description": "Argo Events add-on configuration values"
+ },
+ "argo_rollouts": {
+ "default": {},
+ "description": "Argo Rollouts add-on configuration values"
+ },
+ "argo_workflows": {
+ "default": {},
+ "description": "Argo Workflows add-on configuration values"
+ },
+ "argocd": {
+ "default": {},
+ "description": "ArgoCD add-on configuration values"
+ },
+ "aws_cloudwatch_metrics": {
+ "default": {},
+ "description": "Cloudwatch Metrics add-on configuration values"
+ },
+ "aws_efs_csi_driver": {
+ "default": {},
+ "description": "EFS CSI Driver add-on configuration values"
+ },
+ "aws_for_fluentbit": {
+ "default": {},
+ "description": "AWS Fluentbit add-on configurations"
+ },
+ "aws_for_fluentbit_cw_log_group": {
+ "default": {},
+ "description": "AWS Fluentbit CloudWatch Log Group configurations"
+ },
+ "aws_fsx_csi_driver": {
+ "default": {},
+ "description": "FSX CSI Driver add-on configuration values"
+ },
+ "aws_gateway_api_controller": {
+ "default": {},
+ "description": "AWS Gateway API Controller add-on configuration values"
+ },
+ "aws_load_balancer_controller": {
+ "default": {},
+ "description": "AWS Load Balancer Controller add-on configuration values"
+ },
+ "aws_node_termination_handler": {
+ "default": {},
+ "description": "AWS Node Termination Handler add-on configuration values"
+ },
+ "aws_node_termination_handler_asg_arns": {
+ "default": [],
+ "description": "List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events"
+ },
+ "aws_node_termination_handler_sqs": {
+ "default": {},
+ "description": "AWS Node Termination Handler SQS queue configuration values"
+ },
+ "aws_privateca_issuer": {
+ "default": {},
+ "description": "AWS PCA Issuer add-on configurations"
+ },
+ "cert_manager": {
+ "default": {},
+ "description": "cert-manager add-on configuration values"
+ },
+ "cert_manager_route53_hosted_zone_arns": {
+ "default": [
+ "arn:aws:route53:::hostedzone/*"
+ ],
+ "description": "List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records"
+ },
+ "cluster_autoscaler": {
+ "default": {},
+ "description": "Cluster Autoscaler add-on configuration values"
+ },
+ "cluster_endpoint": {
+ "description": "Endpoint for your Kubernetes API server"
+ },
+ "cluster_name": {
+ "description": "Name of the EKS cluster"
+ },
+ "cluster_proportional_autoscaler": {
+ "default": {},
+ "description": "Cluster Proportional Autoscaler add-on configurations"
+ },
+ "cluster_version": {
+ "description": "Kubernetes version to use for the EKS cluster (i.e.: `1.24`)"
+ },
+ "create_delay_dependencies": {
+ "default": [],
+ "description": "Dependency attribute which must be resolved before starting the `create_delay_duration`"
+ },
+ "create_delay_duration": {
+ "default": "30s",
+ "description": "The duration to wait before creating resources"
+ },
+ "create_kubernetes_resources": {
+ "default": true,
+ "description": "Create Kubernetes resource with Helm or Kubernetes provider"
+ },
+ "eks_addons": {
+ "default": {},
+ "description": "Map of EKS add-on configurations to enable for the cluster. Add-on name can be the map keys or set with `name`"
+ },
+ "eks_addons_timeouts": {
+ "default": {},
+ "description": "Create, update, and delete timeout configurations for the EKS add-ons"
+ },
+ "enable_argo_events": {
+ "default": false,
+ "description": "Enable Argo Events add-on"
+ },
+ "enable_argo_rollouts": {
+ "default": false,
+ "description": "Enable Argo Rollouts add-on"
+ },
+ "enable_argo_workflows": {
+ "default": false,
+ "description": "Enable Argo workflows add-on"
+ },
+ "enable_argocd": {
+ "default": false,
+ "description": "Enable Argo CD Kubernetes add-on"
+ },
+ "enable_aws_cloudwatch_metrics": {
+ "default": false,
+ "description": "Enable AWS Cloudwatch Metrics add-on for Container Insights"
+ },
+ "enable_aws_efs_csi_driver": {
+ "default": false,
+ "description": "Enable AWS EFS CSI Driver add-on"
+ },
+ "enable_aws_for_fluentbit": {
+ "default": false,
+ "description": "Enable AWS for FluentBit add-on"
+ },
+ "enable_aws_fsx_csi_driver": {
+ "default": false,
+ "description": "Enable AWS FSX CSI Driver add-on"
+ },
+ "enable_aws_gateway_api_controller": {
+ "default": false,
+ "description": "Enable AWS Gateway API Controller add-on"
+ },
+ "enable_aws_load_balancer_controller": {
+ "default": false,
+ "description": "Enable AWS Load Balancer Controller add-on"
+ },
+ "enable_aws_node_termination_handler": {
+ "default": false,
+ "description": "Enable AWS Node Termination Handler add-on"
+ },
+ "enable_aws_privateca_issuer": {
+ "default": false,
+ "description": "Enable AWS PCA Issuer"
+ },
+ "enable_cert_manager": {
+ "default": false,
+ "description": "Enable cert-manager add-on"
+ },
+ "enable_cluster_autoscaler": {
+ "default": false,
+ "description": "Enable Cluster autoscaler add-on"
+ },
+ "enable_cluster_proportional_autoscaler": {
+ "default": false,
+ "description": "Enable Cluster Proportional Autoscaler"
+ },
+ "enable_external_dns": {
+ "default": false,
+ "description": "Enable external-dns operator add-on"
+ },
+ "enable_external_secrets": {
+ "default": false,
+ "description": "Enable External Secrets operator add-on"
+ },
+ "enable_fargate_fluentbit": {
+ "default": false,
+ "description": "Enable Fargate FluentBit add-on"
+ },
+ "enable_gatekeeper": {
+ "default": false,
+ "description": "Enable Gatekeeper add-on"
+ },
+ "enable_ingress_nginx": {
+ "default": false,
+ "description": "Enable Ingress Nginx"
+ },
+ "enable_karpenter": {
+ "default": false,
+ "description": "Enable Karpenter controller add-on"
+ },
+ "enable_kube_prometheus_stack": {
+ "default": false,
+ "description": "Enable Kube Prometheus Stack"
+ },
+ "enable_metrics_server": {
+ "default": false,
+ "description": "Enable metrics server add-on"
+ },
+ "enable_secrets_store_csi_driver": {
+ "default": false,
+ "description": "Enable CSI Secrets Store Provider"
+ },
+ "enable_secrets_store_csi_driver_provider_aws": {
+ "default": false,
+ "description": "Enable AWS CSI Secrets Store Provider"
+ },
+ "enable_velero": {
+ "default": false,
+ "description": "Enable Kubernetes Dashboard add-on"
+ },
+ "enable_vpa": {
+ "default": false,
+ "description": "Enable Vertical Pod Autoscaler add-on"
+ },
+ "external_dns": {
+ "default": {},
+ "description": "external-dns add-on configuration values"
+ },
+ "external_dns_route53_zone_arns": {
+ "default": [],
+ "description": "List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53)"
+ },
+ "external_secrets": {
+ "default": {},
+ "description": "External Secrets add-on configuration values"
+ },
+ "external_secrets_kms_key_arns": {
+ "default": [
+ "arn:aws:kms:*:*:key/*"
+ ],
+ "description": "List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets"
+ },
+ "external_secrets_secrets_manager_arns": {
+ "default": [
+ "arn:aws:secretsmanager:*:*:secret:*"
+ ],
+ "description": "List of Secrets Manager ARNs that contain secrets to mount using External Secrets"
+ },
+ "external_secrets_ssm_parameter_arns": {
+ "default": [
+ "arn:aws:ssm:*:*:parameter/*"
+ ],
+ "description": "List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets"
+ },
+ "fargate_fluentbit": {
+ "default": {},
+ "description": "Fargate fluentbit add-on config"
+ },
+ "fargate_fluentbit_cw_log_group": {
+ "default": {},
+ "description": "AWS Fargate Fluentbit CloudWatch Log Group configurations"
+ },
+ "gatekeeper": {
+ "default": {},
+ "description": "Gatekeeper add-on configuration"
+ },
+ "helm_releases": {
+ "default": {},
+ "description": "A map of Helm releases to create. This provides the ability to pass in an arbitrary map of Helm chart definitions to create"
+ },
+ "ingress_nginx": {
+ "default": {},
+ "description": "Ingress Nginx add-on configurations"
+ },
+ "karpenter": {
+ "default": {},
+ "description": "Karpenter add-on configuration values"
+ },
+ "karpenter_enable_spot_termination": {
+ "default": true,
+ "description": "Determines whether to enable native node termination handling"
+ },
+ "karpenter_node": {
+ "default": {},
+ "description": "Karpenter IAM role and IAM instance profile configuration values"
+ },
+ "karpenter_sqs": {
+ "default": {},
+ "description": "Karpenter SQS queue for native node termination handling configuration values"
+ },
+ "kube_prometheus_stack": {
+ "default": {},
+ "description": "Kube Prometheus Stack add-on configurations"
+ },
+ "metrics_server": {
+ "default": {},
+ "description": "Metrics Server add-on configurations"
+ },
+ "oidc_provider_arn": {
+ "description": "The ARN of the cluster OIDC Provider"
+ },
+ "secrets_store_csi_driver": {
+ "default": {},
+ "description": "CSI Secrets Store Provider add-on configurations"
+ },
+ "secrets_store_csi_driver_provider_aws": {
+ "default": {},
+ "description": "CSI Secrets Store Provider add-on configurations"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "velero": {
+ "default": {},
+ "description": "Velero add-on configuration values"
+ },
+ "vpa": {
+ "default": {},
+ "description": "Vertical Pod Autoscaler add-on configuration values"
+ }
+ }
+ },
+ "version_constraint": "~> 1.0"
+ },
+ "vpc": {
+ "source": "terraform-aws-modules/vpc/aws",
+ "expressions": {
+ "azs": {
+ "references": [
+ "local.azs"
+ ]
+ },
+ "cidr": {
+ "references": [
+ "local.vpc_cidr"
+ ]
+ },
+ "enable_nat_gateway": {
+ "constant_value": true
+ },
+ "name": {
+ "references": [
+ "local.name"
+ ]
+ },
+ "private_subnet_tags": {
+ "constant_value": {
+ "kubernetes.io/role/internal-elb": 1
+ }
+ },
+ "private_subnets": {
+ "references": [
+ "local.azs",
+ "local.vpc_cidr"
+ ]
+ },
+ "public_subnet_tags": {
+ "constant_value": {
+ "kubernetes.io/role/elb": 1
+ }
+ },
+ "public_subnets": {
+ "references": [
+ "local.azs",
+ "local.vpc_cidr"
+ ]
+ },
+ "single_nat_gateway": {
+ "constant_value": true
+ },
+ "tags": {
+ "references": [
+ "local.tags"
+ ]
+ }
+ },
+ "module": {
+ "outputs": {
+ "azs": {
+ "expression": {
+ "references": [
+ "var.azs"
+ ]
+ },
+ "description": "A list of availability zones specified as argument to this module"
+ },
+ "cgw_arns": {
+ "expression": {
+ "references": [
+ "aws_customer_gateway.this"
+ ]
+ },
+ "description": "List of ARNs of Customer Gateway"
+ },
+ "cgw_ids": {
+ "expression": {
+ "references": [
+ "aws_customer_gateway.this"
+ ]
+ },
+ "description": "List of IDs of Customer Gateway"
+ },
+ "database_internet_gateway_route_id": {
+ "expression": {
+ "references": [
+ "aws_route.database_internet_gateway[0].id",
+ "aws_route.database_internet_gateway[0]",
+ "aws_route.database_internet_gateway"
+ ]
+ },
+ "description": "ID of the database internet gateway route"
+ },
+ "database_ipv6_egress_route_id": {
+ "expression": {
+ "references": [
+ "aws_route.database_ipv6_egress[0].id",
+ "aws_route.database_ipv6_egress[0]",
+ "aws_route.database_ipv6_egress"
+ ]
+ },
+ "description": "ID of the database IPv6 egress route"
+ },
+ "database_nat_gateway_route_ids": {
+ "expression": {
+ "references": [
+ "aws_route.database_nat_gateway"
+ ]
+ },
+ "description": "List of IDs of the database nat gateway route"
+ },
+ "database_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.database[0].arn",
+ "aws_network_acl.database[0]",
+ "aws_network_acl.database"
+ ]
+ },
+ "description": "ARN of the database network ACL"
+ },
+ "database_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.database[0].id",
+ "aws_network_acl.database[0]",
+ "aws_network_acl.database"
+ ]
+ },
+ "description": "ID of the database network ACL"
+ },
+ "database_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.database"
+ ]
+ },
+ "description": "List of IDs of the database route table association"
+ },
+ "database_route_table_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table.database",
+ "aws_route_table.database",
+ "aws_route_table.private"
+ ]
+ },
+ "description": "List of IDs of database route tables"
+ },
+ "database_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "description": "List of ARNs of database subnets"
+ },
+ "database_subnet_group": {
+ "expression": {
+ "references": [
+ "aws_db_subnet_group.database[0].id",
+ "aws_db_subnet_group.database[0]",
+ "aws_db_subnet_group.database"
+ ]
+ },
+ "description": "ID of database subnet group"
+ },
+ "database_subnet_group_name": {
+ "expression": {
+ "references": [
+ "aws_db_subnet_group.database[0].name",
+ "aws_db_subnet_group.database[0]",
+ "aws_db_subnet_group.database"
+ ]
+ },
+ "description": "Name of database subnet group"
+ },
+ "database_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "description": "List of IDs of database subnets"
+ },
+ "database_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "description": "List of cidr_blocks of database subnets"
+ },
+ "database_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ },
+ "default_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].default_network_acl_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the default network ACL"
+ },
+ "default_route_table_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].default_route_table_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the default route table"
+ },
+ "default_security_group_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].default_security_group_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the security group created by default on VPC creation"
+ },
+ "default_vpc_arn": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].arn",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ARN of the Default VPC"
+ },
+ "default_vpc_cidr_block": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].cidr_block",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The CIDR block of the Default VPC"
+ },
+ "default_vpc_default_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].default_network_acl_id",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ID of the default network ACL of the Default VPC"
+ },
+ "default_vpc_default_route_table_id": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].default_route_table_id",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ID of the default route table of the Default VPC"
+ },
+ "default_vpc_default_security_group_id": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].default_security_group_id",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ID of the security group created by default on Default VPC creation"
+ },
+ "default_vpc_enable_dns_hostnames": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].enable_dns_hostnames",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "Whether or not the Default VPC has DNS hostname support"
+ },
+ "default_vpc_enable_dns_support": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].enable_dns_support",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "Whether or not the Default VPC has DNS support"
+ },
+ "default_vpc_id": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].id",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ID of the Default VPC"
+ },
+ "default_vpc_instance_tenancy": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].instance_tenancy",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "Tenancy of instances spin up within Default VPC"
+ },
+ "default_vpc_main_route_table_id": {
+ "expression": {
+ "references": [
+ "aws_default_vpc.this[0].main_route_table_id",
+ "aws_default_vpc.this[0]",
+ "aws_default_vpc.this"
+ ]
+ },
+ "description": "The ID of the main route table associated with the Default VPC"
+ },
+ "dhcp_options_id": {
+ "expression": {
+ "references": [
+ "aws_vpc_dhcp_options.this[0].id",
+ "aws_vpc_dhcp_options.this[0]",
+ "aws_vpc_dhcp_options.this"
+ ]
+ },
+ "description": "The ID of the DHCP options"
+ },
+ "egress_only_internet_gateway_id": {
+ "expression": {
+ "references": [
+ "aws_egress_only_internet_gateway.this[0].id",
+ "aws_egress_only_internet_gateway.this[0]",
+ "aws_egress_only_internet_gateway.this"
+ ]
+ },
+ "description": "The ID of the egress only Internet Gateway"
+ },
+ "elasticache_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.elasticache[0].arn",
+ "aws_network_acl.elasticache[0]",
+ "aws_network_acl.elasticache"
+ ]
+ },
+ "description": "ARN of the elasticache network ACL"
+ },
+ "elasticache_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.elasticache[0].id",
+ "aws_network_acl.elasticache[0]",
+ "aws_network_acl.elasticache"
+ ]
+ },
+ "description": "ID of the elasticache network ACL"
+ },
+ "elasticache_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.elasticache"
+ ]
+ },
+ "description": "List of IDs of the elasticache route table association"
+ },
+ "elasticache_route_table_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table.elasticache",
+ "local.private_route_table_ids"
+ ]
+ },
+ "description": "List of IDs of elasticache route tables"
+ },
+ "elasticache_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "description": "List of ARNs of elasticache subnets"
+ },
+ "elasticache_subnet_group": {
+ "expression": {
+ "references": [
+ "aws_elasticache_subnet_group.elasticache[0].id",
+ "aws_elasticache_subnet_group.elasticache[0]",
+ "aws_elasticache_subnet_group.elasticache"
+ ]
+ },
+ "description": "ID of elasticache subnet group"
+ },
+ "elasticache_subnet_group_name": {
+ "expression": {
+ "references": [
+ "aws_elasticache_subnet_group.elasticache[0].name",
+ "aws_elasticache_subnet_group.elasticache[0]",
+ "aws_elasticache_subnet_group.elasticache"
+ ]
+ },
+ "description": "Name of elasticache subnet group"
+ },
+ "elasticache_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "description": "List of IDs of elasticache subnets"
+ },
+ "elasticache_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "description": "List of cidr_blocks of elasticache subnets"
+ },
+ "elasticache_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ },
+ "igw_arn": {
+ "expression": {
+ "references": [
+ "aws_internet_gateway.this[0].arn",
+ "aws_internet_gateway.this[0]",
+ "aws_internet_gateway.this"
+ ]
+ },
+ "description": "The ARN of the Internet Gateway"
+ },
+ "igw_id": {
+ "expression": {
+ "references": [
+ "aws_internet_gateway.this[0].id",
+ "aws_internet_gateway.this[0]",
+ "aws_internet_gateway.this"
+ ]
+ },
+ "description": "The ID of the Internet Gateway"
+ },
+ "intra_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.intra[0].arn",
+ "aws_network_acl.intra[0]",
+ "aws_network_acl.intra"
+ ]
+ },
+ "description": "ARN of the intra network ACL"
+ },
+ "intra_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.intra[0].id",
+ "aws_network_acl.intra[0]",
+ "aws_network_acl.intra"
+ ]
+ },
+ "description": "ID of the intra network ACL"
+ },
+ "intra_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.intra"
+ ]
+ },
+ "description": "List of IDs of the intra route table association"
+ },
+ "intra_route_table_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table.intra"
+ ]
+ },
+ "description": "List of IDs of intra route tables"
+ },
+ "intra_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.intra"
+ ]
+ },
+ "description": "List of ARNs of intra subnets"
+ },
+ "intra_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.intra"
+ ]
+ },
+ "description": "List of IDs of intra subnets"
+ },
+ "intra_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.intra"
+ ]
+ },
+ "description": "List of cidr_blocks of intra subnets"
+ },
+ "intra_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.intra"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ },
+ "name": {
+ "expression": {
+ "references": [
+ "var.name"
+ ]
+ },
+ "description": "The name of the VPC specified as argument to this module"
+ },
+ "nat_ids": {
+ "expression": {
+ "references": [
+ "aws_eip.nat"
+ ]
+ },
+ "description": "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ },
+ "nat_public_ips": {
+ "expression": {
+ "references": [
+ "var.reuse_nat_ips",
+ "var.external_nat_ips",
+ "aws_eip.nat"
+ ]
+ },
+ "description": "List of public Elastic IPs created for AWS NAT Gateway"
+ },
+ "natgw_ids": {
+ "expression": {
+ "references": [
+ "aws_nat_gateway.this"
+ ]
+ },
+ "description": "List of NAT Gateway IDs"
+ },
+ "outpost_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.outpost[0].arn",
+ "aws_network_acl.outpost[0]",
+ "aws_network_acl.outpost"
+ ]
+ },
+ "description": "ARN of the outpost network ACL"
+ },
+ "outpost_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.outpost[0].id",
+ "aws_network_acl.outpost[0]",
+ "aws_network_acl.outpost"
+ ]
+ },
+ "description": "ID of the outpost network ACL"
+ },
+ "outpost_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.outpost"
+ ]
+ },
+ "description": "List of ARNs of outpost subnets"
+ },
+ "outpost_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.outpost"
+ ]
+ },
+ "description": "List of IDs of outpost subnets"
+ },
+ "outpost_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.outpost"
+ ]
+ },
+ "description": "List of cidr_blocks of outpost subnets"
+ },
+ "outpost_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.outpost"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ },
+ "private_ipv6_egress_route_ids": {
+ "expression": {
+ "references": [
+ "aws_route.private_ipv6_egress"
+ ]
+ },
+ "description": "List of IDs of the ipv6 egress route"
+ },
+ "private_nat_gateway_route_ids": {
+ "expression": {
+ "references": [
+ "aws_route.private_nat_gateway"
+ ]
+ },
+ "description": "List of IDs of the private nat gateway route"
+ },
+ "private_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.private[0].arn",
+ "aws_network_acl.private[0]",
+ "aws_network_acl.private"
+ ]
+ },
+ "description": "ARN of the private network ACL"
+ },
+ "private_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.private[0].id",
+ "aws_network_acl.private[0]",
+ "aws_network_acl.private"
+ ]
+ },
+ "description": "ID of the private network ACL"
+ },
+ "private_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.private"
+ ]
+ },
+ "description": "List of IDs of the private route table association"
+ },
+ "private_route_table_ids": {
+ "expression": {
+ "references": [
+ "local.private_route_table_ids"
+ ]
+ },
+ "description": "List of IDs of private route tables"
+ },
+ "private_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.private"
+ ]
+ },
+ "description": "List of ARNs of private subnets"
+ },
+ "private_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.private"
+ ]
+ },
+ "description": "List of IDs of private subnets"
+ },
+ "private_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.private"
+ ]
+ },
+ "description": "List of cidr_blocks of private subnets"
+ },
+ "private_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.private"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ },
+ "public_internet_gateway_ipv6_route_id": {
+ "expression": {
+ "references": [
+ "aws_route.public_internet_gateway_ipv6[0].id",
+ "aws_route.public_internet_gateway_ipv6[0]",
+ "aws_route.public_internet_gateway_ipv6"
+ ]
+ },
+ "description": "ID of the IPv6 internet gateway route"
+ },
+ "public_internet_gateway_route_id": {
+ "expression": {
+ "references": [
+ "aws_route.public_internet_gateway[0].id",
+ "aws_route.public_internet_gateway[0]",
+ "aws_route.public_internet_gateway"
+ ]
+ },
+ "description": "ID of the internet gateway route"
+ },
+ "public_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.public[0].arn",
+ "aws_network_acl.public[0]",
+ "aws_network_acl.public"
+ ]
+ },
+ "description": "ARN of the public network ACL"
+ },
+ "public_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.public[0].id",
+ "aws_network_acl.public[0]",
+ "aws_network_acl.public"
+ ]
+ },
+ "description": "ID of the public network ACL"
+ },
+ "public_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.public"
+ ]
+ },
+ "description": "List of IDs of the public route table association"
+ },
+ "public_route_table_ids": {
+ "expression": {
+ "references": [
+ "local.public_route_table_ids"
+ ]
+ },
+ "description": "List of IDs of public route tables"
+ },
+ "public_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.public"
+ ]
+ },
+ "description": "List of ARNs of public subnets"
+ },
+ "public_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.public"
+ ]
+ },
+ "description": "List of IDs of public subnets"
+ },
+ "public_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.public"
+ ]
+ },
+ "description": "List of cidr_blocks of public subnets"
+ },
+ "public_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.public"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ },
+ "redshift_network_acl_arn": {
+ "expression": {
+ "references": [
+ "aws_network_acl.redshift[0].arn",
+ "aws_network_acl.redshift[0]",
+ "aws_network_acl.redshift"
+ ]
+ },
+ "description": "ARN of the redshift network ACL"
+ },
+ "redshift_network_acl_id": {
+ "expression": {
+ "references": [
+ "aws_network_acl.redshift[0].id",
+ "aws_network_acl.redshift[0]",
+ "aws_network_acl.redshift"
+ ]
+ },
+ "description": "ID of the redshift network ACL"
+ },
+ "redshift_public_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.redshift_public"
+ ]
+ },
+ "description": "List of IDs of the public redshift route table association"
+ },
+ "redshift_route_table_association_ids": {
+ "expression": {
+ "references": [
+ "aws_route_table_association.redshift"
+ ]
+ },
+ "description": "List of IDs of the redshift route table association"
+ },
+ "redshift_route_table_ids": {
+ "expression": {
+ "references": [
+ "local.redshift_route_table_ids",
+ "local.redshift_route_table_ids",
+ "var.enable_public_redshift",
+ "local.public_route_table_ids",
+ "local.private_route_table_ids"
+ ]
+ },
+ "description": "List of IDs of redshift route tables"
+ },
+ "redshift_subnet_arns": {
+ "expression": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "description": "List of ARNs of redshift subnets"
+ },
+ "redshift_subnet_group": {
+ "expression": {
+ "references": [
+ "aws_redshift_subnet_group.redshift[0].id",
+ "aws_redshift_subnet_group.redshift[0]",
+ "aws_redshift_subnet_group.redshift"
+ ]
+ },
+ "description": "ID of redshift subnet group"
+ },
+ "redshift_subnets": {
+ "expression": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "description": "List of IDs of redshift subnets"
+ },
+ "redshift_subnets_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "description": "List of cidr_blocks of redshift subnets"
+ },
+ "redshift_subnets_ipv6_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "description": "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ },
+ "this_customer_gateway": {
+ "expression": {
+ "references": [
+ "aws_customer_gateway.this"
+ ]
+ },
+ "description": "Map of Customer Gateway attributes"
+ },
+ "vgw_arn": {
+ "expression": {
+ "references": [
+ "aws_vpn_gateway.this[0].arn",
+ "aws_vpn_gateway.this[0]",
+ "aws_vpn_gateway.this"
+ ]
+ },
+ "description": "The ARN of the VPN Gateway"
+ },
+ "vgw_id": {
+ "expression": {
+ "references": [
+ "aws_vpn_gateway.this[0].id",
+ "aws_vpn_gateway.this[0]",
+ "aws_vpn_gateway.this",
+ "aws_vpn_gateway_attachment.this[0].vpn_gateway_id",
+ "aws_vpn_gateway_attachment.this[0]",
+ "aws_vpn_gateway_attachment.this"
+ ]
+ },
+ "description": "The ID of the VPN Gateway"
+ },
+ "vpc_arn": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].arn",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ARN of the VPC"
+ },
+ "vpc_cidr_block": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The CIDR block of the VPC"
+ },
+ "vpc_enable_dns_hostnames": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].enable_dns_hostnames",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "Whether or not the VPC has DNS hostname support"
+ },
+ "vpc_enable_dns_support": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].enable_dns_support",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "Whether or not the VPC has DNS support"
+ },
+ "vpc_flow_log_cloudwatch_iam_role_arn": {
+ "expression": {
+ "references": [
+ "local.flow_log_iam_role_arn"
+ ]
+ },
+ "description": "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ },
+ "vpc_flow_log_destination_arn": {
+ "expression": {
+ "references": [
+ "local.flow_log_destination_arn"
+ ]
+ },
+ "description": "The ARN of the destination for VPC Flow Logs"
+ },
+ "vpc_flow_log_destination_type": {
+ "expression": {
+ "references": [
+ "var.flow_log_destination_type"
+ ]
+ },
+ "description": "The type of the destination for VPC Flow Logs"
+ },
+ "vpc_flow_log_id": {
+ "expression": {
+ "references": [
+ "aws_flow_log.this[0].id",
+ "aws_flow_log.this[0]",
+ "aws_flow_log.this"
+ ]
+ },
+ "description": "The ID of the Flow Log resource"
+ },
+ "vpc_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the VPC"
+ },
+ "vpc_instance_tenancy": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].instance_tenancy",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "Tenancy of instances spin up within VPC"
+ },
+ "vpc_ipv6_association_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].ipv6_association_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The association ID for the IPv6 CIDR block"
+ },
+ "vpc_ipv6_cidr_block": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The IPv6 CIDR block"
+ },
+ "vpc_main_route_table_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].main_route_table_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the main route table associated with this VPC"
+ },
+ "vpc_owner_id": {
+ "expression": {
+ "references": [
+ "aws_vpc.this[0].owner_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "description": "The ID of the AWS account that owns the VPC"
+ },
+ "vpc_secondary_cidr_blocks": {
+ "expression": {
+ "references": [
+ "aws_vpc_ipv4_cidr_block_association.this"
+ ]
+ },
+ "description": "List of secondary CIDR blocks of the VPC"
+ }
+ },
+ "resources": [
+ {
+ "address": "aws_cloudwatch_log_group.flow_log",
+ "mode": "managed",
+ "type": "aws_cloudwatch_log_group",
+ "name": "flow_log",
+ "provider_config_key": "aws",
+ "expressions": {
+ "kms_key_id": {
+ "references": [
+ "var.flow_log_cloudwatch_log_group_kms_key_id"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.flow_log_cloudwatch_log_group_name_prefix",
+ "local.flow_log_cloudwatch_log_group_name_suffix"
+ ]
+ },
+ "retention_in_days": {
+ "references": [
+ "var.flow_log_cloudwatch_log_group_retention_in_days"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.vpc_flow_log_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_log_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_customer_gateway.this",
+ "mode": "managed",
+ "type": "aws_customer_gateway",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "bgp_asn": {
+ "references": [
+ "each.value[\"bgp_asn\"]",
+ "each.value"
+ ]
+ },
+ "device_name": {
+ "references": [
+ "each.value"
+ ]
+ },
+ "ip_address": {
+ "references": [
+ "each.value[\"ip_address\"]",
+ "each.value"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "each.key",
+ "var.tags",
+ "var.customer_gateway_tags"
+ ]
+ },
+ "type": {
+ "constant_value": "ipsec.1"
+ }
+ },
+ "schema_version": 0,
+ "for_each_expression": {
+ "references": [
+ "var.customer_gateways"
+ ]
+ }
+ },
+ {
+ "address": "aws_db_subnet_group.database",
+ "mode": "managed",
+ "type": "aws_db_subnet_group",
+ "name": "database",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.name"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.database_subnet_group_name",
+ "var.name"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.database_subnet_group_name",
+ "var.name",
+ "var.tags",
+ "var.database_subnet_group_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_subnets",
+ "var.create_database_subnet_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_default_network_acl.this",
+ "mode": "managed",
+ "type": "aws_default_network_acl",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "default_network_acl_id": {
+ "references": [
+ "aws_vpc.this[0].default_network_acl_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "subnet_ids": {
+ "constant_value": null
+ },
+ "tags": {
+ "references": [
+ "var.default_network_acl_name",
+ "var.name",
+ "var.tags",
+ "var.default_network_acl_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.manage_default_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_default_route_table.default",
+ "mode": "managed",
+ "type": "aws_default_route_table",
+ "name": "default",
+ "provider_config_key": "aws",
+ "expressions": {
+ "default_route_table_id": {
+ "references": [
+ "aws_vpc.this[0].default_route_table_id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ },
+ "propagating_vgws": {
+ "references": [
+ "var.default_route_table_propagating_vgws"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.default_route_table_name",
+ "var.name",
+ "var.tags",
+ "var.default_route_table_tags"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ },
+ "update": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.manage_default_route_table"
+ ]
+ }
+ },
+ {
+ "address": "aws_default_security_group.this",
+ "mode": "managed",
+ "type": "aws_default_security_group",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.default_security_group_name",
+ "var.name",
+ "var.tags",
+ "var.default_security_group_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "aws_vpc.this[0].id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.manage_default_security_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_default_vpc.this",
+ "mode": "managed",
+ "type": "aws_default_vpc",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "enable_dns_hostnames": {
+ "references": [
+ "var.default_vpc_enable_dns_hostnames"
+ ]
+ },
+ "enable_dns_support": {
+ "references": [
+ "var.default_vpc_enable_dns_support"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.default_vpc_name",
+ "var.tags",
+ "var.default_vpc_tags"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "var.manage_default_vpc"
+ ]
+ }
+ },
+ {
+ "address": "aws_egress_only_internet_gateway.this",
+ "mode": "managed",
+ "type": "aws_egress_only_internet_gateway",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.tags",
+ "var.igw_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.create_egress_only_igw",
+ "var.enable_ipv6",
+ "local.max_subnet_length"
+ ]
+ }
+ },
+ {
+ "address": "aws_eip.nat",
+ "mode": "managed",
+ "type": "aws_eip",
+ "name": "nat",
+ "provider_config_key": "aws",
+ "expressions": {
+ "domain": {
+ "constant_value": "vpc"
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.azs",
+ "var.single_nat_gateway",
+ "count.index",
+ "var.tags",
+ "var.nat_eip_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_nat_gateway",
+ "var.reuse_nat_ips",
+ "local.nat_gateway_count"
+ ]
+ },
+ "depends_on": [
+ "aws_internet_gateway.this"
+ ]
+ },
+ {
+ "address": "aws_elasticache_subnet_group.elasticache",
+ "mode": "managed",
+ "type": "aws_elasticache_subnet_group",
+ "name": "elasticache",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.name"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.elasticache_subnet_group_name",
+ "var.name"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.elasticache_subnet_group_name",
+ "var.name",
+ "var.tags",
+ "var.elasticache_subnet_group_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_subnets",
+ "var.create_elasticache_subnet_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_flow_log.this",
+ "mode": "managed",
+ "type": "aws_flow_log",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "iam_role_arn": {
+ "references": [
+ "local.flow_log_iam_role_arn"
+ ]
+ },
+ "log_destination": {
+ "references": [
+ "local.flow_log_destination_arn"
+ ]
+ },
+ "log_destination_type": {
+ "references": [
+ "var.flow_log_destination_type"
+ ]
+ },
+ "log_format": {
+ "references": [
+ "var.flow_log_log_format"
+ ]
+ },
+ "max_aggregation_interval": {
+ "references": [
+ "var.flow_log_max_aggregation_interval"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.vpc_flow_log_tags"
+ ]
+ },
+ "traffic_type": {
+ "references": [
+ "var.flow_log_traffic_type"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.enable_flow_log"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_policy.vpc_flow_log_cloudwatch",
+ "mode": "managed",
+ "type": "aws_iam_policy",
+ "name": "vpc_flow_log_cloudwatch",
+ "provider_config_key": "aws",
+ "expressions": {
+ "name_prefix": {
+ "constant_value": "vpc-flow-log-to-cloudwatch-"
+ },
+ "policy": {
+ "references": [
+ "data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0].json",
+ "data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0]",
+ "data.aws_iam_policy_document.vpc_flow_log_cloudwatch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.vpc_flow_log_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role.vpc_flow_log_cloudwatch",
+ "mode": "managed",
+ "type": "aws_iam_role",
+ "name": "vpc_flow_log_cloudwatch",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assume_role_policy": {
+ "references": [
+ "data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0].json",
+ "data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0]",
+ "data.aws_iam_policy_document.flow_log_cloudwatch_assume_role"
+ ]
+ },
+ "name_prefix": {
+ "constant_value": "vpc-flow-log-role-"
+ },
+ "permissions_boundary": {
+ "references": [
+ "var.vpc_flow_log_permissions_boundary"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.tags",
+ "var.vpc_flow_log_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch",
+ "mode": "managed",
+ "type": "aws_iam_role_policy_attachment",
+ "name": "vpc_flow_log_cloudwatch",
+ "provider_config_key": "aws",
+ "expressions": {
+ "policy_arn": {
+ "references": [
+ "aws_iam_policy.vpc_flow_log_cloudwatch[0].arn",
+ "aws_iam_policy.vpc_flow_log_cloudwatch[0]",
+ "aws_iam_policy.vpc_flow_log_cloudwatch"
+ ]
+ },
+ "role": {
+ "references": [
+ "aws_iam_role.vpc_flow_log_cloudwatch[0].name",
+ "aws_iam_role.vpc_flow_log_cloudwatch[0]",
+ "aws_iam_role.vpc_flow_log_cloudwatch"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "aws_internet_gateway.this",
+ "mode": "managed",
+ "type": "aws_internet_gateway",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.tags",
+ "var.igw_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.create_igw"
+ ]
+ }
+ },
+ {
+ "address": "aws_nat_gateway.this",
+ "mode": "managed",
+ "type": "aws_nat_gateway",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "allocation_id": {
+ "references": [
+ "local.nat_gateway_ips",
+ "var.single_nat_gateway",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.public",
+ "var.single_nat_gateway",
+ "count.index"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.azs",
+ "var.single_nat_gateway",
+ "count.index",
+ "var.tags",
+ "var.nat_gateway_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_nat_gateway",
+ "local.nat_gateway_count"
+ ]
+ },
+ "depends_on": [
+ "aws_internet_gateway.this"
+ ]
+ },
+ {
+ "address": "aws_network_acl.database",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "database",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.database"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.database_subnet_suffix",
+ "var.tags",
+ "var.database_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.elasticache",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "elasticache",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.elasticache"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.elasticache_subnet_suffix",
+ "var.tags",
+ "var.elasticache_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.intra",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "intra",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.intra"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.intra_subnet_suffix",
+ "var.tags",
+ "var.intra_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_intra_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.outpost",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "outpost",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.outpost"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.outpost_subnet_suffix",
+ "var.tags",
+ "var.outpost_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_outpost_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.private",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "private",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.private"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.private_subnet_suffix",
+ "var.tags",
+ "var.private_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_private_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.public",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.public"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.public_subnet_suffix",
+ "var.tags",
+ "var.public_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.public_dedicated_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl.redshift",
+ "mode": "managed",
+ "type": "aws_network_acl",
+ "name": "redshift",
+ "provider_config_key": "aws",
+ "expressions": {
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.redshift_subnet_suffix",
+ "var.tags",
+ "var.redshift_acl_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_network_acl"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.database_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "database_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.database[0].id",
+ "aws_network_acl.database[0]",
+ "aws_network_acl.database"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.database_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_network_acl",
+ "var.database_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.database_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "database_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.database[0].id",
+ "aws_network_acl.database[0]",
+ "aws_network_acl.database"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.database_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_network_acl",
+ "var.database_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.elasticache_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "elasticache_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.elasticache[0].id",
+ "aws_network_acl.elasticache[0]",
+ "aws_network_acl.elasticache"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.elasticache_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_network_acl",
+ "var.elasticache_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.elasticache_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "elasticache_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.elasticache[0].id",
+ "aws_network_acl.elasticache[0]",
+ "aws_network_acl.elasticache"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.elasticache_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_network_acl",
+ "var.elasticache_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.intra_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "intra_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.intra[0].id",
+ "aws_network_acl.intra[0]",
+ "aws_network_acl.intra"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.intra_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_intra_network_acl",
+ "var.intra_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.intra_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "intra_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.intra[0].id",
+ "aws_network_acl.intra[0]",
+ "aws_network_acl.intra"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.intra_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_intra_network_acl",
+ "var.intra_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.outpost_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "outpost_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.outpost[0].id",
+ "aws_network_acl.outpost[0]",
+ "aws_network_acl.outpost"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.outpost_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_outpost_network_acl",
+ "var.outpost_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.outpost_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "outpost_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.outpost[0].id",
+ "aws_network_acl.outpost[0]",
+ "aws_network_acl.outpost"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.outpost_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_outpost_network_acl",
+ "var.outpost_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.private_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "private_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.private[0].id",
+ "aws_network_acl.private[0]",
+ "aws_network_acl.private"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.private_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_private_network_acl",
+ "var.private_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.private_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "private_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.private[0].id",
+ "aws_network_acl.private[0]",
+ "aws_network_acl.private"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.private_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_private_network_acl",
+ "var.private_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.public_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "public_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.public[0].id",
+ "aws_network_acl.public[0]",
+ "aws_network_acl.public"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.public_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.public_dedicated_network_acl",
+ "var.public_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.public_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "public_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.public[0].id",
+ "aws_network_acl.public[0]",
+ "aws_network_acl.public"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.public_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.public_dedicated_network_acl",
+ "var.public_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.redshift_inbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "redshift_inbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": false
+ },
+ "from_port": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.redshift[0].id",
+ "aws_network_acl.redshift[0]",
+ "aws_network_acl.redshift"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.redshift_inbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_network_acl",
+ "var.redshift_inbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_network_acl_rule.redshift_outbound",
+ "mode": "managed",
+ "type": "aws_network_acl_rule",
+ "name": "redshift_outbound",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "egress": {
+ "constant_value": true
+ },
+ "from_port": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_code": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "icmp_type": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "network_acl_id": {
+ "references": [
+ "aws_network_acl.redshift[0].id",
+ "aws_network_acl.redshift[0]",
+ "aws_network_acl.redshift"
+ ]
+ },
+ "protocol": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_action": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "rule_number": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ },
+ "to_port": {
+ "references": [
+ "var.redshift_outbound_acl_rules",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_network_acl",
+ "var.redshift_outbound_acl_rules"
+ ]
+ }
+ },
+ {
+ "address": "aws_redshift_subnet_group.redshift",
+ "mode": "managed",
+ "type": "aws_redshift_subnet_group",
+ "name": "redshift",
+ "provider_config_key": "aws",
+ "expressions": {
+ "description": {
+ "references": [
+ "var.name"
+ ]
+ },
+ "name": {
+ "references": [
+ "var.redshift_subnet_group_name",
+ "var.name"
+ ]
+ },
+ "subnet_ids": {
+ "references": [
+ "aws_subnet.redshift"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.redshift_subnet_group_name",
+ "var.name",
+ "var.tags",
+ "var.redshift_subnet_group_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_subnets",
+ "var.create_redshift_subnet_group"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.database_dns64_nat_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "database_dns64_nat_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_ipv6_cidr_block": {
+ "constant_value": "64:ff9b::/96"
+ },
+ "nat_gateway_id": {
+ "references": [
+ "aws_nat_gateway.this",
+ "count.index"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.database",
+ "count.index"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_route_table",
+ "var.create_database_internet_gateway_route",
+ "var.create_database_nat_gateway_route",
+ "var.enable_nat_gateway",
+ "var.enable_ipv6",
+ "var.private_subnet_enable_dns64",
+ "var.single_nat_gateway",
+ "local.len_database_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.database_internet_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "database_internet_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_cidr_block": {
+ "constant_value": "0.0.0.0/0"
+ },
+ "gateway_id": {
+ "references": [
+ "aws_internet_gateway.this[0].id",
+ "aws_internet_gateway.this[0]",
+ "aws_internet_gateway.this"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.database[0].id",
+ "aws_route_table.database[0]",
+ "aws_route_table.database"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_route_table",
+ "var.create_igw",
+ "var.create_database_internet_gateway_route",
+ "var.create_database_nat_gateway_route"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.database_ipv6_egress",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "database_ipv6_egress",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_ipv6_cidr_block": {
+ "constant_value": "::/0"
+ },
+ "egress_only_gateway_id": {
+ "references": [
+ "aws_egress_only_internet_gateway.this[0].id",
+ "aws_egress_only_internet_gateway.this[0]",
+ "aws_egress_only_internet_gateway.this"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.database[0].id",
+ "aws_route_table.database[0]",
+ "aws_route_table.database"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_route_table",
+ "var.create_egress_only_igw",
+ "var.enable_ipv6",
+ "var.create_database_internet_gateway_route"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.database_nat_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "database_nat_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_cidr_block": {
+ "constant_value": "0.0.0.0/0"
+ },
+ "nat_gateway_id": {
+ "references": [
+ "aws_nat_gateway.this",
+ "count.index"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.database",
+ "count.index"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_route_table",
+ "var.create_database_internet_gateway_route",
+ "var.create_database_nat_gateway_route",
+ "var.enable_nat_gateway",
+ "var.single_nat_gateway",
+ "local.len_database_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.private_dns64_nat_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "private_dns64_nat_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_ipv6_cidr_block": {
+ "constant_value": "64:ff9b::/96"
+ },
+ "nat_gateway_id": {
+ "references": [
+ "aws_nat_gateway.this",
+ "count.index"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "count.index"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_nat_gateway",
+ "var.enable_ipv6",
+ "var.private_subnet_enable_dns64",
+ "local.nat_gateway_count"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.private_ipv6_egress",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "private_ipv6_egress",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_ipv6_cidr_block": {
+ "constant_value": "::/0"
+ },
+ "egress_only_gateway_id": {
+ "references": [
+ "aws_egress_only_internet_gateway.this"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.create_egress_only_igw",
+ "var.enable_ipv6",
+ "local.len_private_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.private_nat_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "private_nat_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_cidr_block": {
+ "references": [
+ "var.nat_gateway_destination_cidr_block"
+ ]
+ },
+ "nat_gateway_id": {
+ "references": [
+ "aws_nat_gateway.this",
+ "count.index"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "count.index"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_nat_gateway",
+ "local.nat_gateway_count"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.public_internet_gateway",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "public_internet_gateway",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_cidr_block": {
+ "constant_value": "0.0.0.0/0"
+ },
+ "gateway_id": {
+ "references": [
+ "aws_internet_gateway.this[0].id",
+ "aws_internet_gateway.this[0]",
+ "aws_internet_gateway.this"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.public[0].id",
+ "aws_route_table.public[0]",
+ "aws_route_table.public"
+ ]
+ },
+ "timeouts": {
+ "create": {
+ "constant_value": "5m"
+ }
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.create_igw"
+ ]
+ }
+ },
+ {
+ "address": "aws_route.public_internet_gateway_ipv6",
+ "mode": "managed",
+ "type": "aws_route",
+ "name": "public_internet_gateway_ipv6",
+ "provider_config_key": "aws",
+ "expressions": {
+ "destination_ipv6_cidr_block": {
+ "constant_value": "::/0"
+ },
+ "gateway_id": {
+ "references": [
+ "aws_internet_gateway.this[0].id",
+ "aws_internet_gateway.this[0]",
+ "aws_internet_gateway.this"
+ ]
+ },
+ "route_table_id": {
+ "references": [
+ "aws_route_table.public[0].id",
+ "aws_route_table.public[0]",
+ "aws_route_table.public"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.create_igw",
+ "var.enable_ipv6"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.database",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "database",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.single_nat_gateway",
+ "var.create_database_internet_gateway_route",
+ "var.name",
+ "var.database_subnet_suffix",
+ "var.name",
+ "var.database_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.database_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_route_table",
+ "var.single_nat_gateway",
+ "var.create_database_internet_gateway_route",
+ "local.len_database_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.elasticache",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "elasticache",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.elasticache_subnet_suffix",
+ "var.tags",
+ "var.elasticache_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_route_table"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.intra",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "intra",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.intra_subnet_suffix",
+ "var.tags",
+ "var.intra_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_intra_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.private",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "private",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.single_nat_gateway",
+ "var.name",
+ "var.private_subnet_suffix",
+ "var.name",
+ "var.private_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.private_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_private_subnets",
+ "local.max_subnet_length",
+ "local.nat_gateway_count"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.public",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.public_subnet_suffix",
+ "var.tags",
+ "var.public_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table.redshift",
+ "mode": "managed",
+ "type": "aws_route_table",
+ "name": "redshift",
+ "provider_config_key": "aws",
+ "expressions": {
+ "tags": {
+ "references": [
+ "var.name",
+ "var.redshift_subnet_suffix",
+ "var.tags",
+ "var.redshift_route_table_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_route_table"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.database",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "database",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.database",
+ "aws_route_table.private",
+ "var.create_database_subnet_route_table",
+ "var.single_nat_gateway",
+ "var.create_database_internet_gateway_route",
+ "count.index",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.database",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_database_subnets",
+ "local.len_database_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.elasticache",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "elasticache",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.elasticache",
+ "aws_route_table.private",
+ "var.single_nat_gateway",
+ "var.create_elasticache_subnet_route_table",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.elasticache",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_subnets",
+ "local.len_elasticache_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.intra",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "intra",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.intra"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.intra",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_intra_subnets",
+ "local.len_intra_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.outpost",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "outpost",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "var.single_nat_gateway",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.outpost",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_outpost_subnets",
+ "local.len_outpost_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.private",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "private",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "var.single_nat_gateway",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.private",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_private_subnets",
+ "local.len_private_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.public",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.public[0].id",
+ "aws_route_table.public[0]",
+ "aws_route_table.public"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.public",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "local.len_public_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.redshift",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "redshift",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.redshift",
+ "aws_route_table.private",
+ "var.single_nat_gateway",
+ "var.create_redshift_subnet_route_table",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.redshift",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_subnets",
+ "var.enable_public_redshift",
+ "local.len_redshift_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_route_table_association.redshift_public",
+ "mode": "managed",
+ "type": "aws_route_table_association",
+ "name": "redshift_public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.redshift",
+ "aws_route_table.public",
+ "var.single_nat_gateway",
+ "var.create_redshift_subnet_route_table",
+ "count.index"
+ ]
+ },
+ "subnet_id": {
+ "references": [
+ "aws_subnet.redshift",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_subnets",
+ "var.enable_public_redshift",
+ "local.len_redshift_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.database",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "database",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.database_subnet_ipv6_native",
+ "var.database_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.database_subnet_ipv6_native",
+ "var.database_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.database_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.database_subnet_ipv6_native",
+ "var.database_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.database_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.database_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.database_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.database_subnet_ipv6_native"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.database_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.database_subnet_names",
+ "count.index",
+ "var.name",
+ "var.database_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.database_subnet_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_database_subnets",
+ "local.len_database_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.elasticache",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "elasticache",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.elasticache_subnet_ipv6_native",
+ "var.elasticache_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.elasticache_subnet_ipv6_native",
+ "var.elasticache_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.elasticache_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.elasticache_subnet_ipv6_native",
+ "var.elasticache_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.elasticache_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.elasticache_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.elasticache_subnet_ipv6_native"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.elasticache_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.elasticache_subnet_names",
+ "count.index",
+ "var.name",
+ "var.elasticache_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.elasticache_subnet_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_elasticache_subnets",
+ "local.len_elasticache_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.intra",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "intra",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.intra_subnet_ipv6_native",
+ "var.intra_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.intra_subnet_ipv6_native",
+ "var.intra_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.intra_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.intra_subnet_ipv6_native",
+ "var.intra_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.intra_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.intra_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.intra_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.intra_subnet_ipv6_native"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.intra_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.intra_subnet_names",
+ "count.index",
+ "var.name",
+ "var.intra_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.intra_subnet_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_intra_subnets",
+ "local.len_intra_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.outpost",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "outpost",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.outpost_subnet_ipv6_native",
+ "var.outpost_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.outpost_az"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.outpost_subnet_ipv6_native",
+ "var.outpost_subnets",
+ "count.index"
+ ]
+ },
+ "customer_owned_ipv4_pool": {
+ "references": [
+ "var.customer_owned_ipv4_pool"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.outpost_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.outpost_subnet_ipv6_native",
+ "var.outpost_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.outpost_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.outpost_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.outpost_subnet_ipv6_native"
+ ]
+ },
+ "map_customer_owned_ip_on_launch": {
+ "references": [
+ "var.map_customer_owned_ip_on_launch"
+ ]
+ },
+ "outpost_arn": {
+ "references": [
+ "var.outpost_arn"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.outpost_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.outpost_subnet_names",
+ "count.index",
+ "var.name",
+ "var.outpost_subnet_suffix",
+ "var.outpost_az",
+ "var.tags",
+ "var.outpost_subnet_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_outpost_subnets",
+ "local.len_outpost_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.private",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "private",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.private_subnet_ipv6_native",
+ "var.private_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.private_subnet_ipv6_native",
+ "var.private_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.private_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.private_subnet_ipv6_native",
+ "var.private_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.private_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.private_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.private_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.private_subnet_ipv6_native"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.private_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.private_subnet_names",
+ "count.index",
+ "var.name",
+ "var.private_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.private_subnet_tags",
+ "var.private_subnet_tags_per_az",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_private_subnets",
+ "local.len_private_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.public",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.public_subnet_ipv6_native",
+ "var.public_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.public_subnet_ipv6_native",
+ "var.public_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.public_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.public_subnet_ipv6_native",
+ "var.public_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.public_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.public_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.public_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.public_subnet_ipv6_native"
+ ]
+ },
+ "map_public_ip_on_launch": {
+ "references": [
+ "var.map_public_ip_on_launch"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.public_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.public_subnet_names",
+ "count.index",
+ "var.name",
+ "var.public_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.public_subnet_tags",
+ "var.public_subnet_tags_per_az",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_public_subnets",
+ "var.one_nat_gateway_per_az",
+ "local.len_public_subnets",
+ "var.azs",
+ "local.len_public_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_subnet.redshift",
+ "mode": "managed",
+ "type": "aws_subnet",
+ "name": "redshift",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_ipv6_address_on_creation": {
+ "references": [
+ "var.enable_ipv6",
+ "var.redshift_subnet_ipv6_native",
+ "var.redshift_subnet_assign_ipv6_address_on_creation"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "availability_zone_id": {
+ "references": [
+ "var.azs",
+ "count.index",
+ "var.azs",
+ "count.index"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.redshift_subnet_ipv6_native",
+ "var.redshift_subnets",
+ "count.index"
+ ]
+ },
+ "enable_dns64": {
+ "references": [
+ "var.enable_ipv6",
+ "var.redshift_subnet_enable_dns64"
+ ]
+ },
+ "enable_resource_name_dns_a_record_on_launch": {
+ "references": [
+ "var.redshift_subnet_ipv6_native",
+ "var.redshift_subnet_enable_resource_name_dns_a_record_on_launch"
+ ]
+ },
+ "enable_resource_name_dns_aaaa_record_on_launch": {
+ "references": [
+ "var.enable_ipv6",
+ "var.redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.redshift_subnet_ipv6_prefixes",
+ "aws_vpc.this[0].ipv6_cidr_block",
+ "aws_vpc.this[0]",
+ "aws_vpc.this",
+ "var.redshift_subnet_ipv6_prefixes",
+ "count.index"
+ ]
+ },
+ "ipv6_native": {
+ "references": [
+ "var.enable_ipv6",
+ "var.redshift_subnet_ipv6_native"
+ ]
+ },
+ "private_dns_hostname_type_on_launch": {
+ "references": [
+ "var.redshift_subnet_private_dns_hostname_type_on_launch"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.redshift_subnet_names",
+ "count.index",
+ "var.name",
+ "var.redshift_subnet_suffix",
+ "var.azs",
+ "count.index",
+ "var.tags",
+ "var.redshift_subnet_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_redshift_subnets",
+ "local.len_redshift_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpc.this",
+ "mode": "managed",
+ "type": "aws_vpc",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "assign_generated_ipv6_cidr_block": {
+ "references": [
+ "var.enable_ipv6",
+ "var.use_ipam_pool"
+ ]
+ },
+ "cidr_block": {
+ "references": [
+ "var.use_ipam_pool",
+ "var.cidr"
+ ]
+ },
+ "enable_dns_hostnames": {
+ "references": [
+ "var.enable_dns_hostnames"
+ ]
+ },
+ "enable_dns_support": {
+ "references": [
+ "var.enable_dns_support"
+ ]
+ },
+ "enable_network_address_usage_metrics": {
+ "references": [
+ "var.enable_network_address_usage_metrics"
+ ]
+ },
+ "instance_tenancy": {
+ "references": [
+ "var.instance_tenancy"
+ ]
+ },
+ "ipv4_ipam_pool_id": {
+ "references": [
+ "var.ipv4_ipam_pool_id"
+ ]
+ },
+ "ipv4_netmask_length": {
+ "references": [
+ "var.ipv4_netmask_length"
+ ]
+ },
+ "ipv6_cidr_block": {
+ "references": [
+ "var.ipv6_cidr"
+ ]
+ },
+ "ipv6_cidr_block_network_border_group": {
+ "references": [
+ "var.ipv6_cidr_block_network_border_group"
+ ]
+ },
+ "ipv6_ipam_pool_id": {
+ "references": [
+ "var.ipv6_ipam_pool_id"
+ ]
+ },
+ "ipv6_netmask_length": {
+ "references": [
+ "var.ipv6_netmask_length"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.tags",
+ "var.vpc_tags"
+ ]
+ }
+ },
+ "schema_version": 1,
+ "count_expression": {
+ "references": [
+ "local.create_vpc"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpc_dhcp_options.this",
+ "mode": "managed",
+ "type": "aws_vpc_dhcp_options",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "domain_name": {
+ "references": [
+ "var.dhcp_options_domain_name"
+ ]
+ },
+ "domain_name_servers": {
+ "references": [
+ "var.dhcp_options_domain_name_servers"
+ ]
+ },
+ "netbios_name_servers": {
+ "references": [
+ "var.dhcp_options_netbios_name_servers"
+ ]
+ },
+ "netbios_node_type": {
+ "references": [
+ "var.dhcp_options_netbios_node_type"
+ ]
+ },
+ "ntp_servers": {
+ "references": [
+ "var.dhcp_options_ntp_servers"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.tags",
+ "var.dhcp_options_tags"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_dhcp_options"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpc_dhcp_options_association.this",
+ "mode": "managed",
+ "type": "aws_vpc_dhcp_options_association",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "dhcp_options_id": {
+ "references": [
+ "aws_vpc_dhcp_options.this[0].id",
+ "aws_vpc_dhcp_options.this[0]",
+ "aws_vpc_dhcp_options.this"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_dhcp_options"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpc_ipv4_cidr_block_association.this",
+ "mode": "managed",
+ "type": "aws_vpc_ipv4_cidr_block_association",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "cidr_block": {
+ "references": [
+ "var.secondary_cidr_blocks",
+ "count.index"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "aws_vpc.this[0].id",
+ "aws_vpc.this[0]",
+ "aws_vpc.this"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.secondary_cidr_blocks",
+ "var.secondary_cidr_blocks"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpn_gateway.this",
+ "mode": "managed",
+ "type": "aws_vpn_gateway",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "amazon_side_asn": {
+ "references": [
+ "var.amazon_side_asn"
+ ]
+ },
+ "availability_zone": {
+ "references": [
+ "var.vpn_gateway_az"
+ ]
+ },
+ "tags": {
+ "references": [
+ "var.name",
+ "var.tags",
+ "var.vpn_gateway_tags"
+ ]
+ },
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.enable_vpn_gateway"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpn_gateway_attachment.this",
+ "mode": "managed",
+ "type": "aws_vpn_gateway_attachment",
+ "name": "this",
+ "provider_config_key": "aws",
+ "expressions": {
+ "vpc_id": {
+ "references": [
+ "local.vpc_id"
+ ]
+ },
+ "vpn_gateway_id": {
+ "references": [
+ "var.vpn_gateway_id"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "var.vpn_gateway_id"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpn_gateway_route_propagation.intra",
+ "mode": "managed",
+ "type": "aws_vpn_gateway_route_propagation",
+ "name": "intra",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.intra",
+ "count.index"
+ ]
+ },
+ "vpn_gateway_id": {
+ "references": [
+ "aws_vpn_gateway.this",
+ "aws_vpn_gateway_attachment.this",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.propagate_intra_route_tables_vgw",
+ "var.enable_vpn_gateway",
+ "var.vpn_gateway_id",
+ "local.len_intra_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpn_gateway_route_propagation.private",
+ "mode": "managed",
+ "type": "aws_vpn_gateway_route_propagation",
+ "name": "private",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.private",
+ "count.index"
+ ]
+ },
+ "vpn_gateway_id": {
+ "references": [
+ "aws_vpn_gateway.this",
+ "aws_vpn_gateway_attachment.this",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.propagate_private_route_tables_vgw",
+ "var.enable_vpn_gateway",
+ "var.vpn_gateway_id",
+ "local.len_private_subnets"
+ ]
+ }
+ },
+ {
+ "address": "aws_vpn_gateway_route_propagation.public",
+ "mode": "managed",
+ "type": "aws_vpn_gateway_route_propagation",
+ "name": "public",
+ "provider_config_key": "aws",
+ "expressions": {
+ "route_table_id": {
+ "references": [
+ "aws_route_table.public",
+ "count.index"
+ ]
+ },
+ "vpn_gateway_id": {
+ "references": [
+ "aws_vpn_gateway.this",
+ "aws_vpn_gateway_attachment.this",
+ "count.index"
+ ]
+ }
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_vpc",
+ "var.propagate_public_route_tables_vgw",
+ "var.enable_vpn_gateway",
+ "var.vpn_gateway_id"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.flow_log_cloudwatch_assume_role",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "flow_log_cloudwatch_assume_role",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "sts:AssumeRole"
+ ]
+ },
+ "effect": {
+ "constant_value": "Allow"
+ },
+ "principals": [
+ {
+ "identifiers": {
+ "constant_value": [
+ "vpc-flow-logs.amazonaws.com"
+ ]
+ },
+ "type": {
+ "constant_value": "Service"
+ }
+ }
+ ],
+ "sid": {
+ "constant_value": "AWSVPCFlowLogsAssumeRole"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_iam_role"
+ ]
+ }
+ },
+ {
+ "address": "data.aws_iam_policy_document.vpc_flow_log_cloudwatch",
+ "mode": "data",
+ "type": "aws_iam_policy_document",
+ "name": "vpc_flow_log_cloudwatch",
+ "provider_config_key": "aws",
+ "expressions": {
+ "statement": [
+ {
+ "actions": {
+ "constant_value": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams"
+ ]
+ },
+ "effect": {
+ "constant_value": "Allow"
+ },
+ "resources": {
+ "constant_value": [
+ "*"
+ ]
+ },
+ "sid": {
+ "constant_value": "AWSVPCFlowLogsPushToCloudWatch"
+ }
+ }
+ ]
+ },
+ "schema_version": 0,
+ "count_expression": {
+ "references": [
+ "local.create_flow_log_cloudwatch_iam_role"
+ ]
+ }
+ }
+ ],
+ "variables": {
+ "amazon_side_asn": {
+ "default": "64512",
+ "description": "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN"
+ },
+ "azs": {
+ "default": [],
+ "description": "A list of availability zones names or ids in the region"
+ },
+ "cidr": {
+ "default": "10.0.0.0/16",
+ "description": "(Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id`"
+ },
+ "create_database_internet_gateway_route": {
+ "default": false,
+ "description": "Controls if an internet gateway route for public database access should be created"
+ },
+ "create_database_nat_gateway_route": {
+ "default": false,
+ "description": "Controls if a nat gateway route should be created to give internet access to the database subnets"
+ },
+ "create_database_subnet_group": {
+ "default": true,
+ "description": "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
+ },
+ "create_database_subnet_route_table": {
+ "default": false,
+ "description": "Controls if separate route table for database should be created"
+ },
+ "create_egress_only_igw": {
+ "default": true,
+ "description": "Controls if an Egress Only Internet Gateway is created and its related routes"
+ },
+ "create_elasticache_subnet_group": {
+ "default": true,
+ "description": "Controls if elasticache subnet group should be created"
+ },
+ "create_elasticache_subnet_route_table": {
+ "default": false,
+ "description": "Controls if separate route table for elasticache should be created"
+ },
+ "create_flow_log_cloudwatch_iam_role": {
+ "default": false,
+ "description": "Whether to create IAM role for VPC Flow Logs"
+ },
+ "create_flow_log_cloudwatch_log_group": {
+ "default": false,
+ "description": "Whether to create CloudWatch log group for VPC Flow Logs"
+ },
+ "create_igw": {
+ "default": true,
+ "description": "Controls if an Internet Gateway is created for public subnets and the related routes that connect them"
+ },
+ "create_redshift_subnet_group": {
+ "default": true,
+ "description": "Controls if redshift subnet group should be created"
+ },
+ "create_redshift_subnet_route_table": {
+ "default": false,
+ "description": "Controls if separate route table for redshift should be created"
+ },
+ "create_vpc": {
+ "default": true,
+ "description": "Controls if VPC should be created (it affects almost all resources)"
+ },
+ "customer_gateway_tags": {
+ "default": {},
+ "description": "Additional tags for the Customer Gateway"
+ },
+ "customer_gateways": {
+ "default": {},
+ "description": "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
+ },
+ "customer_owned_ipv4_pool": {
+ "default": null,
+ "description": "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured"
+ },
+ "database_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the database subnets network ACL"
+ },
+ "database_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
+ },
+ "database_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Database subnets inbound network ACL rules"
+ },
+ "database_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Database subnets outbound network ACL rules"
+ },
+ "database_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the database route tables"
+ },
+ "database_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "database_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "database_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "database_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "database_subnet_group_name": {
+ "default": null,
+ "description": "Name of database subnet group"
+ },
+ "database_subnet_group_tags": {
+ "default": {},
+ "description": "Additional tags for the database subnet group"
+ },
+ "database_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "database_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "database_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated"
+ },
+ "database_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "database_subnet_suffix": {
+ "default": "db",
+ "description": "Suffix to append to database subnets name"
+ },
+ "database_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the database subnets"
+ },
+ "database_subnets": {
+ "default": [],
+ "description": "A list of database subnets inside the VPC"
+ },
+ "default_network_acl_egress": {
+ "default": [
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_no": "100",
+ "to_port": "0"
+ },
+ {
+ "action": "allow",
+ "from_port": "0",
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": "101",
+ "to_port": "0"
+ }
+ ],
+ "description": "List of maps of egress rules to set on the Default Network ACL"
+ },
+ "default_network_acl_ingress": {
+ "default": [
+ {
+ "action": "allow",
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_no": "100",
+ "to_port": "0"
+ },
+ {
+ "action": "allow",
+ "from_port": "0",
+ "ipv6_cidr_block": "::/0",
+ "protocol": "-1",
+ "rule_no": "101",
+ "to_port": "0"
+ }
+ ],
+ "description": "List of maps of ingress rules to set on the Default Network ACL"
+ },
+ "default_network_acl_name": {
+ "default": null,
+ "description": "Name to be used on the Default Network ACL"
+ },
+ "default_network_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the Default Network ACL"
+ },
+ "default_route_table_name": {
+ "default": null,
+ "description": "Name to be used on the default route table"
+ },
+ "default_route_table_propagating_vgws": {
+ "default": [],
+ "description": "List of virtual gateways for propagation"
+ },
+ "default_route_table_routes": {
+ "default": [],
+ "description": "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
+ },
+ "default_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the default route table"
+ },
+ "default_security_group_egress": {
+ "default": [],
+ "description": "List of maps of egress rules to set on the default security group"
+ },
+ "default_security_group_ingress": {
+ "default": [],
+ "description": "List of maps of ingress rules to set on the default security group"
+ },
+ "default_security_group_name": {
+ "default": null,
+ "description": "Name to be used on the default security group"
+ },
+ "default_security_group_tags": {
+ "default": {},
+ "description": "Additional tags for the default security group"
+ },
+ "default_vpc_enable_dns_hostnames": {
+ "default": true,
+ "description": "Should be true to enable DNS hostnames in the Default VPC"
+ },
+ "default_vpc_enable_dns_support": {
+ "default": true,
+ "description": "Should be true to enable DNS support in the Default VPC"
+ },
+ "default_vpc_name": {
+ "default": null,
+ "description": "Name to be used on the Default VPC"
+ },
+ "default_vpc_tags": {
+ "default": {},
+ "description": "Additional tags for the Default VPC"
+ },
+ "dhcp_options_domain_name": {
+ "default": "",
+ "description": "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
+ },
+ "dhcp_options_domain_name_servers": {
+ "default": [
+ "AmazonProvidedDNS"
+ ],
+ "description": "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
+ },
+ "dhcp_options_netbios_name_servers": {
+ "default": [],
+ "description": "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
+ },
+ "dhcp_options_netbios_node_type": {
+ "default": "",
+ "description": "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
+ },
+ "dhcp_options_ntp_servers": {
+ "default": [],
+ "description": "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
+ },
+ "dhcp_options_tags": {
+ "default": {},
+ "description": "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
+ },
+ "elasticache_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the elasticache subnets network ACL"
+ },
+ "elasticache_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
+ },
+ "elasticache_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Elasticache subnets inbound network ACL rules"
+ },
+ "elasticache_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Elasticache subnets outbound network ACL rules"
+ },
+ "elasticache_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the elasticache route tables"
+ },
+ "elasticache_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "elasticache_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "elasticache_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "elasticache_subnet_group_name": {
+ "default": null,
+ "description": "Name of elasticache subnet group"
+ },
+ "elasticache_subnet_group_tags": {
+ "default": {},
+ "description": "Additional tags for the elasticache subnet group"
+ },
+ "elasticache_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "elasticache_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "elasticache_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated"
+ },
+ "elasticache_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "elasticache_subnet_suffix": {
+ "default": "elasticache",
+ "description": "Suffix to append to elasticache subnets name"
+ },
+ "elasticache_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the elasticache subnets"
+ },
+ "elasticache_subnets": {
+ "default": [],
+ "description": "A list of elasticache subnets inside the VPC"
+ },
+ "enable_dhcp_options": {
+ "default": false,
+ "description": "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
+ },
+ "enable_dns_hostnames": {
+ "default": true,
+ "description": "Should be true to enable DNS hostnames in the VPC"
+ },
+ "enable_dns_support": {
+ "default": true,
+ "description": "Should be true to enable DNS support in the VPC"
+ },
+ "enable_flow_log": {
+ "default": false,
+ "description": "Whether or not to enable VPC Flow Logs"
+ },
+ "enable_ipv6": {
+ "default": false,
+ "description": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block"
+ },
+ "enable_nat_gateway": {
+ "default": false,
+ "description": "Should be true if you want to provision NAT Gateways for each of your private networks"
+ },
+ "enable_network_address_usage_metrics": {
+ "default": null,
+ "description": "Determines whether network address usage metrics are enabled for the VPC"
+ },
+ "enable_public_redshift": {
+ "default": false,
+ "description": "Controls if redshift should have public routing table"
+ },
+ "enable_vpn_gateway": {
+ "default": false,
+ "description": "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
+ },
+ "external_nat_ip_ids": {
+ "default": [],
+ "description": "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
+ },
+ "external_nat_ips": {
+ "default": [],
+ "description": "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
+ },
+ "flow_log_cloudwatch_iam_role_arn": {
+ "default": "",
+ "description": "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided"
+ },
+ "flow_log_cloudwatch_log_group_kms_key_id": {
+ "default": null,
+ "description": "The ARN of the KMS Key to use when encrypting log data for VPC flow logs"
+ },
+ "flow_log_cloudwatch_log_group_name_prefix": {
+ "default": "/aws/vpc-flow-log/",
+ "description": "Specifies the name prefix of CloudWatch Log Group for VPC flow logs"
+ },
+ "flow_log_cloudwatch_log_group_name_suffix": {
+ "default": "",
+ "description": "Specifies the name suffix of CloudWatch Log Group for VPC flow logs"
+ },
+ "flow_log_cloudwatch_log_group_retention_in_days": {
+ "default": null,
+ "description": "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs"
+ },
+ "flow_log_destination_arn": {
+ "default": "",
+ "description": "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided"
+ },
+ "flow_log_destination_type": {
+ "default": "cloud-watch-logs",
+ "description": "Type of flow log destination. Can be s3 or cloud-watch-logs"
+ },
+ "flow_log_file_format": {
+ "default": null,
+ "description": "(Optional) The format for the flow log. Valid values: `plain-text`, `parquet`"
+ },
+ "flow_log_hive_compatible_partitions": {
+ "default": false,
+ "description": "(Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3"
+ },
+ "flow_log_log_format": {
+ "default": null,
+ "description": "The fields to include in the flow log record, in the order in which they should appear"
+ },
+ "flow_log_max_aggregation_interval": {
+ "default": 600,
+ "description": "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds"
+ },
+ "flow_log_per_hour_partition": {
+ "default": false,
+ "description": "(Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries"
+ },
+ "flow_log_traffic_type": {
+ "default": "ALL",
+ "description": "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL"
+ },
+ "igw_tags": {
+ "default": {},
+ "description": "Additional tags for the internet gateway"
+ },
+ "instance_tenancy": {
+ "default": "default",
+ "description": "A tenancy option for instances launched into the VPC"
+ },
+ "intra_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the intra subnets network ACL"
+ },
+ "intra_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
+ },
+ "intra_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Intra subnets inbound network ACLs"
+ },
+ "intra_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Intra subnets outbound network ACLs"
+ },
+ "intra_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the intra route tables"
+ },
+ "intra_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "intra_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "intra_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "intra_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "intra_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "intra_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "intra_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated"
+ },
+ "intra_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "intra_subnet_suffix": {
+ "default": "intra",
+ "description": "Suffix to append to intra subnets name"
+ },
+ "intra_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the intra subnets"
+ },
+ "intra_subnets": {
+ "default": [],
+ "description": "A list of intra subnets inside the VPC"
+ },
+ "ipv4_ipam_pool_id": {
+ "default": null,
+ "description": "(Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR"
+ },
+ "ipv4_netmask_length": {
+ "default": null,
+ "description": "(Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id"
+ },
+ "ipv6_cidr": {
+ "default": null,
+ "description": "(Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`"
+ },
+ "ipv6_cidr_block_network_border_group": {
+ "default": null,
+ "description": "By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones"
+ },
+ "ipv6_ipam_pool_id": {
+ "default": null,
+ "description": "(Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`"
+ },
+ "ipv6_netmask_length": {
+ "default": null,
+ "description": "(Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`"
+ },
+ "manage_default_network_acl": {
+ "default": true,
+ "description": "Should be true to adopt and manage Default Network ACL"
+ },
+ "manage_default_route_table": {
+ "default": true,
+ "description": "Should be true to manage default route table"
+ },
+ "manage_default_security_group": {
+ "default": true,
+ "description": "Should be true to adopt and manage default security group"
+ },
+ "manage_default_vpc": {
+ "default": false,
+ "description": "Should be true to adopt and manage Default VPC"
+ },
+ "map_customer_owned_ip_on_launch": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`"
+ },
+ "map_public_ip_on_launch": {
+ "default": false,
+ "description": "Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false`"
+ },
+ "name": {
+ "default": "",
+ "description": "Name to be used on all the resources as identifier"
+ },
+ "nat_eip_tags": {
+ "default": {},
+ "description": "Additional tags for the NAT EIP"
+ },
+ "nat_gateway_destination_cidr_block": {
+ "default": "0.0.0.0/0",
+ "description": "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route"
+ },
+ "nat_gateway_tags": {
+ "default": {},
+ "description": "Additional tags for the NAT gateways"
+ },
+ "one_nat_gateway_per_az": {
+ "default": false,
+ "description": "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`"
+ },
+ "outpost_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the outpost subnets network ACL"
+ },
+ "outpost_arn": {
+ "default": null,
+ "description": "ARN of Outpost you want to create a subnet in"
+ },
+ "outpost_az": {
+ "default": null,
+ "description": "AZ where Outpost is anchored"
+ },
+ "outpost_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets"
+ },
+ "outpost_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Outpost subnets inbound network ACLs"
+ },
+ "outpost_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Outpost subnets outbound network ACLs"
+ },
+ "outpost_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "outpost_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "outpost_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "outpost_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "outpost_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "outpost_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated"
+ },
+ "outpost_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "outpost_subnet_suffix": {
+ "default": "outpost",
+ "description": "Suffix to append to outpost subnets name"
+ },
+ "outpost_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the outpost subnets"
+ },
+ "outpost_subnets": {
+ "default": [],
+ "description": "A list of outpost subnets inside the VPC"
+ },
+ "private_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the private subnets network ACL"
+ },
+ "private_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
+ },
+ "private_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Private subnets inbound network ACLs"
+ },
+ "private_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Private subnets outbound network ACLs"
+ },
+ "private_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the private route tables"
+ },
+ "private_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "private_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "private_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "private_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "private_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "private_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "private_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated"
+ },
+ "private_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "private_subnet_suffix": {
+ "default": "private",
+ "description": "Suffix to append to private subnets name"
+ },
+ "private_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the private subnets"
+ },
+ "private_subnet_tags_per_az": {
+ "default": {},
+ "description": "Additional tags for the private subnets where the primary key is the AZ"
+ },
+ "private_subnets": {
+ "default": [],
+ "description": "A list of private subnets inside the VPC"
+ },
+ "propagate_intra_route_tables_vgw": {
+ "default": false,
+ "description": "Should be true if you want route table propagation"
+ },
+ "propagate_private_route_tables_vgw": {
+ "default": false,
+ "description": "Should be true if you want route table propagation"
+ },
+ "propagate_public_route_tables_vgw": {
+ "default": false,
+ "description": "Should be true if you want route table propagation"
+ },
+ "public_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the public subnets network ACL"
+ },
+ "public_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
+ },
+ "public_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Public subnets inbound network ACLs"
+ },
+ "public_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Public subnets outbound network ACLs"
+ },
+ "public_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the public route tables"
+ },
+ "public_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "public_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "public_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "public_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "public_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "public_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "public_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated"
+ },
+ "public_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "public_subnet_suffix": {
+ "default": "public",
+ "description": "Suffix to append to public subnets name"
+ },
+ "public_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the public subnets"
+ },
+ "public_subnet_tags_per_az": {
+ "default": {},
+ "description": "Additional tags for the public subnets where the primary key is the AZ"
+ },
+ "public_subnets": {
+ "default": [],
+ "description": "A list of public subnets inside the VPC"
+ },
+ "putin_khuylo": {
+ "default": true,
+ "description": "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ },
+ "redshift_acl_tags": {
+ "default": {},
+ "description": "Additional tags for the redshift subnets network ACL"
+ },
+ "redshift_dedicated_network_acl": {
+ "default": false,
+ "description": "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
+ },
+ "redshift_inbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Redshift subnets inbound network ACL rules"
+ },
+ "redshift_outbound_acl_rules": {
+ "default": [
+ {
+ "cidr_block": "0.0.0.0/0",
+ "from_port": "0",
+ "protocol": "-1",
+ "rule_action": "allow",
+ "rule_number": "100",
+ "to_port": "0"
+ }
+ ],
+ "description": "Redshift subnets outbound network ACL rules"
+ },
+ "redshift_route_table_tags": {
+ "default": {},
+ "description": "Additional tags for the redshift route tables"
+ },
+ "redshift_subnet_assign_ipv6_address_on_creation": {
+ "default": false,
+ "description": "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ },
+ "redshift_subnet_enable_dns64": {
+ "default": true,
+ "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ },
+ "redshift_subnet_enable_resource_name_dns_a_record_on_launch": {
+ "default": false,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ },
+ "redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch": {
+ "default": true,
+ "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ },
+ "redshift_subnet_group_name": {
+ "default": null,
+ "description": "Name of redshift subnet group"
+ },
+ "redshift_subnet_group_tags": {
+ "default": {},
+ "description": "Additional tags for the redshift subnet group"
+ },
+ "redshift_subnet_ipv6_native": {
+ "default": false,
+ "description": "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ },
+ "redshift_subnet_ipv6_prefixes": {
+ "default": [],
+ "description": "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ },
+ "redshift_subnet_names": {
+ "default": [],
+ "description": "Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated"
+ },
+ "redshift_subnet_private_dns_hostname_type_on_launch": {
+ "default": null,
+ "description": "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ },
+ "redshift_subnet_suffix": {
+ "default": "redshift",
+ "description": "Suffix to append to redshift subnets name"
+ },
+ "redshift_subnet_tags": {
+ "default": {},
+ "description": "Additional tags for the redshift subnets"
+ },
+ "redshift_subnets": {
+ "default": [],
+ "description": "A list of redshift subnets inside the VPC"
+ },
+ "reuse_nat_ips": {
+ "default": false,
+ "description": "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
+ },
+ "secondary_cidr_blocks": {
+ "default": [],
+ "description": "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
+ },
+ "single_nat_gateway": {
+ "default": false,
+ "description": "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
+ },
+ "tags": {
+ "default": {},
+ "description": "A map of tags to add to all resources"
+ },
+ "use_ipam_pool": {
+ "default": false,
+ "description": "Determines whether IPAM pool is used for CIDR allocation"
+ },
+ "vpc_flow_log_permissions_boundary": {
+ "default": null,
+ "description": "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
+ },
+ "vpc_flow_log_tags": {
+ "default": {},
+ "description": "Additional tags for the VPC Flow Logs"
+ },
+ "vpc_tags": {
+ "default": {},
+ "description": "Additional tags for the VPC"
+ },
+ "vpn_gateway_az": {
+ "default": null,
+ "description": "The Availability Zone for the VPN Gateway"
+ },
+ "vpn_gateway_id": {
+ "default": "",
+ "description": "ID of VPN Gateway to attach to the VPC"
+ },
+ "vpn_gateway_tags": {
+ "default": {},
+ "description": "Additional tags for the VPN gateway"
+ }
+ }
+ },
+ "version_constraint": "~> 5.0"
+ }
+ }
+ }
+ },
+ "relevant_attributes": [
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_cloudwatch_log_group.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "url"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "latest_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "default_network_acl_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_iam_policy.cluster_encryption[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "default_cooldown"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_identity_provider_config.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_iam_role.vpc_flow_log_cloudwatch[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_partition.current[0]",
+ "attribute": [
+ "partition"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_eip.nat",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "status"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.data.aws_ami.eks_default[0]",
+ "attribute": [
+ "image_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "desired_capacity"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "certificate_authority",
+ 0,
+ "data"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_external_key.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_cloudwatch_log_group.flow_log[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.public",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "vpc_config",
+ 0,
+ "cluster_security_group_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_iam_policy_document.assume_role_policy[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.time_sleep.this",
+ "attribute": [
+ "triggers",
+ "oidc_provider_arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.public[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "health_check_type"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_cloudwatch_log_group.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "pod_execution_role_arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route.public_internet_gateway[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.data.aws_partition.current",
+ "attribute": [
+ "dns_suffix"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.private",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.helm_release.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "url"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group[0]",
+ "attribute": [
+ "rendered"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "resources"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.elasticache",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_key.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.kubernetes_config_map_v1.aws_logging",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "enable_dns_hostnames"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "vpc_zone_identifier"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "data.aws_availability_zones.available",
+ "attribute": [
+ "names"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "status"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_partition.current",
+ "attribute": [
+ "partition"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.public",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_eks_addon.before_compute",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.assume[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.database",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.data.aws_partition.current",
+ "attribute": [
+ "partition"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "default_version"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "main_route_table_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.data.aws_eks_addon_version.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "ipv6_cidr_block"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "pod_execution_role_arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_alias.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_iam_openid_connect_provider.oidc_provider[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "enable_dns_support"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "max_size"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "ipv6_association_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.intra",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "status"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "health_check_grace_period"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.database",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_route.private_nat_gateway",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc_ipv4_cidr_block_association.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "platform_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.redshift_public",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_partition.current",
+ "attribute": [
+ "partition"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_instance_profile.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.data.tls_certificate.this[0]",
+ "attribute": [
+ "certificates",
+ 0,
+ "sha1_fingerprint"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.elasticache",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.kubernetes_namespace_v1.aws_observability[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.data.aws_region.current",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.redshift",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.time_sleep.this[0]",
+ "attribute": [
+ "triggers",
+ "cluster_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "availability_zones"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_iam_role.karpenter[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_internet_gateway.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_grant.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_instance_profile.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "labels"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks.time_sleep.this[0]",
+ "attribute": [
+ "triggers",
+ "cluster_endpoint"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_key.this[0]",
+ "attribute": [
+ "key_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].data.aws_caller_identity.current",
+ "attribute": [
+ "account_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "image_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_cloudwatch_log_group.fargate_fluentbit[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_external_key.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_external_key.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.data.aws_iam_policy_document.fargate_fluentbit[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "default_route_table_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_iam_policy_document.assume_role_policy[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].data.aws_caller_identity.current",
+ "attribute": [
+ "account_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "url"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.outpost",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "status"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "cidr_block"
+ ]
+ },
+ {
+ "resource": "module.eks.time_sleep.this[0]",
+ "attribute": [
+ "triggers",
+ "cluster_name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "url"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "min_size"
+ ]
+ },
+ {
+ "resource": "module.eks.data.aws_iam_policy_document.assume_role_policy[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "cluster_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.data.aws_eks_addon_version.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_route_table.redshift",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_security_group.cluster[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_caller_identity.current[0]",
+ "attribute": [
+ "account_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.intra",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.redshift",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_autoscaling_group.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "identity",
+ 0,
+ "oidc",
+ 0,
+ "issuer"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_customer_gateway.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "latest_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.private",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_vpc_ipv4_cidr_block_association.this[0]",
+ "attribute": [
+ "vpc_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route.private_ipv6_egress",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_egress_only_internet_gateway.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cert_manager.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "endpoint"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "pod_execution_role_arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_cloudwatch_log_group.aws_for_fluentbit[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.database",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.aws_eks_addon.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "default_security_group_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_launch_template.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "status"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route.database_nat_gateway",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks.data.aws_partition.current",
+ "attribute": [
+ "partition"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "owner_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_iam_instance_profile.karpenter[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.data.aws_iam_session_context.current",
+ "attribute": [
+ "issuer_arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_gateway_api_controller.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_workflows.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.time_sleep.this[0]",
+ "attribute": [
+ "triggers",
+ "cluster_certificate_authority_data"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_efs_csi_driver.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.private",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_internet_gateway.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_policy.this[0]",
+ "attribute": [
+ "policy"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile.aws_eks_fargate_profile.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"app_wildcard\"].aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_for_fluentbit.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.data.aws_caller_identity.current",
+ "attribute": [
+ "account_id"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_subnet.intra",
+ "attribute": []
+ },
+ {
+ "resource": "module.vpc.aws_route_table_association.public",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.ingress_nginx.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_eks_cluster.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "values"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_eks_addon.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.vpa.aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "resources",
+ 0,
+ "autoscaling_groups",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.fargate_profile[\"kube_system\"].aws_iam_role.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "namespace"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks.module.self_managed_node_group.aws_iam_instance_profile.this[0]",
+ "attribute": [
+ "unique_id"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.gatekeeper.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "chart"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.aws_iam_policy.fargate_fluentbit",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver_provider_aws.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.time_sleep.this",
+ "attribute": [
+ "triggers",
+ "cluster_name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.secrets_store_csi_driver.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter.aws_iam_role.this[0]",
+ "attribute": [
+ "path"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_secrets.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "instance_tenancy"
+ ]
+ },
+ {
+ "resource": "module.eks.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.velero.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_vpc.this[0]",
+ "attribute": [
+ "id"
+ ]
+ },
+ {
+ "resource": "kubernetes_namespace_v1.this",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks.module.eks_managed_node_group.aws_eks_node_group.this[0]",
+ "attribute": [
+ "taint"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks.module.kms.aws_kms_key.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_cloudwatch_metrics.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_role.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_node_termination_handler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.external_dns.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_route_table.elasticache",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_fsx_csi_driver.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_events.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argocd.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "app_version"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.aws_privateca_issuer.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.metrics_server.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "revision"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.argo_rollouts.aws_iam_policy.this[0]",
+ "attribute": [
+ "arn"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_autoscaler.data.aws_iam_policy_document.this[0]",
+ "attribute": [
+ "json"
+ ]
+ },
+ {
+ "resource": "module.vpc.aws_nat_gateway.this",
+ "attribute": []
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.cluster_proportional_autoscaler.aws_iam_role.this[0]",
+ "attribute": [
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.kube_prometheus_stack.helm_release.this[0]",
+ "attribute": [
+ "metadata",
+ 0,
+ "name"
+ ]
+ },
+ {
+ "resource": "module.eks_blueprints_addons.module.karpenter_sqs.aws_sqs_queue.dlq[0]",
+ "attribute": [
+ "id"
+ ]
+ }
+ ],
+ "timestamp": "2023-11-01T16:24:19Z"
+ }
\ No newline at end of file