diff --git a/environments/development/.terraform.lock.hcl b/environments/development/.terraform.lock.hcl index f429c01..31ae489 100644 --- a/environments/development/.terraform.lock.hcl +++ b/environments/development/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.100.0" - constraints = ">= 4.33.0, >= 5.95.0, < 6.0.0" + version = "6.5.0" + constraints = ">= 6.0.0" hashes = [ - "h1:edXOJWE4ORX8Fm+dpVpICzMZJat4AX0VRCAy/xkcOc0=", - "zh:054b8dd49f0549c9a7cc27d159e45327b7b65cf404da5e5a20da154b90b8a644", - "zh:0b97bf8d5e03d15d83cc40b0530a1f84b459354939ba6f135a0086c20ebbe6b2", - "zh:1589a2266af699cbd5d80737a0fe02e54ec9cf2ca54e7e00ac51c7359056f274", - "zh:6330766f1d85f01ae6ea90d1b214b8b74cc8c1badc4696b165b36ddd4cc15f7b", - "zh:7c8c2e30d8e55291b86fcb64bdf6c25489d538688545eb48fd74ad622e5d3862", - "zh:99b1003bd9bd32ee323544da897148f46a527f622dc3971af63ea3e251596342", + "h1:Tn/mGUS27xOhYi1yGXJfQXQtScNvyuTjd49KX5ZjhBM=", + "zh:0257c2719dc8508bc3ef5ac8df3c84b3ef61211ec46b6e5ed951681bbfe08d22", + "zh:3828d4409e2a68fccc9f9fb583167501cc4d38a5ecbb2408cb5781096739311b", + "zh:3cf7062a4a2530c2137473cc4281fd088cfe0059ad8cdb766e2083ac02c85aa9", + "zh:44c2caadd5d3ad4a69a646251319cce406c9800b2b823c2c59e8b0a3ea73fabd", + "zh:4924d88dbb45c9a01dc69323f731b969c2562631832509525ad44331e3682f43", + "zh:5ff081d29aaeb160753f7ba412d218dfd8703f2aeb0bc6cebe5f91c94bf1376a", + "zh:6d3f2c29b3c51629cb9ea2b513a981fb98226c69eeda670bb4d2b5cd0af8d278", + "zh:7df20d6ce088b131501f5dae9c3de763f81ac266000c19d4d53be79f568ecd24", + "zh:93c1ecaeedbc76b28297480d6456c6e65d80c72a20f6e870e537d7d80531c911", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f8b909d3ec50ade83c8062290378b1ec553edef6a447c56dadc01a99f4eaa93", - "zh:aaef921ff9aabaf8b1869a86d692ebd24fbd4e12c21205034bb679b9caf883a2", - "zh:ac882313207aba00dd5a76dbd572a0ddc818bb9cbf5c9d61b28fe30efaec951e", - "zh:bb64e8aff37becab373a1a0cc1080990785304141af42ed6aa3dd4913b000421", - "zh:dfe495f6621df5540d9c92ad40b8067376350b005c637ea6efac5dc15028add4", - "zh:f0ddf0eaf052766cfe09dea8200a946519f653c384ab4336e2a4a64fdd6310e9", - "zh:f1b7e684f4c7ae1eed272b6de7d2049bb87a0275cb04dbb7cda6636f600699c9", - "zh:ff461571e3f233699bf690db319dfe46aec75e58726636a0d97dd9ac6e32fb70", + "zh:ae8197c75460e25a664e76c183de79b798a82f31dcd99b44c6af2fd3ef249f5f", + "zh:aeacc428aa1f99a55432c969fb636dc6fc3346c6a95ebdcc5a240c222fbf0504", + "zh:be6d310269605985a8cf1d4d7984f3199b183dfc8cb3674c286c5bcfd4de7eb4", + "zh:c3ecd7a38af22d32479bcbca3c74c53969d71665ad4203b3102cbf519d6ddee7", + "zh:de127f5130604540b2be99c6b8b8253f4694a0a827cc9d186d72b545f27c45a5", ] } @@ -86,7 +86,7 @@ provider "registry.terraform.io/hashicorp/time" { provider "registry.terraform.io/hashicorp/tls" { version = "4.1.0" - constraints = ">= 3.0.0" + constraints = ">= 4.0.0" hashes = [ "h1:Ka8mEwRFXBabR33iN/WTIEW6RP0z13vFsDlwn11Pf2I=", "zh:14c35d89307988c835a7f8e26f1b83ce771e5f9b41e407f86a644c0152089ac2", diff --git a/environments/development/main.tf b/environments/development/main.tf index 797c20f..fd4732c 100644 --- a/environments/development/main.tf +++ b/environments/development/main.tf @@ -15,6 +15,5 @@ module "eks" { module.network.private_subnet_ids, module.network.public_subnet_ids, ) - depends_on = [module.network] azs = module.network.azs } diff --git a/environments/development/providers.tf b/environments/development/providers.tf index 7f967bc..f718c76 100644 --- a/environments/development/providers.tf +++ b/environments/development/providers.tf @@ -1,8 +1,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" - version = "< 6.0.0" + source = "hashicorp/aws" } } } diff --git a/environments/development/terraform.tfstate b/environments/development/terraform.tfstate index 9512813..63fc56a 100644 --- a/environments/development/terraform.tfstate +++ b/environments/development/terraform.tfstate @@ -1,29 +1,228 @@ { "version": 4, "terraform_version": "1.12.2", - "serial": 3241, - "lineage": "8bb850d3-2dbc-b205-47b4-36da62ae84f3", + "serial": 318, + "lineage": "e0fa6852-8979-09e2-362d-b95bd3e079e1", "outputs": {}, "resources": [ { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_policy", - "name": "AWSLoadBalancerControllerIAMPolicy", + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "3416383923", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:GetChange\",\n \"Resource\": \"arn:aws:route53:::change/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:ListResourceRecordSets\",\n \"route53:ChangeResourceRecordSets\"\n ],\n \"Resource\": \"arn:aws:route53:::hostedzone/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:ListHostedZonesByName\",\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"route53:GetChange\",\"Resource\":\"arn:aws:route53:::change/*\"},{\"Effect\":\"Allow\",\"Action\":[\"route53:ListResourceRecordSets\",\"route53:ChangeResourceRecordSets\"],\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Effect\":\"Allow\",\"Action\":\"route53:ListHostedZonesByName\",\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "route53:GetChange" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::change/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ChangeResourceRecordSets", + "route53:ListResourceRecordSets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::hostedzone/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ListHostedZonesByName" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1545384681", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:cert-manager\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cert-manager\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:cert-manager" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", - "name": "AWSLoadBalancerControllerIAMPolicy", - "name_prefix": "", + "description": "Cert Manager policy to allow management of Route53 hosted zone records", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "name": "AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "name_prefix": "AmazonEKS_eks1-devel_Cert_Manager_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeInstances\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeTags\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeCoipPools\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:DescribeIpamPools\",\"ec2:DescribeRouteTables\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"waf-regional:GetWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:AssociateWebACL\",\"waf-regional:DisassociateWebACL\",\"wafv2:GetWebACL\",\"wafv2:GetWebACLForResource\",\"wafv2:AssociateWebACL\",\"wafv2:DisassociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:CreateProtection\",\"shield:DeleteProtection\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:RevokeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateSecurityGroup\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateTargetGroup\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateListener\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:DeleteRule\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:AddTags\",\"elasticloadbalancing:RemoveTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:AddTags\",\"elasticloadbalancing:RemoveTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:DeleteLoadBalancer\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:ModifyIpPools\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:SetRulePriorities\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FABCUGGJOJ", + "policy": "{\"Statement\":[{\"Action\":\"route53:GetChange\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::change/*\"},{\"Action\":[\"route53:ListResourceRecordSets\",\"route53:ChangeResourceRecordSets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Action\":\"route53:ListHostedZonesByName\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FG6HNVVFKD", "tags": {}, "tags_all": { "Environment": "devel", @@ -32,44 +231,410 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.cert_manager", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.cert_manager_irsa_role", "mode": "managed", - "type": "aws_iam_policy", - "name": "AllowExternalDNSUpdates", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cert-manager", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cert-manager\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-27T01:03:26Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-cert-manager", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001" + ], + "max_session_duration": 3600, + "name": "eks1-devel-cert-manager", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FO56IFZGYS" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cert-manager" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cert_manager_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-cert-manager/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "role": "eks1-devel-cert-manager" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "role": "eks1-devel-cert-manager" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cert_manager_irsa_role.aws_iam_policy.cert_manager", + "module.eks.module.cert_manager_irsa_role.aws_iam_role.this", + "module.eks.module.cert_manager_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.cert_manager", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "2162280319", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"eks:DescribeNodegroup\",\n \"ec2:GetInstanceTypesFromInstanceRequirements\",\n \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DescribeInstanceTypes\",\n \"ec2:DescribeImages\",\n \"autoscaling:DescribeTags\",\n \"autoscaling:DescribeScalingActivities\",\n \"autoscaling:DescribeLaunchConfigurations\",\n \"autoscaling:DescribeAutoScalingInstances\",\n \"autoscaling:DescribeAutoScalingGroups\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"autoscaling:TerminateInstanceInAutoScalingGroup\",\n \"autoscaling:SetDesiredCapacity\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\": \"owned\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"eks:DescribeNodegroup\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeImages\",\"autoscaling:DescribeTags\",\"autoscaling:DescribeScalingActivities\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeAutoScalingGroups\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"autoscaling:SetDesiredCapacity\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\":\"owned\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeTags", + "ec2:DescribeImages", + "ec2:DescribeInstanceTypes", + "ec2:DescribeLaunchTemplateVersions", + "ec2:GetInstanceTypesFromInstanceRequirements", + "eks:DescribeNodegroup" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "autoscaling:SetDesiredCapacity", + "autoscaling:TerminateInstanceInAutoScalingGroup" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "owned" + ], + "variable": "autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1043243729", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:cluster-autoscaler\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:cluster-autoscaler" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", - "name": "AllowExternalDNSUpdates", - "name_prefix": "", + "description": "Cluster autoscaler policy to allow examination and modification of EC2 Auto Scaling Groups", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "name": "AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "name_prefix": "AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:ChangeResourceRecordSets\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/*\"]},{\"Action\":[\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:ListTagsForResource\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FMVTRS5KI5", + "policy": "{\"Statement\":[{\"Action\":[\"eks:DescribeNodegroup\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeImages\",\"autoscaling:DescribeTags\",\"autoscaling:DescribeScalingActivities\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeAutoScalingGroups\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"autoscaling:SetDesiredCapacity\"],\"Condition\":{\"StringEquals\":{\"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\":\"owned\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FADZLMDOQX", "tags": {}, "tags_all": { "Environment": "devel", @@ -78,44 +643,678 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.cluster_autoscaler", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.cluster_autoscaler_irsa_role", "mode": "managed", - "type": "aws_iam_policy", - "name": "ClusterAutoscalerIAMPolicy", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-autoscaler", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:25:15Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-cluster-autoscaler", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d" + ], + "max_session_duration": 3600, + "name": "eks1-devel-cluster-autoscaler", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FEIFH6MTO2" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cluster-autoscaler" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-cluster-autoscaler/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "role": "eks1-devel-cluster-autoscaler" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "role": "eks1-devel-cluster-autoscaler" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cluster_autoscaler_irsa_role.aws_iam_policy.cluster_autoscaler", + "module.eks.module.cluster_autoscaler_irsa_role.aws_iam_role.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.cluster_autoscaler", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "ebs_csi", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "4189668531", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVolumesModifications\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSnapshots\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeAvailabilityZones\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:ModifyVolume\",\n \"ec2:CreateSnapshot\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DetachVolume\",\n \"ec2:AttachVolume\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:instance/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:EnableFastSnapshotRestores\",\n \"ec2:CreateVolume\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"ec2:CreateAction\": [\n \"CreateVolume\",\n \"CreateSnapshot\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteTags\",\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/CSIVolumeName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/CSIVolumeName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/CSIVolumeSnapshotName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/CSIVolumeSnapshotName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVolumes\",\"ec2:DescribeTags\",\"ec2:DescribeSnapshots\",\"ec2:DescribeInstances\",\"ec2:DescribeAvailabilityZones\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:ModifyVolume\",\"ec2:CreateSnapshot\"],\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:DetachVolume\",\"ec2:AttachVolume\"],\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:instance/*\"]},{\"Effect\":\"Allow\",\"Action\":[\"ec2:EnableFastSnapshotRestores\",\"ec2:CreateVolume\"],\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateTags\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteTags\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeSnapshotName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeSnapshotName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot", + "ec2:ModifyVolume" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume", + "ec2:EnableFastSnapshotRestores" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "CreateVolume", + "CreateSnapshot" + ], + "variable": "ec2:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteTags" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:RequestTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:RequestTag/CSIVolumeName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:ResourceTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:ResourceTag/CSIVolumeName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "ec2:ResourceTag/kubernetes.io/created-for/pvc/name" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:RequestTag/CSIVolumeSnapshotName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:RequestTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:ResourceTag/CSIVolumeSnapshotName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:ResourceTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "3862641923", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:ebs-csi-controller-sa\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:ebs-csi-controller-sa\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:ebs-csi-controller-sa" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "ebs_csi", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", - "name": "ClusterAutoscalerIAMPolicy", - "name_prefix": "", + "description": "Provides permissions to manage EBS volumes via the container storage interface driver", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "name": "AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "name_prefix": "AmazonEKS_eks1-devel_EBS_CSI_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeScalingActivities\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"autoscaling:SetDesiredCapacity\",\"autoscaling:TerminateInstanceInAutoScalingGroup\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FLO47ADJSH", + "policy": "{\"Statement\":[{\"Action\":[\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVolumes\",\"ec2:DescribeTags\",\"ec2:DescribeSnapshots\",\"ec2:DescribeInstances\",\"ec2:DescribeAvailabilityZones\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:ModifyVolume\",\"ec2:CreateSnapshot\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":[\"ec2:DetachVolume\",\"ec2:AttachVolume\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:instance/*\"]},{\"Action\":[\"ec2:EnableFastSnapshotRestores\",\"ec2:CreateVolume\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Action\":\"ec2:DeleteTags\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Action\":\"ec2:CreateVolume\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:CreateVolume\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:CreateSnapshot\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:CreateSnapshot\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:DeleteSnapshot\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:DeleteSnapshot\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FBDEFQK6I6", "tags": {}, "tags_all": { "Environment": "devel", @@ -124,47 +1323,69 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.ebs_csi_irsa_role", "mode": "managed", "type": "aws_iam_role", - "name": "aws-load-balancer-controller", + "name": "this", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/aws-load-balancer-controller", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T08:08:05Z", + "arn": "arn:aws:iam::273729230602:role/eks1-devel-ebs-csi", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:ebs-csi-controller-sa\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-28T19:11:10Z", "description": "", - "force_detach_policies": false, - "id": "aws-load-balancer-controller", + "force_detach_policies": true, + "id": "eks1-devel-ebs-csi", "inline_policy": [], "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy" + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001" ], "max_session_duration": 3600, - "name": "aws-load-balancer-controller", + "name": "eks1-devel-ebs-csi", "name_prefix": "", "path": "/", "permissions_boundary": "", @@ -173,13 +1394,22 @@ "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FD7OQTHZZI" + "unique_id": "AROAT7O4IS4FAOGGU4EPY" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-ebs-csi" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.ebs_csi_irsa_role.data.aws_caller_identity.current", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", "module.eks.module.eks.aws_eks_cluster.this", "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", @@ -204,200 +1434,47 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role", - "name": "cluster-autoscaler", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:role/aws-cluster-autoscaler", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T08:08:05Z", - "description": "", - "force_detach_policies": false, - "id": "aws-cluster-autoscaler", - "inline_policy": [], - "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy" - ], - "max_session_duration": 3600, - "name": "aws-cluster-autoscaler", - "name_prefix": "", - "path": "/", - "permissions_boundary": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "unique_id": "AROAT7O4IS4FG7WIYJBVJ" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role", - "name": "external-dns", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:role/external-dns", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:default:external-dns\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-20T06:32:32Z", - "description": "", - "force_detach_policies": false, - "id": "external-dns", - "inline_policy": [], - "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates" - ], - "max_session_duration": 3600, - "name": "external-dns", - "name_prefix": "", - "path": "/", - "permissions_boundary": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "unique_id": "AROAT7O4IS4FHOVHRHZZF" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", + "module": "module.eks.module.ebs_csi_irsa_role", "mode": "managed", "type": "aws_iam_role_policy_attachment", - "name": "aws-load-balancer-controller", + "name": "ebs_csi", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "id": "aws-load-balancer-controller-2025071908080601560000001b", - "policy_arn": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", - "role": "aws-load-balancer-controller" + "id": "eks1-devel-ebs-csi/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "role": "eks1-devel-ebs-csi" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "role": "eks1-devel-ebs-csi" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.aws_iam_policy.AWSLoadBalancerControllerIAMPolicy", - "module.eks.aws_iam_role.aws-load-balancer-controller", + "module.eks.module.ebs_csi_irsa_role.aws_iam_policy.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.aws_iam_role.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_caller_identity.current", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", "module.eks.module.eks.aws_eks_cluster.this", "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", @@ -422,142 +1499,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "cluster-autoscaler", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "aws-cluster-autoscaler-2025071908080606430000001c", - "policy_arn": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", - "role": "aws-cluster-autoscaler" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.aws_iam_policy.ClusterAutoscalerIAMPolicy", - "module.eks.aws_iam_role.cluster-autoscaler", - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "external-dns", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "external-dns-20250720063232744000000001", - "policy_arn": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", - "role": "external-dns" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.aws_iam_policy.AllowExternalDNSUpdates", - "module.eks.aws_iam_role.external-dns", - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -591,6 +1535,20 @@ "name": "this", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ + { + "index_key": "aws-ebs-csi-driver", + "schema_version": 0, + "attributes": { + "addon_name": "aws-ebs-csi-driver", + "id": "aws-ebs-csi-driver", + "kubernetes_version": "1.33", + "most_recent": true, + "region": "us-east-1", + "version": "v1.46.0-eksbuild.1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + }, { "index_key": "coredns", "schema_version": 0, @@ -598,8 +1556,9 @@ "addon_name": "coredns", "id": "coredns", "kubernetes_version": "1.33", - "most_recent": false, - "version": "v1.12.1-eksbuild.2" + "most_recent": true, + "region": "us-east-1", + "version": "v1.12.2-eksbuild.4" }, "sensitive_attributes": [], "identity_schema_version": 0 @@ -611,7 +1570,8 @@ "addon_name": "eks-pod-identity-agent", "id": "eks-pod-identity-agent", "kubernetes_version": "1.33", - "most_recent": false, + "most_recent": true, + "region": "us-east-1", "version": "v1.3.8-eksbuild.2" }, "sensitive_attributes": [], @@ -624,7 +1584,8 @@ "addon_name": "kube-proxy", "id": "kube-proxy", "kubernetes_version": "1.33", - "most_recent": false, + "most_recent": true, + "region": "us-east-1", "version": "v1.33.0-eksbuild.2" }, "sensitive_attributes": [], @@ -637,8 +1598,9 @@ "addon_name": "vpc-cni", "id": "vpc-cni", "kubernetes_version": "1.33", - "most_recent": false, - "version": "v1.19.5-eksbuild.1" + "most_recent": true, + "region": "us-east-1", + "version": "v1.20.0-eksbuild.1" }, "sensitive_attributes": [], "identity_schema_version": 0 @@ -694,201 +1656,6 @@ } ] }, - { - "module": "module.eks.module.eks", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "513122117", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Compute\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RunInstances\",\n \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateFleet\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n },\n \"StringLike\": {\n \"aws:RequestTag/eks:kubernetes-node-class-name\": \"*\",\n \"aws:RequestTag/eks:kubernetes-node-pool-name\": \"*\"\n }\n }\n },\n {\n \"Sid\": \"Storage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateVolume\",\n \"ec2:CreateSnapshot\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"Networking\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateNetworkInterface\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\",\n \"aws:RequestTag/eks:kubernetes-cni-node-name\": \"*\"\n }\n }\n },\n {\n \"Sid\": \"LoadBalancer\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateLoadBalancer\",\n \"elasticloadbalancing:CreateListener\",\n \"ec2:CreateSecurityGroup\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"ShieldProtection\",\n \"Effect\": \"Allow\",\n \"Action\": \"shield:CreateProtection\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"ShieldTagResource\",\n \"Effect\": \"Allow\",\n \"Action\": \"shield:TagResource\",\n \"Resource\": \"arn:aws:shield::*:protection/*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n }\n ]\n}", - "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Compute\",\"Effect\":\"Allow\",\"Action\":[\"ec2:RunInstances\",\"ec2:CreateLaunchTemplate\",\"ec2:CreateFleet\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"},\"StringLike\":{\"aws:RequestTag/eks:kubernetes-node-class-name\":\"*\",\"aws:RequestTag/eks:kubernetes-node-pool-name\":\"*\"}}},{\"Sid\":\"Storage\",\"Effect\":\"Allow\",\"Action\":[\"ec2:CreateVolume\",\"ec2:CreateSnapshot\"],\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"Networking\",\"Effect\":\"Allow\",\"Action\":\"ec2:CreateNetworkInterface\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\",\"aws:RequestTag/eks:kubernetes-cni-node-name\":\"*\"}}},{\"Sid\":\"LoadBalancer\",\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateListener\",\"ec2:CreateSecurityGroup\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"ShieldProtection\",\"Effect\":\"Allow\",\"Action\":\"shield:CreateProtection\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"ShieldTagResource\",\"Effect\":\"Allow\",\"Action\":\"shield:TagResource\",\"Resource\":\"arn:aws:shield::*:protection/*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}}]}", - "override_json": null, - "override_policy_documents": null, - "policy_id": null, - "source_json": null, - "source_policy_documents": null, - "statement": [ - { - "actions": [ - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:RunInstances" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - }, - { - "test": "StringLike", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-node-class-name" - }, - { - "test": "StringLike", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-node-pool-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "Compute" - }, - { - "actions": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:volume/*" - ], - "sid": "Storage" - }, - { - "actions": [ - "ec2:CreateNetworkInterface" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - }, - { - "test": "StringEquals", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-cni-node-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "Networking" - }, - { - "actions": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "LoadBalancer" - }, - { - "actions": [ - "shield:CreateProtection" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "ShieldProtection" - }, - { - "actions": [ - "shield:TagResource" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:shield::*:protection/*" - ], - "sid": "ShieldTagResource" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [], - "identity_schema_version": 0 - } - ] - }, { "module": "module.eks.module.eks", "mode": "data", @@ -1000,7 +1767,7 @@ ], "content": null, "id": "922877a0975ad078a65b8ff11ebc47b8311945c7", - "url": "https://oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "url": "https://oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "verify_chain": true }, "sensitive_attributes": [], @@ -1025,6 +1792,7 @@ "log_group_class": "STANDARD", "name": "/aws/eks/eks1-devel/cluster", "name_prefix": "", + "region": "us-east-1", "retention_in_days": 90, "skip_destroy": false, "tags": { @@ -1039,21 +1807,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "bnVsbA==", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -1069,13 +1822,14 @@ "index_key": "cluster_creator", "schema_version": 0, "attributes": { - "access_entry_arn": "arn:aws:eks:us-east-1:273729230602:access-entry/eks1-devel/role/273729230602/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/66cc10dc-ed50-38ab-ada1-21d9a0375aef", + "access_entry_arn": "arn:aws:eks:us-east-1:273729230602:access-entry/eks1-devel/role/273729230602/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/c0cc2290-c2f1-d36f-a3aa-9948fb9dd5c4", "cluster_name": "eks1-devel", - "created_at": "2025-07-19T08:08:05Z", + "created_at": "2025-07-26T05:08:01Z", "id": "eks1-devel:arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", "kubernetes_groups": [], - "modified_at": "2025-07-19T08:08:05Z", + "modified_at": "2025-07-26T05:08:01Z", "principal_arn": "arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", + "region": "us-east-1", "tags": {}, "tags_all": { "Environment": "devel", @@ -1112,18 +1866,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1146,12 +1891,13 @@ "type": "cluster" } ], - "associated_at": "2025-07-19 08:08:05.895 +0000 UTC", + "associated_at": "2025-07-26 05:08:02.648 +0000 UTC", "cluster_name": "eks1-devel", "id": "eks1-devel#arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", - "modified_at": "2025-07-19 08:08:05.895 +0000 UTC", + "modified_at": "2025-07-26 05:08:02.648 +0000 UTC", "policy_arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", "principal_arn": "arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", + "region": "us-east-1", "timeouts": null }, "sensitive_attributes": [], @@ -1182,18 +1928,144 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.eks", + "mode": "managed", + "type": "aws_eks_addon", + "name": "before_compute", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "eks-pod-identity-agent", + "schema_version": 0, + "attributes": { + "addon_name": "eks-pod-identity-agent", + "addon_version": "v1.3.8-eksbuild.2", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/eks-pod-identity-agent/eecc2290-c377-f6c7-9f0f-f2eb7aa1d1c1", + "cluster_name": "eks1-devel", + "configuration_values": "", + "created_at": "2025-07-26T05:08:02Z", + "id": "eks1-devel:eks-pod-identity-agent", + "modified_at": "2025-07-26T05:11:08Z", + "pod_identity_association": [], + "preserve": true, + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", + "resolve_conflicts_on_update": "OVERWRITE", + "service_account_role_arn": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "timeouts": { + "create": null, + "delete": null, + "update": null + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_eks_addon_version.this", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + }, + { + "index_key": "vpc-cni", + "schema_version": 0, + "attributes": { + "addon_name": "vpc-cni", + "addon_version": "v1.19.5-eksbuild.1", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/vpc-cni/e0cc2290-c371-9193-a1fe-79a2fc911873", + "cluster_name": "eks1-devel", + "configuration_values": "", + "created_at": "2025-07-26T05:08:02Z", + "id": "eks1-devel:vpc-cni", + "modified_at": "2025-07-26T05:08:11Z", + "pod_identity_association": [], + "preserve": true, + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", + "resolve_conflicts_on_update": "OVERWRITE", + "service_account_role_arn": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "timeouts": { + "create": null, + "delete": null, + "update": null + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_eks_addon_version.this", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" ] } @@ -1206,22 +2078,139 @@ "name": "this", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ + { + "index_key": "aws-ebs-csi-driver", + "schema_version": 0, + "attributes": { + "addon_name": "aws-ebs-csi-driver", + "addon_version": "v1.46.0-eksbuild.1", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/aws-ebs-csi-driver/92cc293b-7f4b-36a7-a654-e0ef08941147", + "cluster_name": "eks1-devel", + "configuration_values": "", + "created_at": "2025-07-28T19:16:27Z", + "id": "eks1-devel:aws-ebs-csi-driver", + "modified_at": "2025-07-28T19:17:18Z", + "pod_identity_association": [], + "preserve": true, + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", + "resolve_conflicts_on_update": "OVERWRITE", + "service_account_role_arn": "", + "tags": null, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "timeouts": { + "create": null, + "delete": null, + "update": null + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_eks_addon_version.this", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", + "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_ingress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", + "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", + "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", + "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy.this", + "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.additional", + "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.module.fargate_profile.data.aws_caller_identity.current", + "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.role", + "module.eks.module.eks.module.fargate_profile.data.aws_partition.current", + "module.eks.module.eks.module.fargate_profile.data.aws_region.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", + "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", + "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", + "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy.this", + "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.additional", + "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", + "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_ingress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", + "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", + "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", + "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", + "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", + "module.eks.module.eks.module.self_managed_node_group.data.aws_subnet.this", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", + "module.eks.module.eks.time_sleep.this", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + }, { "index_key": "coredns", "schema_version": 0, "attributes": { "addon_name": "coredns", "addon_version": "v1.12.1-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/coredns/22cc10de-08ca-1449-559c-2064d0e73e23", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/coredns/9acc2291-b411-4ab5-46a4-c9fd2bf3dff7", "cluster_name": "eks1-devel", "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", + "created_at": "2025-07-26T05:10:05Z", "id": "eks1-devel:coredns", - "modified_at": "2025-07-19T08:10:42Z", + "modified_at": "2025-07-26T05:10:48Z", "pod_identity_association": [], "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", "resolve_conflicts_on_update": "OVERWRITE", "service_account_role_arn": "", "tags": {}, @@ -1256,7 +2245,6 @@ "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", @@ -1264,16 +2252,19 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", @@ -1293,7 +2284,6 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", @@ -1302,153 +2292,23 @@ "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.self_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - }, - { - "index_key": "eks-pod-identity-agent", - "schema_version": 0, - "attributes": { - "addon_name": "eks-pod-identity-agent", - "addon_version": "v1.3.8-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/eks-pod-identity-agent/86cc10de-08c0-80ee-d37b-8fa3d54675f3", - "cluster_name": "eks1-devel", - "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", - "id": "eks1-devel:eks-pod-identity-agent", - "modified_at": "2025-07-19T08:11:06Z", - "pod_identity_association": [], - "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", - "resolve_conflicts_on_update": "OVERWRITE", - "service_account_role_arn": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "timeouts": { - "create": null, - "delete": null, - "update": null - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_eks_addon_version.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.fargate_profile.data.aws_caller_identity.current", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.fargate_profile.data.aws_partition.current", - "module.eks.module.eks.module.fargate_profile.data.aws_region.current", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] }, @@ -1458,16 +2318,16 @@ "attributes": { "addon_name": "kube-proxy", "addon_version": "v1.33.0-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/kube-proxy/7ecc10de-08c9-6c05-a647-aafa3a2b4c52", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/kube-proxy/dacc2291-b40d-625e-13de-8d62e87a886b", "cluster_name": "eks1-devel", "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", + "created_at": "2025-07-26T05:10:05Z", "id": "eks1-devel:kube-proxy", - "modified_at": "2025-07-19T08:10:36Z", + "modified_at": "2025-07-26T05:11:12Z", "pod_identity_association": [], "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", "resolve_conflicts_on_update": "OVERWRITE", "service_account_role_arn": "", "tags": {}, @@ -1502,7 +2362,6 @@ "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", @@ -1510,16 +2369,19 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", @@ -1539,7 +2401,6 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", @@ -1548,153 +2409,23 @@ "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.self_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - }, - { - "index_key": "vpc-cni", - "schema_version": 0, - "attributes": { - "addon_name": "vpc-cni", - "addon_version": "v1.19.5-eksbuild.1", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/vpc-cni/30cc10de-08ca-a1d4-f69e-192827a61e68", - "cluster_name": "eks1-devel", - "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", - "id": "eks1-devel:vpc-cni", - "modified_at": "2025-07-19T08:11:07Z", - "pod_identity_association": [], - "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", - "resolve_conflicts_on_update": "OVERWRITE", - "service_account_role_arn": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "timeouts": { - "create": null, - "delete": null, - "update": null - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_eks_addon_version.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.fargate_profile.data.aws_caller_identity.current", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.fargate_profile.data.aws_partition.current", - "module.eks.module.eks.module.fargate_profile.data.aws_region.current", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1718,15 +2449,15 @@ } ], "arn": "arn:aws:eks:us-east-1:273729230602:cluster/eks1-devel", - "bootstrap_self_managed_addons": true, + "bootstrap_self_managed_addons": false, "certificate_authority": [ { - "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTUtzRlVZekl3NU13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01Ua3dOelUyTkRKYUZ3MHpOVEEzTVRjd09EQXhOREphTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMvREF1NHI0aGgxNXltRVV6OUwzcUlHM05haW4zSm56VTBrVmhSRVpHNUo0dWJxeU1Wd0VnVEh6alkKY2Rid0FWbWhYeXNYdkc0NzBIWDJPSUNMWlVvTG5EejlLNlNnWmpVanFhMXVON25aRXNiMTZoTDBoUmxxOWhkVgo5WWFGZzh1NkJNSlZsYTNWZnhUa1YyQVhCYTVkNGYxd0J2SkFKV2JCUFZBSUhMVyt5djdDTmNFbmwzK2ZMWCtUCkRVUTVvRDF4elU3SFhRV3B5eGZNcW9keGJWcXl4akIrSlNCOCtZRmM5WTA2WTEzUk5KSW9YM2FtaXNwcGNpVVIKdWhtUFlVSGdHQVFySnM5enRHUm05SkYxY3NjQjc2NmNPdDVNTVY2c0daaFIyaFBOUXhPSTFqVWtjQjRxRk9GMQpxUkk0ZDdFckIzbXp5UThUc1h5WDNSNW90Tk4xQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRNHNpMGVqbHJlODlqdVkrT0ZDcm54NTRxOWJEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW53VW56TDZLUAo5dUxmTjh6ZnUwcnRNeXFpZnV5SFFjOS9ZdWNYNEhWMDhkay8yVGpmZWczU29VR1F6WFVPZ09Xd0tvS2VKQ3JqCnVQYWljbDM1QnJEZXdHVC94dHcxbFAwT29PcFo0dHBUaG5XUFAyS0t5VzF6aHJQZnRYMDNrUlZPcXRJbWRPc3QKWjlTajhUcCt0ZXNFTkNQQllIMlg3Wnc0NnZ4N1gvUi9KZzhtR210VmZ4Y1BqOUtNK0JrTThMbTZUOG5jY1U5MQpPZjFFTldwY2U5emxqQUZVNnc3VlpzMEEveXpzb21CMWc1UGVydE4ram1hbS9PcUswb2hPUVA3VEtITHZUMlpXCkUzbjNOb3dGMkdqcmRmVjVvVWhQT0FJc084cll0OUhMZ0dSZ0cvZnZLL2ZiU1ZURmU3eG4wR21QT2ZvK3daQjMKd2VwTGxyTndjK0UzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJT2luRkFybWtSSEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01qWXdORFUzTlRSYUZ3MHpOVEEzTWpRd05UQXlOVFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURiNytlcmRaaVF3Q2xmVTBoQWJ1dFNxVXZiY0JUYmdwelI4UkhITThDa3pCdVdmcVhJREtjUWdDd08KeHNhbXErbUtDczlZTlNMVDJlaXNlcUdIaXpYTXRmTlhtOEo5RGo1LzhZSlNFeUxjR1BUUHFyVXFobmFBRTJ2UQpxZlJJWGYzTVcrQWFjRWd4cVBRNStEcU0rQTFFaFAybDBUSGRiZHdPTFViQ1Vkc2Ftb2VJRVYvckVQM2dteTBRCnlWRmY2K3VCVy9jVTUxWDRSMm1OTmovaW9pZjJUUHhMZ0w0bEhXYUpsWk5PdzdUNEJ5TnQ0NXQ5eS9yUURjV0IKTGpJYnJMQjFSUnlLY1VYR0g0eE1MeitqVTFWVFZzUUR0aGZWT1NmWEs3aTNmRWY1dHUwbndSU04rdThjK0RKcQptQ0JxZ252YU1Pb3lvb2ZrUlZ3ZmZOY3hxOEIvQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTcEFyMk0wYm04MUtkUGhaUnd6bEV1dEx0bHNEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUxBTk1oTW1vcwp3eWhaRDNlSXN1SzJYcVdqd2Y4SXAzcnlaRlcrRGcwOVBHdUI1OXdWVmJrVW5WV0NLMGN0eE52WUxkd3pxUGw0CjMvaUhDOHRhV2o3KzJFcjJHK3JaUlFPVzczUkV2K1JVWUpyeDZwZExCTFZlbmJ5cjZ3SFA5Q0xpcXlpc3EvQzUKei9hTmJoSXpiQjY0eFI0NHk5bXl3TnRURlVLVW9ockE2NlltME1QTVdOdzZYaTlVV1dpemw2b2dHRmhjQi9VUQoxL1g0UmlXVlFjYndndzBXTmxWdDBkaWwvaHZnWFpyK0JIMHRkTlRNa2tEUEtpekFqbFpqV0xtME5OVmZZRTNiCjNiWHY3OVpRUEVnVXNlMU14U0lHU2ZKVWtBbUlEYWJxMEdIYlZ1WjFRcklha2thdkY5UWwrODJNV0lQKzFxNzIKekVTRVNnUFI3dUZ2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" } ], "cluster_id": null, "compute_config": [], - "created_at": "2025-07-19T07:56:57Z", + "created_at": "2025-07-26T04:58:04Z", "enabled_cluster_log_types": [ "api", "audit", @@ -1736,7 +2467,7 @@ { "provider": [ { - "key_arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587" + "key_arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655" } ], "resources": [ @@ -1744,14 +2475,14 @@ ] } ], - "endpoint": "https://90F53ECE705908D3A306F170FF42DF7A.gr7.us-east-1.eks.amazonaws.com", + "endpoint": "https://BF3C0697CBF107D1CFBAC6728A7EED19.gr7.us-east-1.eks.amazonaws.com", "force_update_version": null, "id": "eks1-devel", "identity": [ { "oidc": [ { - "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A" + "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" } ] } @@ -1771,8 +2502,9 @@ "name": "eks1-devel", "outpost_config": [], "platform_version": "eks.6", + "region": "us-east-1", "remote_network_config": [], - "role_arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008", + "role_arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006", "status": "ACTIVE", "storage_config": [], "tags": { @@ -1783,11 +2515,7 @@ "Service": "Kubernetes", "terraform-aws-modules": "eks" }, - "timeouts": { - "create": null, - "delete": null, - "update": null - }, + "timeouts": null, "upgrade_policy": [ { "support_type": "EXTENDED" @@ -1796,22 +2524,22 @@ "version": "1.33", "vpc_config": [ { - "cluster_security_group_id": "sg-04bdddfe491ab9609", + "cluster_security_group_id": "sg-076b2d2377e33d292", "endpoint_private_access": true, "endpoint_public_access": true, "public_access_cidrs": [ "0.0.0.0/0" ], "security_group_ids": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "subnet_ids": [ - "subnet-0115e5b05ab6b132c", - "subnet-03b49ea861522bc48", - "subnet-0556ce01354322097", - "subnet-0a6eed6971e44375c", - "subnet-0cee9908287eaa414", - "subnet-0f439778eb62eac4d" + "subnet-02555be9c1954bbda", + "subnet-08dbbf19ff2c937f1", + "subnet-0d7ae39c853e68127", + "subnet-0e188b45be889dcc3", + "subnet-0f0da9e04f1c8369a", + "subnet-0f84cfaa3d8da724d" ], "vpc_id": "vpc-0271dff7a4b4bbf76" } @@ -1844,18 +2572,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -1873,11 +2592,11 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "client_id_list": [ "sts.amazonaws.com" ], - "id": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "id": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "tags": { "Name": "eks1-devel-eks-irsa" }, @@ -1889,10 +2608,13 @@ "thumbprint_list": [ "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" ], - "url": "oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A" + "url": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_cloudwatch_log_group.this", @@ -1919,18 +2641,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1947,15 +2660,15 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", + "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", "attachment_count": 1, "description": "Cluster encryption policy to allow cluster role to utilize CMK provided", - "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "name": "eks1-devel-cluster-ClusterEncryption20250719075654985100000019", + "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "name": "eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", "name_prefix": "eks1-devel-cluster-ClusterEncryption", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FGQBA7MP5J", + "policy": "{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FODRVQNHGK", "tags": {}, "tags_all": { "Environment": "devel", @@ -1964,6 +2677,9 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_role.this", @@ -1976,69 +2692,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks.module.eks", - "mode": "managed", - "type": "aws_iam_policy", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "name": "eks1-devel-cluster-2025071907563363730000000b", - "name_prefix": "eks1-devel-cluster-", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"ec2:RunInstances\",\"ec2:CreateLaunchTemplate\",\"ec2:CreateFleet\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"},\"StringLike\":{\"aws:RequestTag/eks:kubernetes-node-class-name\":\"*\",\"aws:RequestTag/eks:kubernetes-node-pool-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Compute\"},{\"Action\":[\"ec2:CreateVolume\",\"ec2:CreateSnapshot\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Sid\":\"Storage\"},{\"Action\":\"ec2:CreateNetworkInterface\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\",\"aws:RequestTag/eks:kubernetes-cni-node-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Networking\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateListener\",\"ec2:CreateSecurityGroup\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"LoadBalancer\"},{\"Action\":\"shield:CreateProtection\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ShieldProtection\"},{\"Action\":\"shield:TagResource\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:shield::*:protection/*\",\"Sid\":\"ShieldTagResource\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FOKMADCWTF", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.data.aws_iam_policy_document.custom", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -2054,21 +2708,19 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008", + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006", "assume_role_policy": "{\"Statement\":[{\"Action\":[\"sts:TagSession\",\"sts:AssumeRole\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Sid\":\"EKSClusterAssumeRole\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T07:56:33Z", + "create_date": "2025-07-26T04:57:06Z", "description": "", "force_detach_policies": true, - "id": "eks1-devel-cluster-20250719075633606000000008", + "id": "eks1-devel-cluster-20250726045706140700000006", "inline_policy": [], "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" + "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" ], "max_session_duration": 3600, - "name": "eks1-devel-cluster-20250719075633606000000008", + "name": "eks1-devel-cluster-20250726045706140700000006", "name_prefix": "eks1-devel-cluster-", "path": "/", "permissions_boundary": "", @@ -2077,26 +2729,17 @@ "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FJXPJNXY4D" + "unique_id": "AROAT7O4IS4FAGFOIF7OI" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy" ], "create_before_destroy": true } @@ -2113,12 +2756,17 @@ "index_key": 0, "schema_version": 0, "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907565538500000001a", - "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "role": "eks1-devel-cluster-20250719075633606000000008" + "id": "eks1-devel-cluster-20250726045706140700000006/arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "role": "eks1-devel-cluster-20250726045706140700000006" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "role": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_policy.cluster_encryption", @@ -2132,61 +2780,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks.module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563420370000000f", - "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "role": "eks1-devel-cluster-20250719075633606000000008" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_iam_policy.custom", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.custom", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -2202,61 +2796,22 @@ "index_key": "AmazonEKSClusterPolicy", "schema_version": 0, "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563413140000000d", + "id": "eks1-devel-cluster-20250726045706140700000006/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "role": "eks1-devel-cluster-20250719075633606000000008" + "role": "eks1-devel-cluster-20250726045706140700000006" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", + "role": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_role.this", "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true - }, - { - "index_key": "AmazonEKSVPCResourceController", - "schema_version": 0, - "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563417810000000e", - "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", - "role": "eks1-devel-cluster-20250719075633606000000008" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.data.aws_partition.current" ], "create_before_destroy": true } @@ -2273,10 +2828,10 @@ "index_key": 0, "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-083197778dd666866", + "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-0f6f49725d40dcc30", "description": "EKS cluster security group", "egress": [], - "id": "sg-083197778dd666866", + "id": "sg-0f6f49725d40dcc30", "ingress": [ { "cidr_blocks": [], @@ -2286,15 +2841,16 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-063a641aa5386b819" + "sg-0a74b044afaa663ed" ], "self": false, "to_port": 443 } ], - "name": "eks1-devel-cluster-20250719075633405800000007", + "name": "eks1-devel-cluster-20250726045706139300000004", "name_prefix": "eks1-devel-cluster-", "owner_id": "273729230602", + "region": "us-east-1", "revoke_rules_on_delete": false, "tags": { "Name": "eks1-devel-cluster" @@ -2310,21 +2866,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -2340,7 +2881,7 @@ "index_key": 0, "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-063a641aa5386b819", + "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-0a74b044afaa663ed", "description": "EKS node shared security group", "egress": [ { @@ -2357,7 +2898,7 @@ "to_port": 0 } ], - "id": "sg-063a641aa5386b819", + "id": "sg-0a74b044afaa663ed", "ingress": [ { "cidr_blocks": [], @@ -2367,7 +2908,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 4443 @@ -2380,7 +2921,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 6443 @@ -2393,7 +2934,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 8443 @@ -2406,7 +2947,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 9443 @@ -2419,7 +2960,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 443 @@ -2432,7 +2973,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 10250 @@ -2478,15 +3019,16 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-08edcfa4ed8f2750c" + "sg-02b2e955e7a69217a" ], "self": false, - "to_port": 443 + "to_port": 10254 } ], - "name": "eks1-devel-node-20250719075633361600000006", + "name": "eks1-devel-node-20250726045706138200000003", "name_prefix": "eks1-devel-node-", "owner_id": "273729230602", + "region": "us-east-1", "revoke_rules_on_delete": false, "tags": { "Name": "eks1-devel-node", @@ -2504,21 +3046,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -2537,14 +3064,15 @@ "cidr_blocks": null, "description": "Node groups to cluster API", "from_port": 443, - "id": "sgrule-3717588776", + "id": "sgrule-3138574090", "ipv6_cidr_blocks": null, "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-083197778dd666866", - "security_group_rule_id": "sgr-07dae13a6cd8bce1c", + "region": "us-east-1", + "security_group_id": "sg-0f6f49725d40dcc30", + "security_group_rule_id": "sgr-068c762594d1de680", "self": false, - "source_security_group_id": "sg-063a641aa5386b819", + "source_security_group_id": "sg-0a74b044afaa663ed", "timeouts": null, "to_port": 443, "type": "ingress" @@ -2554,20 +3082,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true } @@ -2589,12 +3104,13 @@ ], "description": "Allow all egress", "from_port": 0, - "id": "sgrule-3441080525", + "id": "sgrule-3315708913", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "-1", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0ea964a89d843a0a0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-07bd88701cf08d8b8", "self": false, "source_security_group_id": null, "timeouts": null, @@ -2606,20 +3122,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2630,14 +3133,15 @@ "cidr_blocks": null, "description": "Cluster API to node groups", "from_port": 443, - "id": "sgrule-986645080", + "id": "sgrule-45776182", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0e2f50fd542c0a7c8", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0361333e190e1a04b", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 443, "type": "ingress" @@ -2647,20 +3151,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2671,14 +3162,15 @@ "cidr_blocks": null, "description": "Cluster API to node 4443/tcp webhook", "from_port": 4443, - "id": "sgrule-2457107927", + "id": "sgrule-500800407", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0b0bd0151369d45ff", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0a1a8f25a5818003a", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 4443, "type": "ingress" @@ -2688,20 +3180,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2712,14 +3191,15 @@ "cidr_blocks": null, "description": "Cluster API to node 6443/tcp webhook", "from_port": 6443, - "id": "sgrule-1530272321", + "id": "sgrule-3566992385", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0f8f97800e1c5e042", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0c4f285327006f065", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 6443, "type": "ingress" @@ -2729,20 +3209,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2753,14 +3220,15 @@ "cidr_blocks": null, "description": "Cluster API to node 8443/tcp webhook", "from_port": 8443, - "id": "sgrule-1214916192", + "id": "sgrule-3351756832", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0c411c3c91bee611f", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0d3d4fa20169a2ea8", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 8443, "type": "ingress" @@ -2770,20 +3238,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2794,14 +3249,15 @@ "cidr_blocks": null, "description": "Cluster API to node 9443/tcp webhook", "from_port": 9443, - "id": "sgrule-751506859", + "id": "sgrule-2741433323", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0a9f4327f22f355fd", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-035233532bcbfb1d9", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 9443, "type": "ingress" @@ -2811,20 +3267,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2835,14 +3278,15 @@ "cidr_blocks": null, "description": "Cluster API to node kubelets", "from_port": 10250, - "id": "sgrule-1437854411", + "id": "sgrule-1489672607", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0774a9650224677b4", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-006dc66a135d40e67", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 10250, "type": "ingress" @@ -2852,20 +3296,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2876,12 +3307,13 @@ "cidr_blocks": null, "description": "Node to node ingress on ephemeral ports", "from_port": 1025, - "id": "sgrule-3550635973", + "id": "sgrule-901693526", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-08b37530bc90d30c0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0068ba55843cb9c50", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2893,20 +3325,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2917,12 +3336,13 @@ "cidr_blocks": null, "description": "Node to node CoreDNS", "from_port": 53, - "id": "sgrule-141682456", + "id": "sgrule-3646939900", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-057ac0a5263496085", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-00d96212df13f95db", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2934,20 +3354,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2958,12 +3365,13 @@ "cidr_blocks": null, "description": "Node to node CoreDNS UDP", "from_port": 53, - "id": "sgrule-2888713463", + "id": "sgrule-2097168659", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "udp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0ef59508e058468d0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0f9065f0d4958f39e", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2975,20 +3383,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true } @@ -3007,13 +3402,13 @@ "attributes": { "create_duration": "30s", "destroy_duration": null, - "id": "2025-07-19T08:08:34Z", + "id": "2025-07-26T05:08:31Z", "triggers": { - "cluster_certificate_authority_data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTUtzRlVZekl3NU13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01Ua3dOelUyTkRKYUZ3MHpOVEEzTVRjd09EQXhOREphTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMvREF1NHI0aGgxNXltRVV6OUwzcUlHM05haW4zSm56VTBrVmhSRVpHNUo0dWJxeU1Wd0VnVEh6alkKY2Rid0FWbWhYeXNYdkc0NzBIWDJPSUNMWlVvTG5EejlLNlNnWmpVanFhMXVON25aRXNiMTZoTDBoUmxxOWhkVgo5WWFGZzh1NkJNSlZsYTNWZnhUa1YyQVhCYTVkNGYxd0J2SkFKV2JCUFZBSUhMVyt5djdDTmNFbmwzK2ZMWCtUCkRVUTVvRDF4elU3SFhRV3B5eGZNcW9keGJWcXl4akIrSlNCOCtZRmM5WTA2WTEzUk5KSW9YM2FtaXNwcGNpVVIKdWhtUFlVSGdHQVFySnM5enRHUm05SkYxY3NjQjc2NmNPdDVNTVY2c0daaFIyaFBOUXhPSTFqVWtjQjRxRk9GMQpxUkk0ZDdFckIzbXp5UThUc1h5WDNSNW90Tk4xQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRNHNpMGVqbHJlODlqdVkrT0ZDcm54NTRxOWJEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW53VW56TDZLUAo5dUxmTjh6ZnUwcnRNeXFpZnV5SFFjOS9ZdWNYNEhWMDhkay8yVGpmZWczU29VR1F6WFVPZ09Xd0tvS2VKQ3JqCnVQYWljbDM1QnJEZXdHVC94dHcxbFAwT29PcFo0dHBUaG5XUFAyS0t5VzF6aHJQZnRYMDNrUlZPcXRJbWRPc3QKWjlTajhUcCt0ZXNFTkNQQllIMlg3Wnc0NnZ4N1gvUi9KZzhtR210VmZ4Y1BqOUtNK0JrTThMbTZUOG5jY1U5MQpPZjFFTldwY2U5emxqQUZVNnc3VlpzMEEveXpzb21CMWc1UGVydE4ram1hbS9PcUswb2hPUVA3VEtITHZUMlpXCkUzbjNOb3dGMkdqcmRmVjVvVWhQT0FJc084cll0OUhMZ0dSZ0cvZnZLL2ZiU1ZURmU3eG4wR21QT2ZvK3daQjMKd2VwTGxyTndjK0UzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", - "cluster_endpoint": "https://90F53ECE705908D3A306F170FF42DF7A.gr7.us-east-1.eks.amazonaws.com", - "cluster_name": "eks1-devel", - "cluster_service_cidr": "10.100.0.0/16", - "cluster_version": "1.33" + "certificate_authority_data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJT2luRkFybWtSSEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01qWXdORFUzTlRSYUZ3MHpOVEEzTWpRd05UQXlOVFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURiNytlcmRaaVF3Q2xmVTBoQWJ1dFNxVXZiY0JUYmdwelI4UkhITThDa3pCdVdmcVhJREtjUWdDd08KeHNhbXErbUtDczlZTlNMVDJlaXNlcUdIaXpYTXRmTlhtOEo5RGo1LzhZSlNFeUxjR1BUUHFyVXFobmFBRTJ2UQpxZlJJWGYzTVcrQWFjRWd4cVBRNStEcU0rQTFFaFAybDBUSGRiZHdPTFViQ1Vkc2Ftb2VJRVYvckVQM2dteTBRCnlWRmY2K3VCVy9jVTUxWDRSMm1OTmovaW9pZjJUUHhMZ0w0bEhXYUpsWk5PdzdUNEJ5TnQ0NXQ5eS9yUURjV0IKTGpJYnJMQjFSUnlLY1VYR0g0eE1MeitqVTFWVFZzUUR0aGZWT1NmWEs3aTNmRWY1dHUwbndSU04rdThjK0RKcQptQ0JxZ252YU1Pb3lvb2ZrUlZ3ZmZOY3hxOEIvQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTcEFyMk0wYm04MUtkUGhaUnd6bEV1dEx0bHNEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUxBTk1oTW1vcwp3eWhaRDNlSXN1SzJYcVdqd2Y4SXAzcnlaRlcrRGcwOVBHdUI1OXdWVmJrVW5WV0NLMGN0eE52WUxkd3pxUGw0CjMvaUhDOHRhV2o3KzJFcjJHK3JaUlFPVzczUkV2K1JVWUpyeDZwZExCTFZlbmJ5cjZ3SFA5Q0xpcXlpc3EvQzUKei9hTmJoSXpiQjY0eFI0NHk5bXl3TnRURlVLVW9ockE2NlltME1QTVdOdzZYaTlVV1dpemw2b2dHRmhjQi9VUQoxL1g0UmlXVlFjYndndzBXTmxWdDBkaWwvaHZnWFpyK0JIMHRkTlRNa2tEUEtpekFqbFpqV0xtME5OVmZZRTNiCjNiWHY3OVpRUEVnVXNlMU14U0lHU2ZKVWtBbUlEYWJxMEdIYlZ1WjFRcklha2thdkY5UWwrODJNV0lQKzFxNzIKekVTRVNnUFI3dUZ2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", + "endpoint": "https://BF3C0697CBF107D1CFBAC6728A7EED19.gr7.us-east-1.eks.amazonaws.com", + "kubernetes_version": "1.33", + "name": "eks1-devel", + "service_cidr": "10.100.0.0/16" } }, "sensitive_attributes": [], @@ -3042,44 +3437,15 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true } ] }, - { - "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "273729230602", - "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", - "id": "273729230602", - "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" - }, - "sensitive_attributes": [], - "identity_schema_version": 0 - } - ] - }, { "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", "mode": "data", @@ -3131,19 +3497,32 @@ { "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", "mode": "data", - "type": "aws_partition", - "name": "current", + "type": "aws_ssm_parameter", + "name": "ami", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "dns_suffix": "amazonaws.com", - "id": "aws", - "partition": "aws", - "reverse_dns_prefix": "com.amazonaws" + "arn": "arn:aws:ssm:us-east-1::parameter/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "id": "/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "insecure_value": "1.33.0-20250715", + "name": "/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "region": "us-east-1", + "type": "String", + "value": "1.33.0-20250715", + "version": 6, + "with_decryption": true }, - "sensitive_attributes": [], + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "value" + } + ] + ], "identity_schema_version": 0 } ] @@ -3160,34 +3539,35 @@ "schema_version": 0, "attributes": { "ami_type": "AL2023_x86_64_STANDARD", - "arn": "arn:aws:eks:us-east-1:273729230602:nodegroup/eks1-devel/ng-20250720075452134700000007/9ecc136a-0ed4-ed3d-4abc-e209bf79bbc4", + "arn": "arn:aws:eks:us-east-1:273729230602:nodegroup/eks1-devel/ng-20250726050837528800000015/4ecc2291-0935-59bf-b572-c11bd62148f2", "capacity_type": "ON_DEMAND", "cluster_name": "eks1-devel", "disk_size": 0, "force_update_version": null, - "id": "eks1-devel:ng-20250720075452134700000007", + "id": "eks1-devel:ng-20250726050837528800000015", "instance_types": [ - "m5.large" + "m6i.large" ], "labels": {}, "launch_template": [ { - "id": "lt-0abd256b85e9cea74", - "name": "ng-20250720075446265800000005", - "version": "1" + "id": "lt-0d2be8605aecac3d6", + "name": "ng-20250726050831652700000013", + "version": "2" } ], - "node_group_name": "ng-20250720075452134700000007", + "node_group_name": "ng-20250726050837528800000015", "node_group_name_prefix": "ng-", "node_repair_config": [], - "node_role_arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250720075445339700000001", + "node_role_arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250726045706136900000001", + "region": "us-east-1", "release_version": "1.33.0-20250715", "remote_access": [], "resources": [ { "autoscaling_groups": [ { - "name": "eks-ng-20250720075452134700000007-9ecc136a-0ed4-ed3d-4abc-e209bf79bbc4" + "name": "eks-ng-20250726050837528800000015-4ecc2291-0935-59bf-b572-c11bd62148f2" } ], "remote_access_security_group_id": "" @@ -3195,19 +3575,19 @@ ], "scaling_config": [ { - "desired_size": 1, + "desired_size": 3, "max_size": 10, "min_size": 1 } ], "status": "ACTIVE", "subnet_ids": [ - "subnet-0115e5b05ab6b132c", - "subnet-03b49ea861522bc48", - "subnet-0556ce01354322097", - "subnet-0a6eed6971e44375c", - "subnet-0cee9908287eaa414", - "subnet-0f439778eb62eac4d" + "subnet-02555be9c1954bbda", + "subnet-08dbbf19ff2c937f1", + "subnet-0d7ae39c853e68127", + "subnet-0e188b45be889dcc3", + "subnet-0f0da9e04f1c8369a", + "subnet-0f84cfaa3d8da724d" ], "tags": { "Name": "ng" @@ -3218,11 +3598,7 @@ "Service": "Kubernetes" }, "taint": [], - "timeouts": { - "create": null, - "delete": null, - "update": null - }, + "timeouts": null, "update_config": [ { "max_unavailable": 0, @@ -3256,15 +3632,16 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.kms.aws_kms_external_key.this", "module.eks.module.eks.module.kms.aws_kms_key.this", "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", @@ -3273,18 +3650,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -3302,12 +3670,12 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250720075445339700000001", + "arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250726045706136900000001", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"EKSNodeAssumeRole\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-20T07:54:45Z", + "create_date": "2025-07-26T04:57:06Z", "description": "EKS managed node group IAM role", "force_detach_policies": true, - "id": "ng-eks-node-group-20250720075445339700000001", + "id": "ng-eks-node-group-20250726045706136900000001", "inline_policy": [], "managed_policy_arns": [ "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", @@ -3315,7 +3683,7 @@ "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" ], "max_session_duration": 3600, - "name": "ng-eks-node-group-20250720075445339700000001", + "name": "ng-eks-node-group-20250726045706136900000001", "name_prefix": "ng-eks-node-group-", "path": "/", "permissions_boundary": "", @@ -3324,26 +3692,17 @@ "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FF3VCO5L57" + "unique_id": "AROAT7O4IS4FE2DMUYZHS" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy" ], "create_before_destroy": true } @@ -3360,31 +3719,25 @@ "index_key": "AmazonEC2ContainerRegistryReadOnly", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446120700000004", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", "policy_arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true }, @@ -3392,31 +3745,25 @@ "index_key": "AmazonEKSWorkerNodePolicy", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446120300000003", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true }, @@ -3424,31 +3771,25 @@ "index_key": "AmazonEKS_CNI_Policy", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446018000000002", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true } @@ -3465,22 +3806,20 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:launch-template/lt-0abd256b85e9cea74", + "arn": "arn:aws:ec2:us-east-1:273729230602:launch-template/lt-0d2be8605aecac3d6", "block_device_mappings": [], "capacity_reservation_specification": [], "cpu_options": [], "credit_specification": [], - "default_version": 1, + "default_version": 2, "description": "Custom launch template for ng EKS managed node group", "disable_api_stop": false, "disable_api_termination": false, "ebs_optimized": "", - "elastic_gpu_specifications": [], - "elastic_inference_accelerator": [], "enclave_options": [], "hibernation_options": [], "iam_instance_profile": [], - "id": "lt-0abd256b85e9cea74", + "id": "lt-0d2be8605aecac3d6", "image_id": "", "instance_initiated_shutdown_behavior": "", "instance_market_options": [], @@ -3488,7 +3827,7 @@ "instance_type": "", "kernel_id": "", "key_name": "", - "latest_version": 1, + "latest_version": 2, "license_specification": [], "maintenance_options": [], "metadata_options": [ @@ -3500,17 +3839,14 @@ "instance_metadata_tags": "" } ], - "monitoring": [ - { - "enabled": true - } - ], - "name": "ng-20250720075446265800000005", + "monitoring": [], + "name": "ng-20250726050831652700000013", "name_prefix": "ng-", "network_interfaces": [], "placement": [], "private_dns_name_options": [], "ram_disk_id": "", + "region": "us-east-1", "security_group_names": [], "tag_specifications": [ { @@ -3540,7 +3876,7 @@ "update_default_version": true, "user_data": "", "vpc_security_group_ids": [ - "sg-063a641aa5386b819" + "sg-0a74b044afaa663ed" ] }, "sensitive_attributes": [], @@ -3567,12 +3903,14 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.kms.aws_kms_external_key.this", "module.eks.module.eks.module.kms.aws_kms_key.this", "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", @@ -3581,18 +3919,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -3609,7 +3938,7 @@ { "schema_version": 0, "attributes": { - "id": "9138203175680545676", + "id": "5050192302767161671", "triggers": null }, "sensitive_attributes": [], @@ -3639,18 +3968,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -3688,9 +4008,9 @@ "index_key": 0, "schema_version": 0, "attributes": { - "id": "3322799044", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Default\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:root\"\n }\n },\n {\n \"Sid\": \"KeyAdministration\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:ReplicateKey\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:ImportKeyMaterial\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"\n }\n },\n {\n \"Sid\": \"KeyUsage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"\n }\n }\n ]\n}", - "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Default\",\"Effect\":\"Allow\",\"Action\":\"kms:*\",\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"}},{\"Sid\":\"KeyAdministration\",\"Effect\":\"Allow\",\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"}},{\"Sid\":\"KeyUsage\",\"Effect\":\"Allow\",\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"}}]}", + "id": "3915224678", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Default\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:root\"\n }\n },\n {\n \"Sid\": \"KeyAdministration\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:ReplicateKey\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:ImportKeyMaterial\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"\n }\n },\n {\n \"Sid\": \"KeyUsage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Default\",\"Effect\":\"Allow\",\"Action\":\"kms:*\",\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"}},{\"Sid\":\"KeyAdministration\",\"Effect\":\"Allow\",\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"}},{\"Sid\":\"KeyUsage\",\"Effect\":\"Allow\",\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"}}]}", "override_json": null, "override_policy_documents": null, "policy_id": null, @@ -3772,7 +4092,7 @@ "principals": [ { "identifiers": [ - "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008" + "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006" ], "type": "AWS" } @@ -3826,8 +4146,9 @@ "id": "alias/eks/eks1-devel", "name": "alias/eks/eks1-devel", "name_prefix": "", - "target_key_arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587", - "target_key_id": "592722d1-13ec-4bf0-9ebe-202421243587" + "region": "us-east-1", + "target_key_arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655", + "target_key_id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655" }, "sensitive_attributes": [], "identity_schema_version": 0, @@ -3843,20 +4164,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -3872,19 +4180,20 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587", + "arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655", "bypass_policy_lockout_safety_check": false, "custom_key_store_id": "", "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": null, "description": "eks1-devel cluster encryption key", "enable_key_rotation": true, - "id": "592722d1-13ec-4bf0-9ebe-202421243587", + "id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655", "is_enabled": true, - "key_id": "592722d1-13ec-4bf0-9ebe-202421243587", + "key_id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655", "key_usage": "ENCRYPT_DECRYPT", "multi_region": false, - "policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"},\"Resource\":\"*\",\"Sid\":\"Default\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"},\"Resource\":\"*\",\"Sid\":\"KeyAdministration\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"},\"Resource\":\"*\",\"Sid\":\"KeyUsage\"}],\"Version\":\"2012-10-17\"}", + "policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"},\"Resource\":\"*\",\"Sid\":\"Default\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"},\"Resource\":\"*\",\"Sid\":\"KeyAdministration\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"},\"Resource\":\"*\",\"Sid\":\"KeyUsage\"}],\"Version\":\"2012-10-17\"}", + "region": "us-east-1", "rotation_period_in_days": 365, "tags": { "terraform-aws-modules": "eks" @@ -3907,22 +4216,1178 @@ "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current" + ], + "create_before_destroy": true + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1268413494", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:ChangeResourceRecordSets\",\n \"Resource\": \"arn:aws:route53:::hostedzone/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:ListTagsForResources\",\n \"route53:ListResourceRecordSets\",\n \"route53:ListHostedZones\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"route53:ChangeResourceRecordSets\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Effect\":\"Allow\",\"Action\":[\"route53:ListTagsForResources\",\"route53:ListResourceRecordSets\",\"route53:ListHostedZones\"],\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "route53:ChangeResourceRecordSets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::hostedzone/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:ListTagsForResources" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1716340323", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:external-dns\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:external-dns\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:external-dns" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "attachment_count": 1, + "description": "External DNS policy to allow management of Route53 hosted zone records", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "name": "AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "name_prefix": "AmazonEKS_eks1-devel_External_DNS_Policy-", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":\"route53:ChangeResourceRecordSets\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Action\":[\"route53:ListTagsForResources\",\"route53:ListResourceRecordSets\",\"route53:ListHostedZones\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FBJOOEWX3J", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.external_dns", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-external-dns", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:external-dns\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:25:15Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-external-dns", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e" + ], + "max_session_duration": 3600, + "name": "eks1-devel-external-dns", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FBJGK2IPMG" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-external-dns" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.external_dns_irsa_role.data.aws_caller_identity.current", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.external_dns_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-external-dns/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "role": "eks1-devel-external-dns" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "role": "eks1-devel-external-dns" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.external_dns_irsa_role.aws_iam_policy.external_dns", + "module.eks.module.external_dns_irsa_role.aws_iam_role.this", + "module.eks.module.external_dns_irsa_role.data.aws_caller_identity.current", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.external_dns", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.external_dns_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1541424006", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DescribeTrustStores\",\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeSSLPolicies\",\n \"elasticloadbalancing:DescribeRules\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeListenerCertificates\",\n \"elasticloadbalancing:DescribeListenerAttributes\",\n \"elasticloadbalancing:DescribeCapacityReservation\",\n \"ec2:GetSecurityGroupsForVpc\",\n \"ec2:GetCoipPoolUsage\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcPeeringConnections\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeIpamPools\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeCoipPools\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:GetWebACLForResource\",\n \"wafv2:GetWebACL\",\n \"wafv2:DisassociateWebACL\",\n \"wafv2:AssociateWebACL\",\n \"waf-regional:GetWebACLForResource\",\n \"waf-regional:GetWebACL\",\n \"waf-regional:DisassociateWebACL\",\n \"waf-regional:AssociateWebACL\",\n \"shield:GetSubscriptionState\",\n \"shield:DescribeProtection\",\n \"shield:DeleteProtection\",\n \"shield:CreateProtection\",\n \"iam:ListServerCertificates\",\n \"iam:GetServerCertificate\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"acm:ListCertificates\",\n \"acm:DescribeCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSecurityGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"ec2:CreateAction\": \"CreateSecurityGroup\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DeleteTags\",\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DeleteRule\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateListener\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetSubnets\",\n \"elasticloadbalancing:SetSecurityGroups\",\n \"elasticloadbalancing:SetIpAddressType\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:ModifyTargetGroup\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:ModifyListenerAttributes\",\n \"elasticloadbalancing:ModifyIpPools\",\n \"elasticloadbalancing:ModifyCapacityReservation\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeleteLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"elasticloadbalancing:AddTags\",\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"elasticloadbalancing:CreateAction\": [\n \"CreateTargetGroup\",\n \"CreateLoadBalancer\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:DeregisterTargets\"\n ],\n \"Resource\": \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetWebAcl\",\n \"elasticloadbalancing:SetRulePriorities\",\n \"elasticloadbalancing:RemoveListenerCertificates\",\n \"elasticloadbalancing:ModifyRule\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:AddListenerCertificates\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeRouteTables\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeIpamPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSecurityGroup\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateTags\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}}},{\"Effect\":\"Allow\",\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyIpPools\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"elasticloadbalancing:AddTags\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:SetRulePriorities\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "iam:CreateServiceLinkedRole" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "elasticloadbalancing.amazonaws.com" + ], + "variable": "iam:AWSServiceName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeIpamPools", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:GetCoipPoolUsage", + "ec2:GetSecurityGroupsForVpc", + "elasticloadbalancing:DescribeCapacityReservation", + "elasticloadbalancing:DescribeListenerAttributes", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTrustStores" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "cognito-idp:DescribeUserPoolClient", + "iam:GetServerCertificate", + "iam:ListServerCertificates", + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:GetSubscriptionState", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSecurityGroup" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + }, + { + "test": "StringEquals", + "values": [ + "CreateSecurityGroup" + ], + "variable": "ec2:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + }, + { + "test": "Null", + "values": [ + "true" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteRule" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + }, + { + "test": "Null", + "values": [ + "true" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyCapacityReservation", + "elasticloadbalancing:ModifyIpPools", + "elasticloadbalancing:ModifyListenerAttributes", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + }, + { + "test": "StringEquals", + "values": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ], + "variable": "elasticloadbalancing:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:RegisterTargets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetWebAcl" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "236870047", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:aws-load-balancer-controller\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:aws-load-balancer-controller" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "attachment_count": 1, + "description": "Provides permissions for AWS Load Balancer Controller addon", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "name": "AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "name_prefix": "AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeRouteTables\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeIpamPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateSecurityGroup\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyIpPools\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"elasticloadbalancing:AddTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:SetRulePriorities\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FDJFNVQKAK", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-aws-load-balancer-controller", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:23:56Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-aws-load-balancer-controller", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f" + ], + "max_session_duration": 3600, + "name": "eks1-devel-aws-load-balancer-controller", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FNEGNOKZIO" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-aws-load-balancer-controller" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_caller_identity.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-aws-load-balancer-controller/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "role": "eks1-devel-aws-load-balancer-controller" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "role": "eks1-devel-aws-load-balancer-controller" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.aws_iam_policy.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.aws_iam_role.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_caller_identity.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] } ] }, @@ -3962,6 +5427,7 @@ "us-east-1d", "us-east-1f" ], + "region": "us-east-1", "state": null, "timeouts": null, "zone_ids": [ @@ -4005,6 +5471,7 @@ "id": "igw-04c8aad5899c55659", "internet_gateway_id": "igw-04c8aad5899c55659", "owner_id": "273729230602", + "region": "us-east-1", "tags": {}, "timeouts": null }, @@ -4044,6 +5511,7 @@ "ipv6_cidr_block": "", "main_route_table_id": "rtb-01ff49732ea0b5a76", "owner_id": "273729230602", + "region": "us-east-1", "state": null, "tags": {}, "timeouts": null @@ -4064,37 +5532,36 @@ "schema_version": 0, "attributes": { "address": null, - "allocation_id": "eipalloc-073d8354af914f72c", - "arn": "arn:aws:ec2:us-east-1:273729230602:elastic-ip/eipalloc-073d8354af914f72c", + "allocation_id": "eipalloc-0efd9a4666274d4b9", + "arn": "arn:aws:ec2:us-east-1:273729230602:elastic-ip/eipalloc-0efd9a4666274d4b9", "associate_with_private_ip": null, - "association_id": "eipassoc-0c8ecf10aa0025b3f", + "association_id": "eipassoc-0670094f7c1ebaa09", "carrier_ip": "", "customer_owned_ip": "", "customer_owned_ipv4_pool": "", "domain": "vpc", - "id": "eipalloc-073d8354af914f72c", + "id": "eipalloc-0efd9a4666274d4b9", "instance": "", "ipam_pool_id": null, "network_border_group": "us-east-1", - "network_interface": "eni-04e0f8c6777b3ee96", - "private_dns": "ip-172-31-176-157.ec2.internal", - "private_ip": "172.31.176.157", + "network_interface": "eni-0af2e53d148f4e2ef", + "private_dns": "ip-172-31-176-31.ec2.internal", + "private_ip": "172.31.176.31", "ptr_record": "", - "public_dns": "ec2-52-3-194-240.compute-1.amazonaws.com", - "public_ip": "52.3.194.240", + "public_dns": "ec2-3-223-7-164.compute-1.amazonaws.com", + "public_ip": "3.223.7.164", "public_ipv4_pool": "amazon", + "region": "us-east-1", "tags": {}, "tags_all": { "Environment": "devel", "Service": "Kubernetes" }, - "timeouts": null, - "vpc": true + "timeouts": null }, "sensitive_attributes": [], "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==", - "create_before_destroy": true + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==" } ] }, @@ -4108,17 +5575,18 @@ { "schema_version": 0, "attributes": { - "allocation_id": "eipalloc-073d8354af914f72c", - "association_id": "eipassoc-0c8ecf10aa0025b3f", + "allocation_id": "eipalloc-0efd9a4666274d4b9", + "association_id": "eipassoc-0670094f7c1ebaa09", "connectivity_type": "public", - "id": "nat-0d8a564a42b566896", - "network_interface_id": "eni-04e0f8c6777b3ee96", - "private_ip": "172.31.176.157", - "public_ip": "52.3.194.240", + "id": "nat-09006b80b9074bdb7", + "network_interface_id": "eni-0af2e53d148f4e2ef", + "private_ip": "172.31.176.31", + "public_ip": "3.223.7.164", + "region": "us-east-1", "secondary_allocation_ids": [], "secondary_private_ip_address_count": 0, "secondary_private_ip_addresses": [], - "subnet_id": "subnet-0f439778eb62eac4d", + "subnet_id": "subnet-0e188b45be889dcc3", "tags": {}, "tags_all": { "Environment": "devel", @@ -4134,8 +5602,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4157,14 +5624,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-02f0a19caa65e83691080289494", + "id": "r-rtb-041eec80d0151b4131080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-02f0a19caa65e8369", + "region": "us-east-1", + "route_table_id": "rtb-041eec80d0151b413", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4181,8 +5649,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", @@ -4195,14 +5662,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-090b5b849bbd970f71080289494", + "id": "r-rtb-045c9ab610c7aabd31080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-090b5b849bbd970f7", + "region": "us-east-1", + "route_table_id": "rtb-045c9ab610c7aabd3", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4219,8 +5687,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", @@ -4233,14 +5700,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-06cf7753a59edf1461080289494", + "id": "r-rtb-0a1eb19f2c209aa341080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-06cf7753a59edf146", + "region": "us-east-1", + "route_table_id": "rtb-0a1eb19f2c209aa34", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4257,8 +5725,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4279,14 +5746,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "igw-04c8aad5899c55659", - "id": "r-rtb-0b75357b0e74c52a81080289494", + "id": "r-rtb-0d102d2391110f0b51080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", "nat_gateway_id": "", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-0b75357b0e74c52a8", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4300,8 +5768,7 @@ "module.network.aws_route_table.public", "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4316,10 +5783,11 @@ "index_key": "us-east-1a", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-02f0a19caa65e8369", - "id": "rtb-02f0a19caa65e8369", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-041eec80d0151b413", + "id": "rtb-041eec80d0151b413", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4330,7 +5798,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4354,17 +5822,17 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-090b5b849bbd970f7", - "id": "rtb-090b5b849bbd970f7", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-045c9ab610c7aabd3", + "id": "rtb-045c9ab610c7aabd3", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4375,7 +5843,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4399,17 +5867,17 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-06cf7753a59edf146", - "id": "rtb-06cf7753a59edf146", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0a1eb19f2c209aa34", + "id": "rtb-0a1eb19f2c209aa34", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4420,7 +5888,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4444,8 +5912,7 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4459,10 +5926,11 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0b75357b0e74c52a8", - "id": "rtb-0b75357b0e74c52a8", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0d102d2391110f0b5", + "id": "rtb-0d102d2391110f0b5", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4496,8 +5964,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", "dependencies": [ "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4513,9 +5980,10 @@ "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0be084cf118e2a836", - "route_table_id": "rtb-02f0a19caa65e8369", - "subnet_id": "subnet-0a6eed6971e44375c", + "id": "rtbassoc-0e1e038f4c6d929ce", + "region": "us-east-1", + "route_table_id": "rtb-041eec80d0151b413", + "subnet_id": "subnet-0f0da9e04f1c8369a", "timeouts": null }, "sensitive_attributes": [], @@ -4526,17 +5994,17 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-03ed3dddfe0888d54", - "route_table_id": "rtb-090b5b849bbd970f7", - "subnet_id": "subnet-0115e5b05ab6b132c", + "id": "rtbassoc-0dd4118f5d0a30ca8", + "region": "us-east-1", + "route_table_id": "rtb-045c9ab610c7aabd3", + "subnet_id": "subnet-0d7ae39c853e68127", "timeouts": null }, "sensitive_attributes": [], @@ -4547,17 +6015,17 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0ecf7bbeaba18e3aa", - "route_table_id": "rtb-06cf7753a59edf146", - "subnet_id": "subnet-0556ce01354322097", + "id": "rtbassoc-0ed1a7a490311bafb", + "region": "us-east-1", + "route_table_id": "rtb-0a1eb19f2c209aa34", + "subnet_id": "subnet-0f84cfaa3d8da724d", "timeouts": null }, "sensitive_attributes": [], @@ -4568,8 +6036,7 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4585,9 +6052,10 @@ "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-05ced21d9d8fffc1e", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-0f439778eb62eac4d", + "id": "rtbassoc-0522ba344fcea4f83", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-0e188b45be889dcc3", "timeouts": null }, "sensitive_attributes": [], @@ -4598,17 +6066,17 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0ff340c12926faca6", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-03b49ea861522bc48", + "id": "rtbassoc-088380c97cfc946c7", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-02555be9c1954bbda", "timeouts": null }, "sensitive_attributes": [], @@ -4619,17 +6087,17 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0a0d8a182f16ffe19", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-0cee9908287eaa414", + "id": "rtbassoc-0d880a637fe8c9576", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-08dbbf19ff2c937f1", "timeouts": null }, "sensitive_attributes": [], @@ -4640,8 +6108,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4656,7 +6123,7 @@ "index_key": "us-east-1a", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0a6eed6971e44375c", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f0da9e04f1c8369a", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1a", "availability_zone_id": "use1-az1", @@ -4666,7 +6133,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0a6eed6971e44375c", + "id": "subnet-0f0da9e04f1c8369a", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4675,6 +6142,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1a)", "kubernetes.io/role/internal-elb": "1" @@ -4701,7 +6169,7 @@ "index_key": "us-east-1b", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0115e5b05ab6b132c", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0d7ae39c853e68127", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1b", "availability_zone_id": "use1-az2", @@ -4711,7 +6179,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0115e5b05ab6b132c", + "id": "subnet-0d7ae39c853e68127", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4720,6 +6188,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1b)", "kubernetes.io/role/internal-elb": "1" @@ -4746,7 +6215,7 @@ "index_key": "us-east-1c", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0556ce01354322097", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f84cfaa3d8da724d", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1c", "availability_zone_id": "use1-az4", @@ -4756,7 +6225,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0556ce01354322097", + "id": "subnet-0f84cfaa3d8da724d", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4765,6 +6234,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1c)", "kubernetes.io/role/internal-elb": "1" @@ -4800,7 +6270,7 @@ "index_key": "us-east-1a", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f439778eb62eac4d", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0e188b45be889dcc3", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1a", "availability_zone_id": "use1-az1", @@ -4810,7 +6280,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0f439778eb62eac4d", + "id": "subnet-0e188b45be889dcc3", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4819,6 +6289,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1a)", "kubernetes.io/role/elb": "1" @@ -4845,7 +6316,7 @@ "index_key": "us-east-1b", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-03b49ea861522bc48", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-02555be9c1954bbda", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1b", "availability_zone_id": "use1-az2", @@ -4855,7 +6326,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-03b49ea861522bc48", + "id": "subnet-02555be9c1954bbda", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4864,6 +6335,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1b)", "kubernetes.io/role/elb": "1" @@ -4890,7 +6362,7 @@ "index_key": "us-east-1c", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0cee9908287eaa414", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-08dbbf19ff2c937f1", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1c", "availability_zone_id": "use1-az4", @@ -4900,7 +6372,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0cee9908287eaa414", + "id": "subnet-08dbbf19ff2c937f1", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4909,6 +6381,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1c)", "kubernetes.io/role/elb": "1" @@ -4951,12 +6424,6 @@ "status": "pass" } ] - }, - { - "object_kind": "var", - "config_addr": "module.eks.module.eks.module.self_managed_node_group.var.platform", - "status": "pass", - "objects": null } ] } diff --git a/environments/development/terraform.tfstate.backup b/environments/development/terraform.tfstate.backup index d15cc06..321d4bf 100644 --- a/environments/development/terraform.tfstate.backup +++ b/environments/development/terraform.tfstate.backup @@ -1,29 +1,228 @@ { "version": 4, "terraform_version": "1.12.2", - "serial": 3240, - "lineage": "8bb850d3-2dbc-b205-47b4-36da62ae84f3", + "serial": 316, + "lineage": "e0fa6852-8979-09e2-362d-b95bd3e079e1", "outputs": {}, "resources": [ { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_policy", - "name": "AWSLoadBalancerControllerIAMPolicy", + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "3416383923", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:GetChange\",\n \"Resource\": \"arn:aws:route53:::change/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:ListResourceRecordSets\",\n \"route53:ChangeResourceRecordSets\"\n ],\n \"Resource\": \"arn:aws:route53:::hostedzone/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:ListHostedZonesByName\",\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"route53:GetChange\",\"Resource\":\"arn:aws:route53:::change/*\"},{\"Effect\":\"Allow\",\"Action\":[\"route53:ListResourceRecordSets\",\"route53:ChangeResourceRecordSets\"],\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Effect\":\"Allow\",\"Action\":\"route53:ListHostedZonesByName\",\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "route53:GetChange" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::change/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ChangeResourceRecordSets", + "route53:ListResourceRecordSets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::hostedzone/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ListHostedZonesByName" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1545384681", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:cert-manager\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cert-manager\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:cert-manager" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", - "name": "AWSLoadBalancerControllerIAMPolicy", - "name_prefix": "", + "description": "Cert Manager policy to allow management of Route53 hosted zone records", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "name": "AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "name_prefix": "AmazonEKS_eks1-devel_Cert_Manager_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeInstances\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeTags\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeCoipPools\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:DescribeIpamPools\",\"ec2:DescribeRouteTables\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"waf-regional:GetWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:AssociateWebACL\",\"waf-regional:DisassociateWebACL\",\"wafv2:GetWebACL\",\"wafv2:GetWebACLForResource\",\"wafv2:AssociateWebACL\",\"wafv2:DisassociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:CreateProtection\",\"shield:DeleteProtection\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:RevokeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateSecurityGroup\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateTargetGroup\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateListener\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:DeleteRule\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:AddTags\",\"elasticloadbalancing:RemoveTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:AddTags\",\"elasticloadbalancing:RemoveTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:DeleteLoadBalancer\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:ModifyIpPools\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:SetRulePriorities\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FABCUGGJOJ", + "policy": "{\"Statement\":[{\"Action\":\"route53:GetChange\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::change/*\"},{\"Action\":[\"route53:ListResourceRecordSets\",\"route53:ChangeResourceRecordSets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Action\":\"route53:ListHostedZonesByName\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FG6HNVVFKD", "tags": {}, "tags_all": { "Environment": "devel", @@ -32,44 +231,410 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.cert_manager", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.cert_manager_irsa_role", "mode": "managed", - "type": "aws_iam_policy", - "name": "AllowExternalDNSUpdates", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cert-manager", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cert-manager\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-27T01:03:26Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-cert-manager", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001" + ], + "max_session_duration": 3600, + "name": "eks1-devel-cert-manager", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FO56IFZGYS" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cert-manager" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cert_manager_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cert_manager_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-cert-manager/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "role": "eks1-devel-cert-manager" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cert_Manager_Policy-20250727010326281700000001", + "role": "eks1-devel-cert-manager" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cert_manager_irsa_role.aws_iam_policy.cert_manager", + "module.eks.module.cert_manager_irsa_role.aws_iam_role.this", + "module.eks.module.cert_manager_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.cert_manager", + "module.eks.module.cert_manager_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cert_manager_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "2162280319", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"eks:DescribeNodegroup\",\n \"ec2:GetInstanceTypesFromInstanceRequirements\",\n \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DescribeInstanceTypes\",\n \"ec2:DescribeImages\",\n \"autoscaling:DescribeTags\",\n \"autoscaling:DescribeScalingActivities\",\n \"autoscaling:DescribeLaunchConfigurations\",\n \"autoscaling:DescribeAutoScalingInstances\",\n \"autoscaling:DescribeAutoScalingGroups\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"autoscaling:TerminateInstanceInAutoScalingGroup\",\n \"autoscaling:SetDesiredCapacity\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\": \"owned\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"eks:DescribeNodegroup\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeImages\",\"autoscaling:DescribeTags\",\"autoscaling:DescribeScalingActivities\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeAutoScalingGroups\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"autoscaling:SetDesiredCapacity\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\":\"owned\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeTags", + "ec2:DescribeImages", + "ec2:DescribeInstanceTypes", + "ec2:DescribeLaunchTemplateVersions", + "ec2:GetInstanceTypesFromInstanceRequirements", + "eks:DescribeNodegroup" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "autoscaling:SetDesiredCapacity", + "autoscaling:TerminateInstanceInAutoScalingGroup" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "owned" + ], + "variable": "autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1043243729", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:cluster-autoscaler\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:cluster-autoscaler" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", - "name": "AllowExternalDNSUpdates", - "name_prefix": "", + "description": "Cluster autoscaler policy to allow examination and modification of EC2 Auto Scaling Groups", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "name": "AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "name_prefix": "AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:ChangeResourceRecordSets\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/*\"]},{\"Action\":[\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:ListTagsForResource\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FMVTRS5KI5", + "policy": "{\"Statement\":[{\"Action\":[\"eks:DescribeNodegroup\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeImages\",\"autoscaling:DescribeTags\",\"autoscaling:DescribeScalingActivities\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeAutoScalingGroups\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"autoscaling:SetDesiredCapacity\"],\"Condition\":{\"StringEquals\":{\"autoscaling:ResourceTag/kubernetes.io/cluster/eks1-devel\":\"owned\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FADZLMDOQX", "tags": {}, "tags_all": { "Environment": "devel", @@ -78,45 +643,679 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.cluster_autoscaler", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.cluster_autoscaler_irsa_role", "mode": "managed", - "type": "aws_iam_policy", - "name": "ClusterAutoscalerIAMPolicy", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-autoscaler", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:25:15Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-cluster-autoscaler", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d" + ], + "max_session_duration": 3600, + "name": "eks1-devel-cluster-autoscaler", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FEIFH6MTO2" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cluster-autoscaler" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.cluster_autoscaler_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "cluster_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-cluster-autoscaler/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "role": "eks1-devel-cluster-autoscaler" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_Cluster_Autoscaler_Policy-2025072605080303050000000d", + "role": "eks1-devel-cluster-autoscaler" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.cluster_autoscaler_irsa_role.aws_iam_policy.cluster_autoscaler", + "module.eks.module.cluster_autoscaler_irsa_role.aws_iam_role.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_caller_identity.current", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.cluster_autoscaler", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.cluster_autoscaler_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", - "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", - "name": "ClusterAutoscalerIAMPolicy", - "name_prefix": "", + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "ebs_csi", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "4189668531", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVolumesModifications\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSnapshots\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeAvailabilityZones\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:ModifyVolume\",\n \"ec2:CreateSnapshot\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DetachVolume\",\n \"ec2:AttachVolume\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:instance/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:EnableFastSnapshotRestores\",\n \"ec2:CreateVolume\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"ec2:CreateAction\": [\n \"CreateVolume\",\n \"CreateSnapshot\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteTags\",\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/CSIVolumeName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/CSIVolumeName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteVolume\",\n \"Resource\": \"arn:aws:ec2:*:*:volume/*\",\n \"Condition\": {\n \"StringLike\": {\n \"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/CSIVolumeSnapshotName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:RequestTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/CSIVolumeSnapshotName\": \"*\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:DeleteSnapshot\",\n \"Resource\": \"arn:aws:ec2:*:*:snapshot/*\",\n \"Condition\": {\n \"StringLike\": {\n \"aws:ResourceTag/ebs.csi.aws.com/cluster\": \"true\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVolumes\",\"ec2:DescribeTags\",\"ec2:DescribeSnapshots\",\"ec2:DescribeInstances\",\"ec2:DescribeAvailabilityZones\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:ModifyVolume\",\"ec2:CreateSnapshot\"],\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:DetachVolume\",\"ec2:AttachVolume\"],\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:instance/*\"]},{\"Effect\":\"Allow\",\"Action\":[\"ec2:EnableFastSnapshotRestores\",\"ec2:CreateVolume\"],\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateTags\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteTags\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteVolume\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeSnapshotName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeSnapshotName\":\"*\"}}},{\"Effect\":\"Allow\",\"Action\":\"ec2:DeleteSnapshot\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot", + "ec2:ModifyVolume" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume", + "ec2:EnableFastSnapshotRestores" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "CreateVolume", + "CreateSnapshot" + ], + "variable": "ec2:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteTags" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:RequestTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:RequestTag/CSIVolumeName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:ResourceTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:ResourceTag/CSIVolumeName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteVolume" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "ec2:ResourceTag/kubernetes.io/created-for/pvc/name" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:volume/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:RequestTag/CSIVolumeSnapshotName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:RequestTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "*" + ], + "variable": "aws:ResourceTag/CSIVolumeSnapshotName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DeleteSnapshot" + ], + "condition": [ + { + "test": "StringLike", + "values": [ + "true" + ], + "variable": "aws:ResourceTag/ebs.csi.aws.com/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:snapshot/*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "3862641923", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:ebs-csi-controller-sa\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:ebs-csi-controller-sa\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:ebs-csi-controller-sa" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.ebs_csi_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "ebs_csi", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "attachment_count": 0, + "description": "Provides permissions to manage EBS volumes via the container storage interface driver", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "name": "AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "name_prefix": "AmazonEKS_eks1-devel_EBS_CSI_Policy-", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeScalingActivities\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"autoscaling:SetDesiredCapacity\",\"autoscaling:TerminateInstanceInAutoScalingGroup\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FLO47ADJSH", - "tags": {}, + "policy": "{\"Statement\":[{\"Action\":[\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVolumes\",\"ec2:DescribeTags\",\"ec2:DescribeSnapshots\",\"ec2:DescribeInstances\",\"ec2:DescribeAvailabilityZones\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:ModifyVolume\",\"ec2:CreateSnapshot\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":[\"ec2:DetachVolume\",\"ec2:AttachVolume\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:instance/*\"]},{\"Action\":[\"ec2:EnableFastSnapshotRestores\",\"ec2:CreateVolume\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Action\":\"ec2:DeleteTags\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Action\":\"ec2:CreateVolume\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:CreateVolume\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:DeleteVolume\",\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\"},{\"Action\":\"ec2:CreateSnapshot\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:CreateSnapshot\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:DeleteSnapshot\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"},{\"Action\":\"ec2:DeleteSnapshot\",\"Condition\":{\"StringLike\":{\"aws:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FBDEFQK6I6", + "tags": null, "tags_all": { "Environment": "devel", "Service": "Kubernetes" @@ -124,62 +1323,91 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", + "module": "module.eks.module.ebs_csi_irsa_role", "mode": "managed", "type": "aws_iam_role", - "name": "aws-load-balancer-controller", + "name": "this", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/aws-load-balancer-controller", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T08:08:05Z", + "arn": "arn:aws:iam::273729230602:role/eks1-devel-ebs-csi", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:ebs-csi-controller-sa\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-28T19:11:10Z", "description": "", - "force_detach_policies": false, - "id": "aws-load-balancer-controller", + "force_detach_policies": true, + "id": "eks1-devel-ebs-csi", "inline_policy": [], - "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy" - ], + "managed_policy_arns": [], "max_session_duration": 3600, - "name": "aws-load-balancer-controller", + "name": "eks1-devel-ebs-csi", "name_prefix": "", "path": "/", "permissions_boundary": "", - "tags": {}, + "tags": null, "tags_all": { "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FD7OQTHZZI" + "unique_id": "AROAT7O4IS4FAOGGU4EPY" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-ebs-csi" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.ebs_csi_irsa_role.data.aws_caller_identity.current", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", "module.eks.module.eks.aws_eks_cluster.this", "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", @@ -204,200 +1432,47 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } ] }, { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role", - "name": "cluster-autoscaler", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:role/aws-cluster-autoscaler", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:kube-system:cluster-autoscaler\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T08:08:05Z", - "description": "", - "force_detach_policies": false, - "id": "aws-cluster-autoscaler", - "inline_policy": [], - "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy" - ], - "max_session_duration": 3600, - "name": "aws-cluster-autoscaler", - "name_prefix": "", - "path": "/", - "permissions_boundary": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "unique_id": "AROAT7O4IS4FG7WIYJBVJ" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role", - "name": "external-dns", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:role/external-dns", - "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A:sub\":\"system:serviceaccount:default:external-dns\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-20T06:32:32Z", - "description": "", - "force_detach_policies": false, - "id": "external-dns", - "inline_policy": [], - "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates" - ], - "max_session_duration": 3600, - "name": "external-dns", - "name_prefix": "", - "path": "/", - "permissions_boundary": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "unique_id": "AROAT7O4IS4FHOVHRHZZF" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", + "module": "module.eks.module.ebs_csi_irsa_role", "mode": "managed", "type": "aws_iam_role_policy_attachment", - "name": "aws-load-balancer-controller", + "name": "ebs_csi", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "id": "aws-load-balancer-controller-2025071908080601560000001b", - "policy_arn": "arn:aws:iam::273729230602:policy/AWSLoadBalancerControllerIAMPolicy", - "role": "aws-load-balancer-controller" + "id": "eks1-devel-ebs-csi/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "role": "eks1-devel-ebs-csi" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_EBS_CSI_Policy-20250728191109888000000001", + "role": "eks1-devel-ebs-csi" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.aws_iam_policy.AWSLoadBalancerControllerIAMPolicy", - "module.eks.aws_iam_role.aws-load-balancer-controller", + "module.eks.module.ebs_csi_irsa_role.aws_iam_policy.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.aws_iam_role.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_caller_identity.current", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.ebs_csi", + "module.eks.module.ebs_csi_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.ebs_csi_irsa_role.data.aws_partition.current", "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", "module.eks.module.eks.aws_eks_cluster.this", "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", @@ -422,142 +1497,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "cluster-autoscaler", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "aws-cluster-autoscaler-2025071908080606430000001c", - "policy_arn": "arn:aws:iam::273729230602:policy/ClusterAutoscalerIAMPolicy", - "role": "aws-cluster-autoscaler" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.aws_iam_policy.ClusterAutoscalerIAMPolicy", - "module.eks.aws_iam_role.cluster-autoscaler", - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "external-dns", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "external-dns-20250720063232744000000001", - "policy_arn": "arn:aws:iam::273729230602:policy/AllowExternalDNSUpdates", - "role": "external-dns" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.aws_iam_policy.AllowExternalDNSUpdates", - "module.eks.aws_iam_role.external-dns", - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.data.tls_certificate.this", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -598,8 +1540,9 @@ "addon_name": "coredns", "id": "coredns", "kubernetes_version": "1.33", - "most_recent": false, - "version": "v1.12.1-eksbuild.2" + "most_recent": true, + "region": "us-east-1", + "version": "v1.12.2-eksbuild.4" }, "sensitive_attributes": [], "identity_schema_version": 0 @@ -611,7 +1554,8 @@ "addon_name": "eks-pod-identity-agent", "id": "eks-pod-identity-agent", "kubernetes_version": "1.33", - "most_recent": false, + "most_recent": true, + "region": "us-east-1", "version": "v1.3.8-eksbuild.2" }, "sensitive_attributes": [], @@ -624,7 +1568,8 @@ "addon_name": "kube-proxy", "id": "kube-proxy", "kubernetes_version": "1.33", - "most_recent": false, + "most_recent": true, + "region": "us-east-1", "version": "v1.33.0-eksbuild.2" }, "sensitive_attributes": [], @@ -637,8 +1582,9 @@ "addon_name": "vpc-cni", "id": "vpc-cni", "kubernetes_version": "1.33", - "most_recent": false, - "version": "v1.19.5-eksbuild.1" + "most_recent": true, + "region": "us-east-1", + "version": "v1.20.0-eksbuild.1" }, "sensitive_attributes": [], "identity_schema_version": 0 @@ -694,201 +1640,6 @@ } ] }, - { - "module": "module.eks.module.eks", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "513122117", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Compute\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RunInstances\",\n \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateFleet\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n },\n \"StringLike\": {\n \"aws:RequestTag/eks:kubernetes-node-class-name\": \"*\",\n \"aws:RequestTag/eks:kubernetes-node-pool-name\": \"*\"\n }\n }\n },\n {\n \"Sid\": \"Storage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateVolume\",\n \"ec2:CreateSnapshot\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:*:*:volume/*\",\n \"arn:aws:ec2:*:*:snapshot/*\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"Networking\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateNetworkInterface\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\",\n \"aws:RequestTag/eks:kubernetes-cni-node-name\": \"*\"\n }\n }\n },\n {\n \"Sid\": \"LoadBalancer\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateLoadBalancer\",\n \"elasticloadbalancing:CreateListener\",\n \"ec2:CreateSecurityGroup\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"ShieldProtection\",\n \"Effect\": \"Allow\",\n \"Action\": \"shield:CreateProtection\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n },\n {\n \"Sid\": \"ShieldTagResource\",\n \"Effect\": \"Allow\",\n \"Action\": \"shield:TagResource\",\n \"Resource\": \"arn:aws:shield::*:protection/*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestTag/eks:eks-cluster-name\": \"${aws:PrincipalTag/eks:eks-cluster-name}\"\n }\n }\n }\n ]\n}", - "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Compute\",\"Effect\":\"Allow\",\"Action\":[\"ec2:RunInstances\",\"ec2:CreateLaunchTemplate\",\"ec2:CreateFleet\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"},\"StringLike\":{\"aws:RequestTag/eks:kubernetes-node-class-name\":\"*\",\"aws:RequestTag/eks:kubernetes-node-pool-name\":\"*\"}}},{\"Sid\":\"Storage\",\"Effect\":\"Allow\",\"Action\":[\"ec2:CreateVolume\",\"ec2:CreateSnapshot\"],\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"Networking\",\"Effect\":\"Allow\",\"Action\":\"ec2:CreateNetworkInterface\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\",\"aws:RequestTag/eks:kubernetes-cni-node-name\":\"*\"}}},{\"Sid\":\"LoadBalancer\",\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateListener\",\"ec2:CreateSecurityGroup\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"ShieldProtection\",\"Effect\":\"Allow\",\"Action\":\"shield:CreateProtection\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}},{\"Sid\":\"ShieldTagResource\",\"Effect\":\"Allow\",\"Action\":\"shield:TagResource\",\"Resource\":\"arn:aws:shield::*:protection/*\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}}}]}", - "override_json": null, - "override_policy_documents": null, - "policy_id": null, - "source_json": null, - "source_policy_documents": null, - "statement": [ - { - "actions": [ - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:RunInstances" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - }, - { - "test": "StringLike", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-node-class-name" - }, - { - "test": "StringLike", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-node-pool-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "Compute" - }, - { - "actions": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:volume/*" - ], - "sid": "Storage" - }, - { - "actions": [ - "ec2:CreateNetworkInterface" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - }, - { - "test": "StringEquals", - "values": [ - "*" - ], - "variable": "aws:RequestTag/eks:kubernetes-cni-node-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "Networking" - }, - { - "actions": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "LoadBalancer" - }, - { - "actions": [ - "shield:CreateProtection" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "*" - ], - "sid": "ShieldProtection" - }, - { - "actions": [ - "shield:TagResource" - ], - "condition": [ - { - "test": "StringEquals", - "values": [ - "${aws:PrincipalTag/eks:eks-cluster-name}" - ], - "variable": "aws:RequestTag/eks:eks-cluster-name" - } - ], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:shield::*:protection/*" - ], - "sid": "ShieldTagResource" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [], - "identity_schema_version": 0 - } - ] - }, { "module": "module.eks.module.eks", "mode": "data", @@ -1000,7 +1751,7 @@ ], "content": null, "id": "922877a0975ad078a65b8ff11ebc47b8311945c7", - "url": "https://oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "url": "https://oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "verify_chain": true }, "sensitive_attributes": [], @@ -1025,6 +1776,7 @@ "log_group_class": "STANDARD", "name": "/aws/eks/eks1-devel/cluster", "name_prefix": "", + "region": "us-east-1", "retention_in_days": 90, "skip_destroy": false, "tags": { @@ -1039,21 +1791,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "bnVsbA==", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -1069,13 +1806,14 @@ "index_key": "cluster_creator", "schema_version": 0, "attributes": { - "access_entry_arn": "arn:aws:eks:us-east-1:273729230602:access-entry/eks1-devel/role/273729230602/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/66cc10dc-ed50-38ab-ada1-21d9a0375aef", + "access_entry_arn": "arn:aws:eks:us-east-1:273729230602:access-entry/eks1-devel/role/273729230602/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/c0cc2290-c2f1-d36f-a3aa-9948fb9dd5c4", "cluster_name": "eks1-devel", - "created_at": "2025-07-19T08:08:05Z", + "created_at": "2025-07-26T05:08:01Z", "id": "eks1-devel:arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", "kubernetes_groups": [], - "modified_at": "2025-07-19T08:08:05Z", + "modified_at": "2025-07-26T05:08:01Z", "principal_arn": "arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", + "region": "us-east-1", "tags": {}, "tags_all": { "Environment": "devel", @@ -1112,18 +1850,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1146,12 +1875,13 @@ "type": "cluster" } ], - "associated_at": "2025-07-19 08:08:05.895 +0000 UTC", + "associated_at": "2025-07-26 05:08:02.648 +0000 UTC", "cluster_name": "eks1-devel", "id": "eks1-devel#arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", - "modified_at": "2025-07-19 08:08:05.895 +0000 UTC", + "modified_at": "2025-07-26 05:08:02.648 +0000 UTC", "policy_arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", "principal_arn": "arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687", + "region": "us-east-1", "timeouts": null }, "sensitive_attributes": [], @@ -1182,18 +1912,144 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.eks", + "mode": "managed", + "type": "aws_eks_addon", + "name": "before_compute", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "eks-pod-identity-agent", + "schema_version": 0, + "attributes": { + "addon_name": "eks-pod-identity-agent", + "addon_version": "v1.3.8-eksbuild.2", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/eks-pod-identity-agent/eecc2290-c377-f6c7-9f0f-f2eb7aa1d1c1", + "cluster_name": "eks1-devel", + "configuration_values": "", + "created_at": "2025-07-26T05:08:02Z", + "id": "eks1-devel:eks-pod-identity-agent", + "modified_at": "2025-07-26T05:11:08Z", + "pod_identity_association": [], + "preserve": true, + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", + "resolve_conflicts_on_update": "OVERWRITE", + "service_account_role_arn": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "timeouts": { + "create": null, + "delete": null, + "update": null + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_eks_addon_version.this", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + }, + { + "index_key": "vpc-cni", + "schema_version": 0, + "attributes": { + "addon_name": "vpc-cni", + "addon_version": "v1.19.5-eksbuild.1", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/vpc-cni/e0cc2290-c371-9193-a1fe-79a2fc911873", + "cluster_name": "eks1-devel", + "configuration_values": "", + "created_at": "2025-07-26T05:08:02Z", + "id": "eks1-devel:vpc-cni", + "modified_at": "2025-07-26T05:08:11Z", + "pod_identity_association": [], + "preserve": true, + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", + "resolve_conflicts_on_update": "OVERWRITE", + "service_account_role_arn": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "timeouts": { + "create": null, + "delete": null, + "update": null + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_eks_addon_version.this", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" ] } @@ -1212,16 +2068,16 @@ "attributes": { "addon_name": "coredns", "addon_version": "v1.12.1-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/coredns/22cc10de-08ca-1449-559c-2064d0e73e23", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/coredns/9acc2291-b411-4ab5-46a4-c9fd2bf3dff7", "cluster_name": "eks1-devel", "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", + "created_at": "2025-07-26T05:10:05Z", "id": "eks1-devel:coredns", - "modified_at": "2025-07-19T08:10:42Z", + "modified_at": "2025-07-26T05:10:48Z", "pod_identity_association": [], "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", "resolve_conflicts_on_update": "OVERWRITE", "service_account_role_arn": "", "tags": {}, @@ -1256,7 +2112,6 @@ "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", @@ -1264,16 +2119,19 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", @@ -1293,7 +2151,6 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", @@ -1302,153 +2159,23 @@ "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.self_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - }, - { - "index_key": "eks-pod-identity-agent", - "schema_version": 0, - "attributes": { - "addon_name": "eks-pod-identity-agent", - "addon_version": "v1.3.8-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/eks-pod-identity-agent/86cc10de-08c0-80ee-d37b-8fa3d54675f3", - "cluster_name": "eks1-devel", - "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", - "id": "eks1-devel:eks-pod-identity-agent", - "modified_at": "2025-07-19T08:11:06Z", - "pod_identity_association": [], - "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", - "resolve_conflicts_on_update": "OVERWRITE", - "service_account_role_arn": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "timeouts": { - "create": null, - "delete": null, - "update": null - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_eks_addon_version.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.fargate_profile.data.aws_caller_identity.current", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.fargate_profile.data.aws_partition.current", - "module.eks.module.eks.module.fargate_profile.data.aws_region.current", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] }, @@ -1458,16 +2185,16 @@ "attributes": { "addon_name": "kube-proxy", "addon_version": "v1.33.0-eksbuild.2", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/kube-proxy/7ecc10de-08c9-6c05-a647-aafa3a2b4c52", + "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/kube-proxy/dacc2291-b40d-625e-13de-8d62e87a886b", "cluster_name": "eks1-devel", "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", + "created_at": "2025-07-26T05:10:05Z", "id": "eks1-devel:kube-proxy", - "modified_at": "2025-07-19T08:10:36Z", + "modified_at": "2025-07-26T05:11:12Z", "pod_identity_association": [], "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", + "region": "us-east-1", + "resolve_conflicts_on_create": "NONE", "resolve_conflicts_on_update": "OVERWRITE", "service_account_role_arn": "", "tags": {}, @@ -1502,7 +2229,6 @@ "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", @@ -1510,16 +2236,19 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", @@ -1539,7 +2268,6 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", @@ -1548,153 +2276,23 @@ "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_security_group.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_egress_rule.this", + "module.eks.module.eks.module.self_managed_node_group.aws_vpc_security_group_ingress_rule.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.self_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - }, - { - "index_key": "vpc-cni", - "schema_version": 0, - "attributes": { - "addon_name": "vpc-cni", - "addon_version": "v1.19.5-eksbuild.1", - "arn": "arn:aws:eks:us-east-1:273729230602:addon/eks1-devel/vpc-cni/30cc10de-08ca-a1d4-f69e-192827a61e68", - "cluster_name": "eks1-devel", - "configuration_values": "", - "created_at": "2025-07-19T08:10:30Z", - "id": "eks1-devel:vpc-cni", - "modified_at": "2025-07-19T08:11:07Z", - "pod_identity_association": [], - "preserve": true, - "resolve_conflicts": null, - "resolve_conflicts_on_create": "OVERWRITE", - "resolve_conflicts_on_update": "OVERWRITE", - "service_account_role_arn": "", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - }, - "timeouts": { - "create": null, - "delete": null, - "update": null - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjI0MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", - "dependencies": [ - "module.eks.module.eks.aws_cloudwatch_log_group.this", - "module.eks.module.eks.aws_eks_cluster.this", - "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", - "module.eks.module.eks.aws_iam_role.eks_auto", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.eks.module.eks.aws_security_group_rule.cluster", - "module.eks.module.eks.aws_security_group_rule.node", - "module.eks.module.eks.data.aws_caller_identity.current", - "module.eks.module.eks.data.aws_eks_addon_version.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", - "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", - "module.eks.module.eks.data.aws_iam_session_context.current", - "module.eks.module.eks.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_eks_node_group.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.module.fargate_profile.aws_eks_fargate_profile.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy.this", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.fargate_profile.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.fargate_profile.data.aws_caller_identity.current", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.fargate_profile.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.fargate_profile.data.aws_partition.current", - "module.eks.module.eks.module.fargate_profile.data.aws_region.current", - "module.eks.module.eks.module.kms.aws_kms_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", - "module.eks.module.eks.module.kms.aws_kms_replica_key.this", - "module.eks.module.eks.module.kms.data.aws_caller_identity.current", - "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_group.this", - "module.eks.module.eks.module.self_managed_node_group.aws_autoscaling_schedule.this", - "module.eks.module.eks.module.self_managed_node_group.aws_eks_access_entry.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_instance_profile.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy.this", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.additional", - "module.eks.module.eks.module.self_managed_node_group.aws_iam_role_policy_attachment.this", - "module.eks.module.eks.module.self_managed_node_group.aws_launch_template.this", - "module.eks.module.eks.module.self_managed_node_group.aws_placement_group.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_caller_identity.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ec2_instance_type_offerings.this", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.self_managed_node_group.data.aws_iam_policy_document.role", - "module.eks.module.eks.module.self_managed_node_group.data.aws_partition.current", - "module.eks.module.eks.module.self_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.self_managed_node_group.data.aws_subnets.placement_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", - "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", - "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1718,15 +2316,15 @@ } ], "arn": "arn:aws:eks:us-east-1:273729230602:cluster/eks1-devel", - "bootstrap_self_managed_addons": true, + "bootstrap_self_managed_addons": false, "certificate_authority": [ { - "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTUtzRlVZekl3NU13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01Ua3dOelUyTkRKYUZ3MHpOVEEzTVRjd09EQXhOREphTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMvREF1NHI0aGgxNXltRVV6OUwzcUlHM05haW4zSm56VTBrVmhSRVpHNUo0dWJxeU1Wd0VnVEh6alkKY2Rid0FWbWhYeXNYdkc0NzBIWDJPSUNMWlVvTG5EejlLNlNnWmpVanFhMXVON25aRXNiMTZoTDBoUmxxOWhkVgo5WWFGZzh1NkJNSlZsYTNWZnhUa1YyQVhCYTVkNGYxd0J2SkFKV2JCUFZBSUhMVyt5djdDTmNFbmwzK2ZMWCtUCkRVUTVvRDF4elU3SFhRV3B5eGZNcW9keGJWcXl4akIrSlNCOCtZRmM5WTA2WTEzUk5KSW9YM2FtaXNwcGNpVVIKdWhtUFlVSGdHQVFySnM5enRHUm05SkYxY3NjQjc2NmNPdDVNTVY2c0daaFIyaFBOUXhPSTFqVWtjQjRxRk9GMQpxUkk0ZDdFckIzbXp5UThUc1h5WDNSNW90Tk4xQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRNHNpMGVqbHJlODlqdVkrT0ZDcm54NTRxOWJEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW53VW56TDZLUAo5dUxmTjh6ZnUwcnRNeXFpZnV5SFFjOS9ZdWNYNEhWMDhkay8yVGpmZWczU29VR1F6WFVPZ09Xd0tvS2VKQ3JqCnVQYWljbDM1QnJEZXdHVC94dHcxbFAwT29PcFo0dHBUaG5XUFAyS0t5VzF6aHJQZnRYMDNrUlZPcXRJbWRPc3QKWjlTajhUcCt0ZXNFTkNQQllIMlg3Wnc0NnZ4N1gvUi9KZzhtR210VmZ4Y1BqOUtNK0JrTThMbTZUOG5jY1U5MQpPZjFFTldwY2U5emxqQUZVNnc3VlpzMEEveXpzb21CMWc1UGVydE4ram1hbS9PcUswb2hPUVA3VEtITHZUMlpXCkUzbjNOb3dGMkdqcmRmVjVvVWhQT0FJc084cll0OUhMZ0dSZ0cvZnZLL2ZiU1ZURmU3eG4wR21QT2ZvK3daQjMKd2VwTGxyTndjK0UzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJT2luRkFybWtSSEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01qWXdORFUzTlRSYUZ3MHpOVEEzTWpRd05UQXlOVFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURiNytlcmRaaVF3Q2xmVTBoQWJ1dFNxVXZiY0JUYmdwelI4UkhITThDa3pCdVdmcVhJREtjUWdDd08KeHNhbXErbUtDczlZTlNMVDJlaXNlcUdIaXpYTXRmTlhtOEo5RGo1LzhZSlNFeUxjR1BUUHFyVXFobmFBRTJ2UQpxZlJJWGYzTVcrQWFjRWd4cVBRNStEcU0rQTFFaFAybDBUSGRiZHdPTFViQ1Vkc2Ftb2VJRVYvckVQM2dteTBRCnlWRmY2K3VCVy9jVTUxWDRSMm1OTmovaW9pZjJUUHhMZ0w0bEhXYUpsWk5PdzdUNEJ5TnQ0NXQ5eS9yUURjV0IKTGpJYnJMQjFSUnlLY1VYR0g0eE1MeitqVTFWVFZzUUR0aGZWT1NmWEs3aTNmRWY1dHUwbndSU04rdThjK0RKcQptQ0JxZ252YU1Pb3lvb2ZrUlZ3ZmZOY3hxOEIvQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTcEFyMk0wYm04MUtkUGhaUnd6bEV1dEx0bHNEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUxBTk1oTW1vcwp3eWhaRDNlSXN1SzJYcVdqd2Y4SXAzcnlaRlcrRGcwOVBHdUI1OXdWVmJrVW5WV0NLMGN0eE52WUxkd3pxUGw0CjMvaUhDOHRhV2o3KzJFcjJHK3JaUlFPVzczUkV2K1JVWUpyeDZwZExCTFZlbmJ5cjZ3SFA5Q0xpcXlpc3EvQzUKei9hTmJoSXpiQjY0eFI0NHk5bXl3TnRURlVLVW9ockE2NlltME1QTVdOdzZYaTlVV1dpemw2b2dHRmhjQi9VUQoxL1g0UmlXVlFjYndndzBXTmxWdDBkaWwvaHZnWFpyK0JIMHRkTlRNa2tEUEtpekFqbFpqV0xtME5OVmZZRTNiCjNiWHY3OVpRUEVnVXNlMU14U0lHU2ZKVWtBbUlEYWJxMEdIYlZ1WjFRcklha2thdkY5UWwrODJNV0lQKzFxNzIKekVTRVNnUFI3dUZ2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" } ], "cluster_id": null, "compute_config": [], - "created_at": "2025-07-19T07:56:57Z", + "created_at": "2025-07-26T04:58:04Z", "enabled_cluster_log_types": [ "api", "audit", @@ -1736,7 +2334,7 @@ { "provider": [ { - "key_arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587" + "key_arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655" } ], "resources": [ @@ -1744,14 +2342,14 @@ ] } ], - "endpoint": "https://90F53ECE705908D3A306F170FF42DF7A.gr7.us-east-1.eks.amazonaws.com", + "endpoint": "https://BF3C0697CBF107D1CFBAC6728A7EED19.gr7.us-east-1.eks.amazonaws.com", "force_update_version": null, "id": "eks1-devel", "identity": [ { "oidc": [ { - "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A" + "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" } ] } @@ -1771,8 +2369,9 @@ "name": "eks1-devel", "outpost_config": [], "platform_version": "eks.6", + "region": "us-east-1", "remote_network_config": [], - "role_arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008", + "role_arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006", "status": "ACTIVE", "storage_config": [], "tags": { @@ -1783,11 +2382,7 @@ "Service": "Kubernetes", "terraform-aws-modules": "eks" }, - "timeouts": { - "create": null, - "delete": null, - "update": null - }, + "timeouts": null, "upgrade_policy": [ { "support_type": "EXTENDED" @@ -1796,22 +2391,22 @@ "version": "1.33", "vpc_config": [ { - "cluster_security_group_id": "sg-04bdddfe491ab9609", + "cluster_security_group_id": "sg-076b2d2377e33d292", "endpoint_private_access": true, "endpoint_public_access": true, "public_access_cidrs": [ "0.0.0.0/0" ], "security_group_ids": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "subnet_ids": [ - "subnet-0115e5b05ab6b132c", - "subnet-03b49ea861522bc48", - "subnet-0556ce01354322097", - "subnet-0a6eed6971e44375c", - "subnet-0cee9908287eaa414", - "subnet-0f439778eb62eac4d" + "subnet-02555be9c1954bbda", + "subnet-08dbbf19ff2c937f1", + "subnet-0d7ae39c853e68127", + "subnet-0e188b45be889dcc3", + "subnet-0f0da9e04f1c8369a", + "subnet-0f84cfaa3d8da724d" ], "vpc_id": "vpc-0271dff7a4b4bbf76" } @@ -1844,18 +2439,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -1873,11 +2459,11 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "client_id_list": [ "sts.amazonaws.com" ], - "id": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A", + "id": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19", "tags": { "Name": "eks1-devel-eks-irsa" }, @@ -1889,10 +2475,13 @@ "thumbprint_list": [ "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" ], - "url": "oidc.eks.us-east-1.amazonaws.com/id/90F53ECE705908D3A306F170FF42DF7A" + "url": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_cloudwatch_log_group.this", @@ -1919,18 +2508,9 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -1947,15 +2527,15 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", + "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", "attachment_count": 1, "description": "Cluster encryption policy to allow cluster role to utilize CMK provided", - "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "name": "eks1-devel-cluster-ClusterEncryption20250719075654985100000019", + "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "name": "eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", "name_prefix": "eks1-devel-cluster-ClusterEncryption", "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FGQBA7MP5J", + "policy": "{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FODRVQNHGK", "tags": {}, "tags_all": { "Environment": "devel", @@ -1964,6 +2544,9 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_role.this", @@ -1976,69 +2559,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks.module.eks", - "mode": "managed", - "type": "aws_iam_policy", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "attachment_count": 1, - "description": "", - "id": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "name": "eks1-devel-cluster-2025071907563363730000000b", - "name_prefix": "eks1-devel-cluster-", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"ec2:RunInstances\",\"ec2:CreateLaunchTemplate\",\"ec2:CreateFleet\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"},\"StringLike\":{\"aws:RequestTag/eks:kubernetes-node-class-name\":\"*\",\"aws:RequestTag/eks:kubernetes-node-pool-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Compute\"},{\"Action\":[\"ec2:CreateVolume\",\"ec2:CreateSnapshot\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Sid\":\"Storage\"},{\"Action\":\"ec2:CreateNetworkInterface\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\",\"aws:RequestTag/eks:kubernetes-cni-node-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Networking\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateListener\",\"ec2:CreateSecurityGroup\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"LoadBalancer\"},{\"Action\":\"shield:CreateProtection\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ShieldProtection\"},{\"Action\":\"shield:TagResource\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/eks:eks-cluster-name\":\"${aws:PrincipalTag/eks:eks-cluster-name}\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:shield::*:protection/*\",\"Sid\":\"ShieldTagResource\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAT7O4IS4FOKMADCWTF", - "tags": {}, - "tags_all": { - "Environment": "devel", - "Service": "Kubernetes" - } - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.data.aws_iam_policy_document.custom", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -2054,21 +2575,19 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008", + "arn": "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006", "assume_role_policy": "{\"Statement\":[{\"Action\":[\"sts:TagSession\",\"sts:AssumeRole\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Sid\":\"EKSClusterAssumeRole\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-19T07:56:33Z", + "create_date": "2025-07-26T04:57:06Z", "description": "", "force_detach_policies": true, - "id": "eks1-devel-cluster-20250719075633606000000008", + "id": "eks1-devel-cluster-20250726045706140700000006", "inline_policy": [], "managed_policy_arns": [ - "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" + "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" ], "max_session_duration": 3600, - "name": "eks1-devel-cluster-20250719075633606000000008", + "name": "eks1-devel-cluster-20250726045706140700000006", "name_prefix": "eks1-devel-cluster-", "path": "/", "permissions_boundary": "", @@ -2077,26 +2596,17 @@ "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FJXPJNXY4D" + "unique_id": "AROAT7O4IS4FAGFOIF7OI" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy" ], "create_before_destroy": true } @@ -2113,12 +2623,17 @@ "index_key": 0, "schema_version": 0, "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907565538500000001a", - "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption20250719075654985100000019", - "role": "eks1-devel-cluster-20250719075633606000000008" + "id": "eks1-devel-cluster-20250726045706140700000006/arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "role": "eks1-devel-cluster-20250726045706140700000006" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-ClusterEncryption2025072604580195760000000a", + "role": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_policy.cluster_encryption", @@ -2132,61 +2647,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ] - } - ] - }, - { - "module": "module.eks.module.eks", - "mode": "managed", - "type": "aws_iam_role_policy_attachment", - "name": "custom", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563420370000000f", - "policy_arn": "arn:aws:iam::273729230602:policy/eks1-devel-cluster-2025071907563363730000000b", - "role": "eks1-devel-cluster-20250719075633606000000008" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_iam_policy.custom", - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_iam_policy_document.custom", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -2202,61 +2663,22 @@ "index_key": "AmazonEKSClusterPolicy", "schema_version": 0, "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563413140000000d", + "id": "eks1-devel-cluster-20250726045706140700000006/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "role": "eks1-devel-cluster-20250719075633606000000008" + "role": "eks1-devel-cluster-20250726045706140700000006" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", + "role": "eks1-devel-cluster-20250726045706140700000006" + }, "private": "bnVsbA==", "dependencies": [ "module.eks.module.eks.aws_iam_role.this", "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true - }, - { - "index_key": "AmazonEKSVPCResourceController", - "schema_version": 0, - "attributes": { - "id": "eks1-devel-cluster-20250719075633606000000008-2025071907563417810000000e", - "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", - "role": "eks1-devel-cluster-20250719075633606000000008" - }, - "sensitive_attributes": [], - "identity_schema_version": 0, - "private": "bnVsbA==", - "dependencies": [ - "module.eks.module.eks.aws_iam_role.this", - "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.data.aws_partition.current" ], "create_before_destroy": true } @@ -2273,10 +2695,10 @@ "index_key": 0, "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-083197778dd666866", + "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-0f6f49725d40dcc30", "description": "EKS cluster security group", "egress": [], - "id": "sg-083197778dd666866", + "id": "sg-0f6f49725d40dcc30", "ingress": [ { "cidr_blocks": [], @@ -2286,15 +2708,16 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-063a641aa5386b819" + "sg-0a74b044afaa663ed" ], "self": false, "to_port": 443 } ], - "name": "eks1-devel-cluster-20250719075633405800000007", + "name": "eks1-devel-cluster-20250726045706139300000004", "name_prefix": "eks1-devel-cluster-", "owner_id": "273729230602", + "region": "us-east-1", "revoke_rules_on_delete": false, "tags": { "Name": "eks1-devel-cluster" @@ -2310,21 +2733,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -2340,7 +2748,7 @@ "index_key": 0, "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-063a641aa5386b819", + "arn": "arn:aws:ec2:us-east-1:273729230602:security-group/sg-0a74b044afaa663ed", "description": "EKS node shared security group", "egress": [ { @@ -2357,7 +2765,7 @@ "to_port": 0 } ], - "id": "sg-063a641aa5386b819", + "id": "sg-0a74b044afaa663ed", "ingress": [ { "cidr_blocks": [], @@ -2367,7 +2775,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 4443 @@ -2380,7 +2788,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 6443 @@ -2393,7 +2801,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 8443 @@ -2406,7 +2814,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 9443 @@ -2419,7 +2827,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 443 @@ -2432,7 +2840,7 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-083197778dd666866" + "sg-0f6f49725d40dcc30" ], "self": false, "to_port": 10250 @@ -2478,15 +2886,16 @@ "prefix_list_ids": [], "protocol": "tcp", "security_groups": [ - "sg-08edcfa4ed8f2750c" + "sg-02b2e955e7a69217a" ], "self": false, - "to_port": 443 + "to_port": 10254 } ], - "name": "eks1-devel-node-20250719075633361600000006", + "name": "eks1-devel-node-20250726045706138200000003", "name_prefix": "eks1-devel-node-", "owner_id": "273729230602", + "region": "us-east-1", "revoke_rules_on_delete": false, "tags": { "Name": "eks1-devel-node", @@ -2504,21 +2913,6 @@ "sensitive_attributes": [], "identity_schema_version": 0, "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", - "dependencies": [ - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" - ], "create_before_destroy": true } ] @@ -2537,14 +2931,15 @@ "cidr_blocks": null, "description": "Node groups to cluster API", "from_port": 443, - "id": "sgrule-3717588776", + "id": "sgrule-3138574090", "ipv6_cidr_blocks": null, "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-083197778dd666866", - "security_group_rule_id": "sgr-07dae13a6cd8bce1c", + "region": "us-east-1", + "security_group_id": "sg-0f6f49725d40dcc30", + "security_group_rule_id": "sgr-068c762594d1de680", "self": false, - "source_security_group_id": "sg-063a641aa5386b819", + "source_security_group_id": "sg-0a74b044afaa663ed", "timeouts": null, "to_port": 443, "type": "ingress" @@ -2554,20 +2949,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true } @@ -2589,12 +2971,13 @@ ], "description": "Allow all egress", "from_port": 0, - "id": "sgrule-3441080525", + "id": "sgrule-3315708913", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "-1", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0ea964a89d843a0a0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-07bd88701cf08d8b8", "self": false, "source_security_group_id": null, "timeouts": null, @@ -2606,20 +2989,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2630,14 +3000,15 @@ "cidr_blocks": null, "description": "Cluster API to node groups", "from_port": 443, - "id": "sgrule-986645080", + "id": "sgrule-45776182", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0e2f50fd542c0a7c8", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0361333e190e1a04b", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 443, "type": "ingress" @@ -2647,20 +3018,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2671,14 +3029,15 @@ "cidr_blocks": null, "description": "Cluster API to node 4443/tcp webhook", "from_port": 4443, - "id": "sgrule-2457107927", + "id": "sgrule-500800407", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0b0bd0151369d45ff", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0a1a8f25a5818003a", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 4443, "type": "ingress" @@ -2688,20 +3047,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2712,14 +3058,15 @@ "cidr_blocks": null, "description": "Cluster API to node 6443/tcp webhook", "from_port": 6443, - "id": "sgrule-1530272321", + "id": "sgrule-3566992385", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0f8f97800e1c5e042", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0c4f285327006f065", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 6443, "type": "ingress" @@ -2729,20 +3076,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2753,14 +3087,15 @@ "cidr_blocks": null, "description": "Cluster API to node 8443/tcp webhook", "from_port": 8443, - "id": "sgrule-1214916192", + "id": "sgrule-3351756832", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0c411c3c91bee611f", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0d3d4fa20169a2ea8", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 8443, "type": "ingress" @@ -2770,20 +3105,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2794,14 +3116,15 @@ "cidr_blocks": null, "description": "Cluster API to node 9443/tcp webhook", "from_port": 9443, - "id": "sgrule-751506859", + "id": "sgrule-2741433323", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0a9f4327f22f355fd", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-035233532bcbfb1d9", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 9443, "type": "ingress" @@ -2811,20 +3134,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2835,14 +3145,15 @@ "cidr_blocks": null, "description": "Cluster API to node kubelets", "from_port": 10250, - "id": "sgrule-1437854411", + "id": "sgrule-1489672607", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0774a9650224677b4", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-006dc66a135d40e67", "self": false, - "source_security_group_id": "sg-083197778dd666866", + "source_security_group_id": "sg-0f6f49725d40dcc30", "timeouts": null, "to_port": 10250, "type": "ingress" @@ -2852,20 +3163,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2876,12 +3174,13 @@ "cidr_blocks": null, "description": "Node to node ingress on ephemeral ports", "from_port": 1025, - "id": "sgrule-3550635973", + "id": "sgrule-901693526", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-08b37530bc90d30c0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0068ba55843cb9c50", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2893,20 +3192,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2917,12 +3203,13 @@ "cidr_blocks": null, "description": "Node to node CoreDNS", "from_port": 53, - "id": "sgrule-141682456", + "id": "sgrule-3646939900", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "tcp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-057ac0a5263496085", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-00d96212df13f95db", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2934,20 +3221,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true }, @@ -2958,12 +3232,13 @@ "cidr_blocks": null, "description": "Node to node CoreDNS UDP", "from_port": 53, - "id": "sgrule-2888713463", + "id": "sgrule-2097168659", "ipv6_cidr_blocks": null, - "prefix_list_ids": [], + "prefix_list_ids": null, "protocol": "udp", - "security_group_id": "sg-063a641aa5386b819", - "security_group_rule_id": "sgr-0ef59508e058468d0", + "region": "us-east-1", + "security_group_id": "sg-0a74b044afaa663ed", + "security_group_rule_id": "sgr-0f9065f0d4958f39e", "self": true, "source_security_group_id": null, "timeouts": null, @@ -2975,20 +3250,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", "dependencies": [ "module.eks.module.eks.aws_security_group.cluster", - "module.eks.module.eks.aws_security_group.node", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.aws_security_group.node" ], "create_before_destroy": true } @@ -3007,13 +3269,13 @@ "attributes": { "create_duration": "30s", "destroy_duration": null, - "id": "2025-07-19T08:08:34Z", + "id": "2025-07-26T05:08:31Z", "triggers": { - "cluster_certificate_authority_data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTUtzRlVZekl3NU13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01Ua3dOelUyTkRKYUZ3MHpOVEEzTVRjd09EQXhOREphTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMvREF1NHI0aGgxNXltRVV6OUwzcUlHM05haW4zSm56VTBrVmhSRVpHNUo0dWJxeU1Wd0VnVEh6alkKY2Rid0FWbWhYeXNYdkc0NzBIWDJPSUNMWlVvTG5EejlLNlNnWmpVanFhMXVON25aRXNiMTZoTDBoUmxxOWhkVgo5WWFGZzh1NkJNSlZsYTNWZnhUa1YyQVhCYTVkNGYxd0J2SkFKV2JCUFZBSUhMVyt5djdDTmNFbmwzK2ZMWCtUCkRVUTVvRDF4elU3SFhRV3B5eGZNcW9keGJWcXl4akIrSlNCOCtZRmM5WTA2WTEzUk5KSW9YM2FtaXNwcGNpVVIKdWhtUFlVSGdHQVFySnM5enRHUm05SkYxY3NjQjc2NmNPdDVNTVY2c0daaFIyaFBOUXhPSTFqVWtjQjRxRk9GMQpxUkk0ZDdFckIzbXp5UThUc1h5WDNSNW90Tk4xQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRNHNpMGVqbHJlODlqdVkrT0ZDcm54NTRxOWJEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW53VW56TDZLUAo5dUxmTjh6ZnUwcnRNeXFpZnV5SFFjOS9ZdWNYNEhWMDhkay8yVGpmZWczU29VR1F6WFVPZ09Xd0tvS2VKQ3JqCnVQYWljbDM1QnJEZXdHVC94dHcxbFAwT29PcFo0dHBUaG5XUFAyS0t5VzF6aHJQZnRYMDNrUlZPcXRJbWRPc3QKWjlTajhUcCt0ZXNFTkNQQllIMlg3Wnc0NnZ4N1gvUi9KZzhtR210VmZ4Y1BqOUtNK0JrTThMbTZUOG5jY1U5MQpPZjFFTldwY2U5emxqQUZVNnc3VlpzMEEveXpzb21CMWc1UGVydE4ram1hbS9PcUswb2hPUVA3VEtITHZUMlpXCkUzbjNOb3dGMkdqcmRmVjVvVWhQT0FJc084cll0OUhMZ0dSZ0cvZnZLL2ZiU1ZURmU3eG4wR21QT2ZvK3daQjMKd2VwTGxyTndjK0UzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", - "cluster_endpoint": "https://90F53ECE705908D3A306F170FF42DF7A.gr7.us-east-1.eks.amazonaws.com", - "cluster_name": "eks1-devel", - "cluster_service_cidr": "10.100.0.0/16", - "cluster_version": "1.33" + "certificate_authority_data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJT2luRkFybWtSSEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBM01qWXdORFUzTlRSYUZ3MHpOVEEzTWpRd05UQXlOVFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURiNytlcmRaaVF3Q2xmVTBoQWJ1dFNxVXZiY0JUYmdwelI4UkhITThDa3pCdVdmcVhJREtjUWdDd08KeHNhbXErbUtDczlZTlNMVDJlaXNlcUdIaXpYTXRmTlhtOEo5RGo1LzhZSlNFeUxjR1BUUHFyVXFobmFBRTJ2UQpxZlJJWGYzTVcrQWFjRWd4cVBRNStEcU0rQTFFaFAybDBUSGRiZHdPTFViQ1Vkc2Ftb2VJRVYvckVQM2dteTBRCnlWRmY2K3VCVy9jVTUxWDRSMm1OTmovaW9pZjJUUHhMZ0w0bEhXYUpsWk5PdzdUNEJ5TnQ0NXQ5eS9yUURjV0IKTGpJYnJMQjFSUnlLY1VYR0g0eE1MeitqVTFWVFZzUUR0aGZWT1NmWEs3aTNmRWY1dHUwbndSU04rdThjK0RKcQptQ0JxZ252YU1Pb3lvb2ZrUlZ3ZmZOY3hxOEIvQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTcEFyMk0wYm04MUtkUGhaUnd6bEV1dEx0bHNEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUxBTk1oTW1vcwp3eWhaRDNlSXN1SzJYcVdqd2Y4SXAzcnlaRlcrRGcwOVBHdUI1OXdWVmJrVW5WV0NLMGN0eE52WUxkd3pxUGw0CjMvaUhDOHRhV2o3KzJFcjJHK3JaUlFPVzczUkV2K1JVWUpyeDZwZExCTFZlbmJ5cjZ3SFA5Q0xpcXlpc3EvQzUKei9hTmJoSXpiQjY0eFI0NHk5bXl3TnRURlVLVW9ockE2NlltME1QTVdOdzZYaTlVV1dpemw2b2dHRmhjQi9VUQoxL1g0UmlXVlFjYndndzBXTmxWdDBkaWwvaHZnWFpyK0JIMHRkTlRNa2tEUEtpekFqbFpqV0xtME5OVmZZRTNiCjNiWHY3OVpRUEVnVXNlMU14U0lHU2ZKVWtBbUlEYWJxMEdIYlZ1WjFRcklha2thdkY5UWwrODJNV0lQKzFxNzIKekVTRVNnUFI3dUZ2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", + "endpoint": "https://BF3C0697CBF107D1CFBAC6728A7EED19.gr7.us-east-1.eks.amazonaws.com", + "kubernetes_version": "1.33", + "name": "eks1-devel", + "service_cidr": "10.100.0.0/16" } }, "sensitive_attributes": [], @@ -3042,44 +3304,15 @@ "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true } ] }, - { - "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "273729230602", - "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", - "id": "273729230602", - "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" - }, - "sensitive_attributes": [], - "identity_schema_version": 0 - } - ] - }, { "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", "mode": "data", @@ -3131,19 +3364,32 @@ { "module": "module.eks.module.eks.module.eks_managed_node_group[\"ng\"]", "mode": "data", - "type": "aws_partition", - "name": "current", + "type": "aws_ssm_parameter", + "name": "ami", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "dns_suffix": "amazonaws.com", - "id": "aws", - "partition": "aws", - "reverse_dns_prefix": "com.amazonaws" + "arn": "arn:aws:ssm:us-east-1::parameter/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "id": "/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "insecure_value": "1.33.0-20250715", + "name": "/aws/service/eks/optimized-ami/1.33/amazon-linux-2023/x86_64/standard/recommended/release_version", + "region": "us-east-1", + "type": "String", + "value": "1.33.0-20250715", + "version": 6, + "with_decryption": true }, - "sensitive_attributes": [], + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "value" + } + ] + ], "identity_schema_version": 0 } ] @@ -3160,34 +3406,35 @@ "schema_version": 0, "attributes": { "ami_type": "AL2023_x86_64_STANDARD", - "arn": "arn:aws:eks:us-east-1:273729230602:nodegroup/eks1-devel/ng-20250720075452134700000007/9ecc136a-0ed4-ed3d-4abc-e209bf79bbc4", + "arn": "arn:aws:eks:us-east-1:273729230602:nodegroup/eks1-devel/ng-20250726050837528800000015/4ecc2291-0935-59bf-b572-c11bd62148f2", "capacity_type": "ON_DEMAND", "cluster_name": "eks1-devel", "disk_size": 0, "force_update_version": null, - "id": "eks1-devel:ng-20250720075452134700000007", + "id": "eks1-devel:ng-20250726050837528800000015", "instance_types": [ - "m5.large" + "m6i.large" ], - "labels": null, + "labels": {}, "launch_template": [ { - "id": "lt-0abd256b85e9cea74", - "name": "ng-20250720075446265800000005", - "version": "1" + "id": "lt-0d2be8605aecac3d6", + "name": "ng-20250726050831652700000013", + "version": "2" } ], - "node_group_name": "ng-20250720075452134700000007", + "node_group_name": "ng-20250726050837528800000015", "node_group_name_prefix": "ng-", "node_repair_config": [], - "node_role_arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250720075445339700000001", + "node_role_arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250726045706136900000001", + "region": "us-east-1", "release_version": "1.33.0-20250715", "remote_access": [], "resources": [ { "autoscaling_groups": [ { - "name": "eks-ng-20250720075452134700000007-9ecc136a-0ed4-ed3d-4abc-e209bf79bbc4" + "name": "eks-ng-20250726050837528800000015-4ecc2291-0935-59bf-b572-c11bd62148f2" } ], "remote_access_security_group_id": "" @@ -3195,19 +3442,19 @@ ], "scaling_config": [ { - "desired_size": 1, + "desired_size": 3, "max_size": 10, "min_size": 1 } ], "status": "ACTIVE", "subnet_ids": [ - "subnet-0115e5b05ab6b132c", - "subnet-03b49ea861522bc48", - "subnet-0556ce01354322097", - "subnet-0a6eed6971e44375c", - "subnet-0cee9908287eaa414", - "subnet-0f439778eb62eac4d" + "subnet-02555be9c1954bbda", + "subnet-08dbbf19ff2c937f1", + "subnet-0d7ae39c853e68127", + "subnet-0e188b45be889dcc3", + "subnet-0f0da9e04f1c8369a", + "subnet-0f84cfaa3d8da724d" ], "tags": { "Name": "ng" @@ -3218,11 +3465,7 @@ "Service": "Kubernetes" }, "taint": [], - "timeouts": { - "create": null, - "delete": null, - "update": null - }, + "timeouts": null, "update_config": [ { "max_unavailable": 0, @@ -3256,15 +3499,16 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_launch_template.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type_offerings.this", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_eks_cluster_versions.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ssm_parameter.ami", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnets.placement_group", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.kms.aws_kms_external_key.this", "module.eks.module.eks.module.kms.aws_kms_key.this", "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", @@ -3273,18 +3517,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -3302,44 +3537,39 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250720075445339700000001", + "arn": "arn:aws:iam::273729230602:role/ng-eks-node-group-20250726045706136900000001", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"EKSNodeAssumeRole\"}],\"Version\":\"2012-10-17\"}", - "create_date": "2025-07-20T07:54:45Z", + "create_date": "2025-07-26T04:57:06Z", "description": "EKS managed node group IAM role", "force_detach_policies": true, - "id": "ng-eks-node-group-20250720075445339700000001", + "id": "ng-eks-node-group-20250726045706136900000001", "inline_policy": [], - "managed_policy_arns": [], + "managed_policy_arns": [ + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" + ], "max_session_duration": 3600, - "name": "ng-eks-node-group-20250720075445339700000001", + "name": "ng-eks-node-group-20250726045706136900000001", "name_prefix": "ng-eks-node-group-", "path": "/", "permissions_boundary": "", - "tags": null, + "tags": {}, "tags_all": { "Environment": "devel", "Service": "Kubernetes" }, - "unique_id": "AROAT7O4IS4FF3VCO5L57" + "unique_id": "AROAT7O4IS4FE2DMUYZHS" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ - "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy" ], "create_before_destroy": true } @@ -3356,31 +3586,25 @@ "index_key": "AmazonEC2ContainerRegistryReadOnly", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446120700000004", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", "policy_arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true }, @@ -3388,31 +3612,25 @@ "index_key": "AmazonEKSWorkerNodePolicy", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446120300000003", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true }, @@ -3420,31 +3638,25 @@ "index_key": "AmazonEKS_CNI_Policy", "schema_version": 0, "attributes": { - "id": "ng-eks-node-group-20250720075445339700000001-20250720075446018000000002", + "id": "ng-eks-node-group-20250726045706136900000001/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "role": "ng-eks-node-group-20250720075445339700000001" + "role": "ng-eks-node-group-20250726045706136900000001" }, "sensitive_attributes": [], "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + "role": "ng-eks-node-group-20250726045706136900000001" + }, "private": "bnVsbA==", "dependencies": [ + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_partition.current", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", - "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current" ], "create_before_destroy": true } @@ -3461,22 +3673,20 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:launch-template/lt-0abd256b85e9cea74", + "arn": "arn:aws:ec2:us-east-1:273729230602:launch-template/lt-0d2be8605aecac3d6", "block_device_mappings": [], "capacity_reservation_specification": [], "cpu_options": [], "credit_specification": [], - "default_version": 1, + "default_version": 2, "description": "Custom launch template for ng EKS managed node group", "disable_api_stop": false, "disable_api_termination": false, "ebs_optimized": "", - "elastic_gpu_specifications": [], - "elastic_inference_accelerator": [], "enclave_options": [], "hibernation_options": [], "iam_instance_profile": [], - "id": "lt-0abd256b85e9cea74", + "id": "lt-0d2be8605aecac3d6", "image_id": "", "instance_initiated_shutdown_behavior": "", "instance_market_options": [], @@ -3484,7 +3694,7 @@ "instance_type": "", "kernel_id": "", "key_name": "", - "latest_version": 1, + "latest_version": 2, "license_specification": [], "maintenance_options": [], "metadata_options": [ @@ -3496,18 +3706,15 @@ "instance_metadata_tags": "" } ], - "monitoring": [ - { - "enabled": true - } - ], - "name": "ng-20250720075446265800000005", + "monitoring": [], + "name": "ng-20250726050831652700000013", "name_prefix": "ng-", "network_interfaces": [], "placement": [], "private_dns_name_options": [], "ram_disk_id": "", - "security_group_names": null, + "region": "us-east-1", + "security_group_names": [], "tag_specifications": [ { "resource_type": "instance", @@ -3528,7 +3735,7 @@ } } ], - "tags": null, + "tags": {}, "tags_all": { "Environment": "devel", "Service": "Kubernetes" @@ -3536,7 +3743,7 @@ "update_default_version": true, "user_data": "", "vpc_security_group_ids": [ - "sg-063a641aa5386b819" + "sg-0a74b044afaa663ed" ] }, "sensitive_attributes": [], @@ -3563,12 +3770,14 @@ "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.additional", "module.eks.module.eks.module.eks_managed_node_group.aws_iam_role_policy_attachment.this", "module.eks.module.eks.module.eks_managed_node_group.aws_placement_group.this", + "module.eks.module.eks.module.eks_managed_node_group.aws_security_group.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_caller_identity.current", "module.eks.module.eks.module.eks_managed_node_group.data.aws_ec2_instance_type.this", "module.eks.module.eks.module.eks_managed_node_group.data.aws_iam_policy_document.assume_role_policy", "module.eks.module.eks.module.eks_managed_node_group.data.aws_partition.current", + "module.eks.module.eks.module.eks_managed_node_group.data.aws_subnet.this", "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2023_eks_managed_node_group", - "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.linux_eks_managed_node_group", + "module.eks.module.eks.module.eks_managed_node_group.module.user_data.data.cloudinit_config.al2_eks_managed_node_group", "module.eks.module.eks.module.kms.aws_kms_external_key.this", "module.eks.module.eks.module.kms.aws_kms_key.this", "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", @@ -3577,18 +3786,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ], "create_before_destroy": true @@ -3605,7 +3805,7 @@ { "schema_version": 0, "attributes": { - "id": "9138203175680545676", + "id": "5050192302767161671", "triggers": null }, "sensitive_attributes": [], @@ -3635,18 +3835,9 @@ "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", "module.eks.module.eks.time_sleep.this", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" ] } @@ -3684,9 +3875,9 @@ "index_key": 0, "schema_version": 0, "attributes": { - "id": "3322799044", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Default\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:root\"\n }\n },\n {\n \"Sid\": \"KeyAdministration\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:ReplicateKey\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:ImportKeyMaterial\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"\n }\n },\n {\n \"Sid\": \"KeyUsage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"\n }\n }\n ]\n}", - "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Default\",\"Effect\":\"Allow\",\"Action\":\"kms:*\",\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"}},{\"Sid\":\"KeyAdministration\",\"Effect\":\"Allow\",\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"}},{\"Sid\":\"KeyUsage\",\"Effect\":\"Allow\",\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"}}]}", + "id": "3915224678", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Default\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:root\"\n }\n },\n {\n \"Sid\": \"KeyAdministration\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:ReplicateKey\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:ImportKeyMaterial\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"\n }\n },\n {\n \"Sid\": \"KeyUsage\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Default\",\"Effect\":\"Allow\",\"Action\":\"kms:*\",\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"}},{\"Sid\":\"KeyAdministration\",\"Effect\":\"Allow\",\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"}},{\"Sid\":\"KeyUsage\",\"Effect\":\"Allow\",\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"}}]}", "override_json": null, "override_policy_documents": null, "policy_id": null, @@ -3768,7 +3959,7 @@ "principals": [ { "identifiers": [ - "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008" + "arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006" ], "type": "AWS" } @@ -3822,8 +4013,9 @@ "id": "alias/eks/eks1-devel", "name": "alias/eks/eks1-devel", "name_prefix": "", - "target_key_arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587", - "target_key_id": "592722d1-13ec-4bf0-9ebe-202421243587" + "region": "us-east-1", + "target_key_arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655", + "target_key_id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655" }, "sensitive_attributes": [], "identity_schema_version": 0, @@ -3839,20 +4031,7 @@ "module.eks.module.eks.module.kms.aws_kms_replica_key.this", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", - "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", - "module.network.aws_subnet.private", - "module.network.aws_subnet.public", - "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", - "module.network.data.aws_vpc.selected" + "module.eks.module.eks.module.kms.data.aws_partition.current" ] } ] @@ -3868,19 +4047,20 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:kms:us-east-1:273729230602:key/592722d1-13ec-4bf0-9ebe-202421243587", + "arn": "arn:aws:kms:us-east-1:273729230602:key/edf79a99-4643-4a3a-b4f2-cd75c2a20655", "bypass_policy_lockout_safety_check": false, "custom_key_store_id": "", "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": null, "description": "eks1-devel cluster encryption key", "enable_key_rotation": true, - "id": "592722d1-13ec-4bf0-9ebe-202421243587", + "id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655", "is_enabled": true, - "key_id": "592722d1-13ec-4bf0-9ebe-202421243587", + "key_id": "edf79a99-4643-4a3a-b4f2-cd75c2a20655", "key_usage": "ENCRYPT_DECRYPT", "multi_region": false, - "policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"},\"Resource\":\"*\",\"Sid\":\"Default\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"},\"Resource\":\"*\",\"Sid\":\"KeyAdministration\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250719075633606000000008\"},\"Resource\":\"*\",\"Sid\":\"KeyUsage\"}],\"Version\":\"2012-10-17\"}", + "policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:root\"},\"Resource\":\"*\",\"Sid\":\"Default\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:ReplicateKey\",\"kms:Put*\",\"kms:List*\",\"kms:ImportKeyMaterial\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687\"},\"Resource\":\"*\",\"Sid\":\"KeyAdministration\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::273729230602:role/eks1-devel-cluster-20250726045706140700000006\"},\"Resource\":\"*\",\"Sid\":\"KeyUsage\"}],\"Version\":\"2012-10-17\"}", + "region": "us-east-1", "rotation_period_in_days": 365, "tags": { "terraform-aws-modules": "eks" @@ -3903,22 +4083,1178 @@ "module.eks.module.eks.data.aws_iam_session_context.current", "module.eks.module.eks.module.kms.data.aws_caller_identity.current", "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current" + ], + "create_before_destroy": true + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1268413494", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"route53:ChangeResourceRecordSets\",\n \"Resource\": \"arn:aws:route53:::hostedzone/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:ListTagsForResources\",\n \"route53:ListResourceRecordSets\",\n \"route53:ListHostedZones\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"route53:ChangeResourceRecordSets\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Effect\":\"Allow\",\"Action\":[\"route53:ListTagsForResources\",\"route53:ListResourceRecordSets\",\"route53:ListHostedZones\"],\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "route53:ChangeResourceRecordSets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:route53:::hostedzone/*" + ], + "sid": "" + }, + { + "actions": [ + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:ListTagsForResources" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1716340323", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:external-dns\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:external-dns\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:external-dns" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "attachment_count": 1, + "description": "External DNS policy to allow management of Route53 hosted zone records", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "name": "AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "name_prefix": "AmazonEKS_eks1-devel_External_DNS_Policy-", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":\"route53:ChangeResourceRecordSets\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Action\":[\"route53:ListTagsForResources\",\"route53:ListResourceRecordSets\",\"route53:ListHostedZones\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FBJOOEWX3J", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", "module.eks.module.eks.module.kms.data.aws_partition.current", - "module.network.aws_eip.nat", - "module.network.aws_nat_gateway.nat_gateway", - "module.network.aws_route.nat_gateway", - "module.network.aws_route.public_internet_gateway", - "module.network.aws_route_table.private", - "module.network.aws_route_table.public", - "module.network.aws_route_table_association.private", - "module.network.aws_route_table_association.public", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.external_dns", "module.network.aws_subnet.private", "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", - "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-external-dns", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:external-dns\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:25:15Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-external-dns", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e" + ], + "max_session_duration": 3600, + "name": "eks1-devel-external-dns", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FBJGK2IPMG" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-external-dns" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.external_dns_irsa_role.data.aws_caller_identity.current", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.external_dns_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.external_dns_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "external_dns", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-external-dns/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "role": "eks1-devel-external-dns" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_External_DNS_Policy-2025072605080303200000000e", + "role": "eks1-devel-external-dns" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.external_dns_irsa_role.aws_iam_policy.external_dns", + "module.eks.module.external_dns_irsa_role.aws_iam_role.this", + "module.eks.module.external_dns_irsa_role.data.aws_caller_identity.current", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.external_dns", + "module.eks.module.external_dns_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.external_dns_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "273729230602", + "arn": "arn:aws:sts::273729230602:assumed-role/AWSReservedSSO_AdministratorAccess_b8026af88eb7c687/ryan", + "id": "273729230602", + "user_id": "AROAT7O4IS4FGZRTFR25S:ryan" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "1541424006", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DescribeTrustStores\",\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeSSLPolicies\",\n \"elasticloadbalancing:DescribeRules\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeListenerCertificates\",\n \"elasticloadbalancing:DescribeListenerAttributes\",\n \"elasticloadbalancing:DescribeCapacityReservation\",\n \"ec2:GetSecurityGroupsForVpc\",\n \"ec2:GetCoipPoolUsage\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcPeeringConnections\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeIpamPools\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeCoipPools\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:GetWebACLForResource\",\n \"wafv2:GetWebACL\",\n \"wafv2:DisassociateWebACL\",\n \"wafv2:AssociateWebACL\",\n \"waf-regional:GetWebACLForResource\",\n \"waf-regional:GetWebACL\",\n \"waf-regional:DisassociateWebACL\",\n \"waf-regional:AssociateWebACL\",\n \"shield:GetSubscriptionState\",\n \"shield:DescribeProtection\",\n \"shield:DeleteProtection\",\n \"shield:CreateProtection\",\n \"iam:ListServerCertificates\",\n \"iam:GetServerCertificate\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"acm:ListCertificates\",\n \"acm:DescribeCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateSecurityGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:CreateTags\",\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"ec2:CreateAction\": \"CreateSecurityGroup\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DeleteTags\",\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*:*:security-group/*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:CreateLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:DeleteRule\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:CreateRule\",\n \"elasticloadbalancing:CreateListener\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"true\",\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:AddTags\"\n ],\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetSubnets\",\n \"elasticloadbalancing:SetSecurityGroups\",\n \"elasticloadbalancing:SetIpAddressType\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:ModifyTargetGroup\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:ModifyListenerAttributes\",\n \"elasticloadbalancing:ModifyIpPools\",\n \"elasticloadbalancing:ModifyCapacityReservation\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeleteLoadBalancer\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Null\": {\n \"aws:ResourceTag/elbv2.k8s.aws/cluster\": \"false\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"elasticloadbalancing:AddTags\",\n \"Resource\": [\n \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\n \"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"\n ],\n \"Condition\": {\n \"Null\": {\n \"aws:RequestTag/elbv2.k8s.aws/cluster\": \"false\"\n },\n \"StringEquals\": {\n \"elasticloadbalancing:CreateAction\": [\n \"CreateTargetGroup\",\n \"CreateLoadBalancer\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:DeregisterTargets\"\n ],\n \"Resource\": \"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:SetWebAcl\",\n \"elasticloadbalancing:SetRulePriorities\",\n \"elasticloadbalancing:RemoveListenerCertificates\",\n \"elasticloadbalancing:ModifyRule\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:AddListenerCertificates\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeRouteTables\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeIpamPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateSecurityGroup\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":\"ec2:CreateTags\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}}},{\"Effect\":\"Allow\",\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyIpPools\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Resource\":\"*\",\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"elasticloadbalancing:AddTags\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}}},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Effect\":\"Allow\",\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:SetRulePriorities\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Resource\":\"*\"}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "iam:CreateServiceLinkedRole" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "elasticloadbalancing.amazonaws.com" + ], + "variable": "iam:AWSServiceName" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeIpamPools", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:GetCoipPoolUsage", + "ec2:GetSecurityGroupsForVpc", + "elasticloadbalancing:DescribeCapacityReservation", + "elasticloadbalancing:DescribeListenerAttributes", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTrustStores" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "cognito-idp:DescribeUserPoolClient", + "iam:GetServerCertificate", + "iam:ListServerCertificates", + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:GetSubscriptionState", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateSecurityGroup" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + }, + { + "test": "StringEquals", + "values": [ + "CreateSecurityGroup" + ], + "variable": "ec2:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + }, + { + "test": "Null", + "values": [ + "true" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "sid": "" + }, + { + "actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteRule" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + }, + { + "test": "Null", + "values": [ + "true" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyCapacityReservation", + "elasticloadbalancing:ModifyIpPools", + "elasticloadbalancing:ModifyListenerAttributes", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:ResourceTag/elbv2.k8s.aws/cluster" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddTags" + ], + "condition": [ + { + "test": "Null", + "values": [ + "false" + ], + "variable": "aws:RequestTag/elbv2.k8s.aws/cluster" + }, + { + "test": "StringEquals", + "values": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ], + "variable": "elasticloadbalancing:CreateAction" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:RegisterTargets" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + ], + "sid": "" + }, + { + "actions": [ + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetWebAcl" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "236870047", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\": \"sts.amazonaws.com\",\n \"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\": \"system:serviceaccount:kube-system:aws-load-balancer-controller\"\n }\n }\n }\n ]\n}", + "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"},\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}}}]}", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRoleWithWebIdentity" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "sts.amazonaws.com" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud" + }, + { + "test": "StringEquals", + "values": [ + "system:serviceaccount:kube-system:aws-load-balancer-controller" + ], + "variable": "oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19" + ], + "type": "Federated" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_partition", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dns_suffix": "amazonaws.com", + "id": "aws", + "partition": "aws", + "reverse_dns_prefix": "com.amazonaws" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1", + "region": "us-east-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_policy", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "attachment_count": 1, + "description": "Provides permissions for AWS Load Balancer Controller addon", + "id": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "name": "AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "name_prefix": "AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DescribeTrustStores\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeCapacityReservation\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:GetCoipPoolUsage\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTags\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeRouteTables\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeIpamPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeCoipPools\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeAddresses\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"wafv2:GetWebACLForResource\",\"wafv2:GetWebACL\",\"wafv2:DisassociateWebACL\",\"wafv2:AssociateWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:GetWebACL\",\"waf-regional:DisassociateWebACL\",\"waf-regional:AssociateWebACL\",\"shield:GetSubscriptionState\",\"shield:DescribeProtection\",\"shield:DeleteProtection\",\"shield:CreateProtection\",\"iam:ListServerCertificates\",\"iam:GetServerCertificate\",\"cognito-idp:DescribeUserPoolClient\",\"acm:ListCertificates\",\"acm:DescribeCertificate\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateSecurityGroup\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:DeleteTags\",\"ec2:CreateTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:CreateLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateListener\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"true\",\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RemoveTags\",\"elasticloadbalancing:AddTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*\",\"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*\"]},{\"Action\":[\"elasticloadbalancing:SetSubnets\",\"elasticloadbalancing:SetSecurityGroups\",\"elasticloadbalancing:SetIpAddressType\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:ModifyListenerAttributes\",\"elasticloadbalancing:ModifyIpPools\",\"elasticloadbalancing:ModifyCapacityReservation\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeleteLoadBalancer\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/elbv2.k8s.aws/cluster\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"elasticloadbalancing:AddTags\",\"Condition\":{\"Null\":{\"aws:RequestTag/elbv2.k8s.aws/cluster\":\"false\"},\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*\",\"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*\"]},{\"Action\":[\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:DeregisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*\"},{\"Action\":[\"elasticloadbalancing:SetWebAcl\",\"elasticloadbalancing:SetRulePriorities\",\"elasticloadbalancing:RemoveListenerCertificates\",\"elasticloadbalancing:ModifyRule\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:AddListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAT7O4IS4FDJFNVQKAK", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_role", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::273729230602:role/eks1-devel-aws-load-balancer-controller", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRoleWithWebIdentity\",\"Condition\":{\"StringEquals\":{\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:aud\":\"sts.amazonaws.com\",\"oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19:sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}},\"Effect\":\"Allow\",\"Principal\":{\"Federated\":\"arn:aws:iam::273729230602:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BF3C0697CBF107D1CFBAC6728A7EED19\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2025-07-26T05:23:56Z", + "description": "", + "force_detach_policies": true, + "id": "eks1-devel-aws-load-balancer-controller", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f" + ], + "max_session_duration": 3600, + "name": "eks1-devel-aws-load-balancer-controller", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": { + "Environment": "devel", + "Service": "Kubernetes" + }, + "unique_id": "AROAT7O4IS4FNEGNOKZIO" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "name": "eks1-devel-aws-load-balancer-controller" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_caller_identity.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] + } + ] + }, + { + "module": "module.eks.module.load_balancer_controller_irsa_role", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "load_balancer_controller", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "id": "eks1-devel-aws-load-balancer-controller/arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "role": "eks1-devel-aws-load-balancer-controller" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "273729230602", + "policy_arn": "arn:aws:iam::273729230602:policy/AmazonEKS_eks1-devel_AWS_Load_Balancer_Controller-2025072605080304760000000f", + "role": "eks1-devel-aws-load-balancer-controller" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.eks.module.eks.aws_cloudwatch_log_group.this", + "module.eks.module.eks.aws_eks_access_entry.this", + "module.eks.module.eks.aws_eks_access_policy_association.this", + "module.eks.module.eks.aws_eks_cluster.this", + "module.eks.module.eks.aws_iam_openid_connect_provider.oidc_provider", + "module.eks.module.eks.aws_iam_policy.cni_ipv6_policy", + "module.eks.module.eks.aws_iam_role.eks_auto", + "module.eks.module.eks.aws_iam_role.this", + "module.eks.module.eks.aws_iam_role_policy_attachment.this", + "module.eks.module.eks.aws_security_group.cluster", + "module.eks.module.eks.aws_security_group.node", + "module.eks.module.eks.aws_security_group_rule.cluster", + "module.eks.module.eks.aws_security_group_rule.node", + "module.eks.module.eks.data.aws_caller_identity.current", + "module.eks.module.eks.data.aws_iam_policy_document.assume_role_policy", + "module.eks.module.eks.data.aws_iam_policy_document.cni_ipv6_policy", + "module.eks.module.eks.data.aws_iam_policy_document.node_assume_role_policy", + "module.eks.module.eks.data.aws_iam_session_context.current", + "module.eks.module.eks.data.aws_partition.current", + "module.eks.module.eks.data.tls_certificate.this", + "module.eks.module.eks.module.kms.aws_kms_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_external_key.this", + "module.eks.module.eks.module.kms.aws_kms_replica_key.this", + "module.eks.module.eks.module.kms.data.aws_caller_identity.current", + "module.eks.module.eks.module.kms.data.aws_iam_policy_document.this", + "module.eks.module.eks.module.kms.data.aws_partition.current", + "module.eks.module.load_balancer_controller_irsa_role.aws_iam_policy.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.aws_iam_role.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_caller_identity.current", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.load_balancer_controller", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_iam_policy_document.this", + "module.eks.module.load_balancer_controller_irsa_role.data.aws_partition.current", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.data.aws_availability_zones.available", + "module.network.data.aws_vpc.selected" + ] } ] }, @@ -3958,6 +5294,7 @@ "us-east-1d", "us-east-1f" ], + "region": "us-east-1", "state": null, "timeouts": null, "zone_ids": [ @@ -4001,6 +5338,7 @@ "id": "igw-04c8aad5899c55659", "internet_gateway_id": "igw-04c8aad5899c55659", "owner_id": "273729230602", + "region": "us-east-1", "tags": {}, "timeouts": null }, @@ -4040,6 +5378,7 @@ "ipv6_cidr_block": "", "main_route_table_id": "rtb-01ff49732ea0b5a76", "owner_id": "273729230602", + "region": "us-east-1", "state": null, "tags": {}, "timeouts": null @@ -4060,37 +5399,36 @@ "schema_version": 0, "attributes": { "address": null, - "allocation_id": "eipalloc-073d8354af914f72c", - "arn": "arn:aws:ec2:us-east-1:273729230602:elastic-ip/eipalloc-073d8354af914f72c", + "allocation_id": "eipalloc-0efd9a4666274d4b9", + "arn": "arn:aws:ec2:us-east-1:273729230602:elastic-ip/eipalloc-0efd9a4666274d4b9", "associate_with_private_ip": null, - "association_id": "eipassoc-0c8ecf10aa0025b3f", + "association_id": "eipassoc-0670094f7c1ebaa09", "carrier_ip": "", "customer_owned_ip": "", "customer_owned_ipv4_pool": "", "domain": "vpc", - "id": "eipalloc-073d8354af914f72c", + "id": "eipalloc-0efd9a4666274d4b9", "instance": "", "ipam_pool_id": null, "network_border_group": "us-east-1", - "network_interface": "eni-04e0f8c6777b3ee96", - "private_dns": "ip-172-31-176-157.ec2.internal", - "private_ip": "172.31.176.157", + "network_interface": "eni-0af2e53d148f4e2ef", + "private_dns": "ip-172-31-176-31.ec2.internal", + "private_ip": "172.31.176.31", "ptr_record": "", - "public_dns": "ec2-52-3-194-240.compute-1.amazonaws.com", - "public_ip": "52.3.194.240", + "public_dns": "ec2-3-223-7-164.compute-1.amazonaws.com", + "public_ip": "3.223.7.164", "public_ipv4_pool": "amazon", + "region": "us-east-1", "tags": {}, "tags_all": { "Environment": "devel", "Service": "Kubernetes" }, - "timeouts": null, - "vpc": true + "timeouts": null }, "sensitive_attributes": [], "identity_schema_version": 0, - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==", - "create_before_destroy": true + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==" } ] }, @@ -4104,17 +5442,18 @@ { "schema_version": 0, "attributes": { - "allocation_id": "eipalloc-073d8354af914f72c", - "association_id": "eipassoc-0c8ecf10aa0025b3f", + "allocation_id": "eipalloc-0efd9a4666274d4b9", + "association_id": "eipassoc-0670094f7c1ebaa09", "connectivity_type": "public", - "id": "nat-0d8a564a42b566896", - "network_interface_id": "eni-04e0f8c6777b3ee96", - "private_ip": "172.31.176.157", - "public_ip": "52.3.194.240", + "id": "nat-09006b80b9074bdb7", + "network_interface_id": "eni-0af2e53d148f4e2ef", + "private_ip": "172.31.176.31", + "public_ip": "3.223.7.164", + "region": "us-east-1", "secondary_allocation_ids": [], "secondary_private_ip_address_count": 0, "secondary_private_ip_addresses": [], - "subnet_id": "subnet-0f439778eb62eac4d", + "subnet_id": "subnet-0e188b45be889dcc3", "tags": {}, "tags_all": { "Environment": "devel", @@ -4130,8 +5469,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4153,14 +5491,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-02f0a19caa65e83691080289494", + "id": "r-rtb-041eec80d0151b4131080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-02f0a19caa65e8369", + "region": "us-east-1", + "route_table_id": "rtb-041eec80d0151b413", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4177,8 +5516,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", @@ -4191,14 +5529,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-090b5b849bbd970f71080289494", + "id": "r-rtb-045c9ab610c7aabd31080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-090b5b849bbd970f7", + "region": "us-east-1", + "route_table_id": "rtb-045c9ab610c7aabd3", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4215,8 +5554,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", @@ -4229,14 +5567,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", - "id": "r-rtb-06cf7753a59edf1461080289494", + "id": "r-rtb-0a1eb19f2c209aa341080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-06cf7753a59edf146", + "region": "us-east-1", + "route_table_id": "rtb-0a1eb19f2c209aa34", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4253,8 +5592,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4275,14 +5613,15 @@ "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "igw-04c8aad5899c55659", - "id": "r-rtb-0b75357b0e74c52a81080289494", + "id": "r-rtb-0d102d2391110f0b51080289494", "instance_id": "", "instance_owner_id": "", "local_gateway_id": "", "nat_gateway_id": "", "network_interface_id": "", "origin": "CreateRoute", - "route_table_id": "rtb-0b75357b0e74c52a8", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", "state": "active", "timeouts": null, "transit_gateway_id": "", @@ -4296,8 +5635,7 @@ "module.network.aws_route_table.public", "module.network.data.aws_internet_gateway.default", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4312,10 +5650,11 @@ "index_key": "us-east-1a", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-02f0a19caa65e8369", - "id": "rtb-02f0a19caa65e8369", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-041eec80d0151b413", + "id": "rtb-041eec80d0151b413", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4326,7 +5665,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4350,17 +5689,17 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-090b5b849bbd970f7", - "id": "rtb-090b5b849bbd970f7", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-045c9ab610c7aabd3", + "id": "rtb-045c9ab610c7aabd3", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4371,7 +5710,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4395,17 +5734,17 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-06cf7753a59edf146", - "id": "rtb-06cf7753a59edf146", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0a1eb19f2c209aa34", + "id": "rtb-0a1eb19f2c209aa34", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4416,7 +5755,7 @@ "gateway_id": "", "ipv6_cidr_block": "", "local_gateway_id": "", - "nat_gateway_id": "nat-0d8a564a42b566896", + "nat_gateway_id": "nat-09006b80b9074bdb7", "network_interface_id": "", "transit_gateway_id": "", "vpc_endpoint_id": "", @@ -4440,8 +5779,7 @@ "dependencies": [ "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4455,10 +5793,11 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0b75357b0e74c52a8", - "id": "rtb-0b75357b0e74c52a8", + "arn": "arn:aws:ec2:us-east-1:273729230602:route-table/rtb-0d102d2391110f0b5", + "id": "rtb-0d102d2391110f0b5", "owner_id": "273729230602", "propagating_vgws": [], + "region": "us-east-1", "route": [ { "carrier_gateway_id": "", @@ -4492,8 +5831,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", "dependencies": [ "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4509,9 +5847,10 @@ "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0be084cf118e2a836", - "route_table_id": "rtb-02f0a19caa65e8369", - "subnet_id": "subnet-0a6eed6971e44375c", + "id": "rtbassoc-0e1e038f4c6d929ce", + "region": "us-east-1", + "route_table_id": "rtb-041eec80d0151b413", + "subnet_id": "subnet-0f0da9e04f1c8369a", "timeouts": null }, "sensitive_attributes": [], @@ -4522,17 +5861,17 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-03ed3dddfe0888d54", - "route_table_id": "rtb-090b5b849bbd970f7", - "subnet_id": "subnet-0115e5b05ab6b132c", + "id": "rtbassoc-0dd4118f5d0a30ca8", + "region": "us-east-1", + "route_table_id": "rtb-045c9ab610c7aabd3", + "subnet_id": "subnet-0d7ae39c853e68127", "timeouts": null }, "sensitive_attributes": [], @@ -4543,17 +5882,17 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0ecf7bbeaba18e3aa", - "route_table_id": "rtb-06cf7753a59edf146", - "subnet_id": "subnet-0556ce01354322097", + "id": "rtbassoc-0ed1a7a490311bafb", + "region": "us-east-1", + "route_table_id": "rtb-0a1eb19f2c209aa34", + "subnet_id": "subnet-0f84cfaa3d8da724d", "timeouts": null }, "sensitive_attributes": [], @@ -4564,8 +5903,7 @@ "module.network.aws_subnet.private", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4581,9 +5919,10 @@ "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-05ced21d9d8fffc1e", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-0f439778eb62eac4d", + "id": "rtbassoc-0522ba344fcea4f83", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-0e188b45be889dcc3", "timeouts": null }, "sensitive_attributes": [], @@ -4594,17 +5933,17 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1b", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0ff340c12926faca6", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-03b49ea861522bc48", + "id": "rtbassoc-088380c97cfc946c7", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-02555be9c1954bbda", "timeouts": null }, "sensitive_attributes": [], @@ -4615,17 +5954,17 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] }, { "index_key": "us-east-1c", "schema_version": 0, "attributes": { "gateway_id": "", - "id": "rtbassoc-0a0d8a182f16ffe19", - "route_table_id": "rtb-0b75357b0e74c52a8", - "subnet_id": "subnet-0cee9908287eaa414", + "id": "rtbassoc-0d880a637fe8c9576", + "region": "us-east-1", + "route_table_id": "rtb-0d102d2391110f0b5", + "subnet_id": "subnet-08dbbf19ff2c937f1", "timeouts": null }, "sensitive_attributes": [], @@ -4636,8 +5975,7 @@ "module.network.aws_subnet.public", "module.network.data.aws_availability_zones.available", "module.network.data.aws_vpc.selected" - ], - "create_before_destroy": true + ] } ] }, @@ -4652,7 +5990,7 @@ "index_key": "us-east-1a", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0a6eed6971e44375c", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f0da9e04f1c8369a", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1a", "availability_zone_id": "use1-az1", @@ -4662,7 +6000,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0a6eed6971e44375c", + "id": "subnet-0f0da9e04f1c8369a", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4671,6 +6009,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1a)", "kubernetes.io/role/internal-elb": "1" @@ -4697,7 +6036,7 @@ "index_key": "us-east-1b", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0115e5b05ab6b132c", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0d7ae39c853e68127", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1b", "availability_zone_id": "use1-az2", @@ -4707,7 +6046,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0115e5b05ab6b132c", + "id": "subnet-0d7ae39c853e68127", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4716,6 +6055,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1b)", "kubernetes.io/role/internal-elb": "1" @@ -4742,7 +6082,7 @@ "index_key": "us-east-1c", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0556ce01354322097", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f84cfaa3d8da724d", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1c", "availability_zone_id": "use1-az4", @@ -4752,7 +6092,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0556ce01354322097", + "id": "subnet-0f84cfaa3d8da724d", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4761,6 +6101,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) private subnet (us-east-1c)", "kubernetes.io/role/internal-elb": "1" @@ -4796,7 +6137,7 @@ "index_key": "us-east-1a", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0f439778eb62eac4d", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0e188b45be889dcc3", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1a", "availability_zone_id": "use1-az1", @@ -4806,7 +6147,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0f439778eb62eac4d", + "id": "subnet-0e188b45be889dcc3", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4815,6 +6156,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1a)", "kubernetes.io/role/elb": "1" @@ -4841,7 +6183,7 @@ "index_key": "us-east-1b", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-03b49ea861522bc48", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-02555be9c1954bbda", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1b", "availability_zone_id": "use1-az2", @@ -4851,7 +6193,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-03b49ea861522bc48", + "id": "subnet-02555be9c1954bbda", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4860,6 +6202,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1b)", "kubernetes.io/role/elb": "1" @@ -4886,7 +6229,7 @@ "index_key": "us-east-1c", "schema_version": 1, "attributes": { - "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-0cee9908287eaa414", + "arn": "arn:aws:ec2:us-east-1:273729230602:subnet/subnet-08dbbf19ff2c937f1", "assign_ipv6_address_on_creation": false, "availability_zone": "us-east-1c", "availability_zone_id": "use1-az4", @@ -4896,7 +6239,7 @@ "enable_lni_at_device_index": 0, "enable_resource_name_dns_a_record_on_launch": false, "enable_resource_name_dns_aaaa_record_on_launch": false, - "id": "subnet-0cee9908287eaa414", + "id": "subnet-08dbbf19ff2c937f1", "ipv6_cidr_block": "", "ipv6_cidr_block_association_id": "", "ipv6_native": false, @@ -4905,6 +6248,7 @@ "outpost_arn": "", "owner_id": "273729230602", "private_dns_hostname_type_on_launch": "ip-name", + "region": "us-east-1", "tags": { "Name": "EKS (eks1-devel) public subnet (us-east-1c)", "kubernetes.io/role/elb": "1" @@ -4942,12 +6286,6 @@ } ] }, - { - "object_kind": "var", - "config_addr": "module.eks.module.eks.module.self_managed_node_group.var.platform", - "status": "pass", - "objects": null - }, { "object_kind": "resource", "config_addr": "module.eks.module.eks.module.self_managed_node_group.module.user_data.null_resource.validate_cluster_service_cidr", diff --git a/modules/eks/aws-load-balancer-controller-iam-policy.json b/modules/eks/aws-load-balancer-controller-iam-policy.json deleted file mode 100644 index 761d0e7..0000000 --- a/modules/eks/aws-load-balancer-controller-iam-policy.json +++ /dev/null @@ -1,251 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeVpcs", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeTags", - "ec2:GetCoipPoolUsage", - "ec2:DescribeCoipPools", - "ec2:GetSecurityGroupsForVpc", - "ec2:DescribeIpamPools", - "ec2:DescribeRouteTables", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeSSLPolicies", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTrustStores", - "elasticloadbalancing:DescribeListenerAttributes", - "elasticloadbalancing:DescribeCapacityReservation" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "cognito-idp:DescribeUserPoolClient", - "acm:ListCertificates", - "acm:DescribeCertificate", - "iam:ListServerCertificates", - "iam:GetServerCertificate", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", - "waf-regional:AssociateWebACL", - "waf-regional:DisassociateWebACL", - "wafv2:GetWebACL", - "wafv2:GetWebACLForResource", - "wafv2:AssociateWebACL", - "wafv2:DisassociateWebACL", - "shield:GetSubscriptionState", - "shield:DescribeProtection", - "shield:CreateProtection", - "shield:DeleteProtection" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:security-group/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateSecurityGroup" - }, - "Null": { - "aws:RequestTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Resource": "arn:aws:ec2:*:*:security-group/*", - "Condition": { - "Null": { - "aws:RequestTag/elbv2.k8s.aws/cluster": "true", - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup" - ], - "Resource": "*", - "Condition": { - "Null": { - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateTargetGroup" - ], - "Resource": "*", - "Condition": { - "Null": { - "aws:RequestTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:DeleteRule" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" - ], - "Condition": { - "Null": { - "aws:RequestTag/elbv2.k8s.aws/cluster": "true", - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:ModifyListenerAttributes", - "elasticloadbalancing:ModifyCapacityReservation", - "elasticloadbalancing:ModifyIpPools" - ], - "Resource": "*", - "Condition": { - "Null": { - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:AddTags" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" - ], - "Condition": { - "StringEquals": { - "elasticloadbalancing:CreateAction": [ - "CreateTargetGroup", - "CreateLoadBalancer" - ] - }, - "Null": { - "aws:RequestTag/elbv2.k8s.aws/cluster": "false" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets" - ], - "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:SetWebAcl", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:ModifyRule", - "elasticloadbalancing:SetRulePriorities" - ], - "Resource": "*" - } - ] -} diff --git a/modules/eks/iam.tf b/modules/eks/iam.tf index ccfb571..0a407ae 100644 --- a/modules/eks/iam.tf +++ b/modules/eks/iam.tf @@ -1,408 +1,80 @@ -// AWS Load Balancer Controller -resource "aws_iam_role" "aws-load-balancer-controller" { - name = "aws-load-balancer-controller" +module "cluster_autoscaler_irsa_role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + version = "~> 5.0" - assume_role_policy = jsonencode({ - Version = "2012-10-17", - Statement = [{ - Sid = "" - Effect = "Allow", - Principal = { - Federated = module.eks.oidc_provider_arn - }, - Action = "sts:AssumeRoleWithWebIdentity", - Condition = { - StringEquals = { - "${module.eks.oidc_provider}:sub" = "system:serviceaccount:kube-system:aws-load-balancer-controller" - "${module.eks.oidc_provider}:aud" = "sts.amazonaws.com" - } - } - }] - }) -} + role_name = "${module.eks.cluster_name}-cluster-autoscaler" + policy_name_prefix = "AmazonEKS_${module.eks.cluster_name}_" + attach_cluster_autoscaler_policy = true + cluster_autoscaler_cluster_names = [module.eks.cluster_name] -resource "aws_iam_policy" "AWSLoadBalancerControllerIAMPolicy" { - name = "AWSLoadBalancerControllerIAMPolicy" - - // policy = - // file("${path.module}/aws-load-balancer-controller-iam-policy.json") - - policy = <