terraform { required_version = ">= 1.0.1" required_providers { aws = { source = "hashicorp/aws" version = ">= 3.66.0" } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.6.1" } helm = { source = "hashicorp/helm" version = ">= 2.4.1" } kubectl = { source = "gavinbunney/kubectl" version = ">= 1.7.0" } } } provider "aws" { region = data.aws_region.current.id alias = "default" } terraform { backend "local" { path = "local_tf_state/terraform-main.tfstate" } } data "aws_region" "current" {} data "aws_availability_zones" "available" {} locals { tenant = "teams-account" # AWS account name or unique id for tenant environment = "sandbox" # Environment area eg., preprod or prod zone = "demo2" # Environment with in one sub_tenant or business unit kubernetes_version = "1.21" vpc_cidr = "10.0.0.0/16" vpc_name = join("-", [local.tenant, local.environment, local.zone, "vpc"]) cluster_name = join("-", [local.tenant, local.environment, local.zone, "eks"]) terraform_version = "Terraform v1.0.1" } module "aws_vpc" { source = "terraform-aws-modules/vpc/aws" version = "v3.2.0" name = local.vpc_name cidr = local.vpc_cidr azs = data.aws_availability_zones.available.names public_subnets = [for k, v in slice(data.aws_availability_zones.available.names, 0, 3) : cidrsubnet(local.vpc_cidr, 8, k)] private_subnets = [for k, v in slice(data.aws_availability_zones.available.names, 0, 3) : cidrsubnet(local.vpc_cidr, 8, k + 10)] enable_nat_gateway = true create_igw = true enable_dns_hostnames = true public_subnet_tags = { "kubernetes.io/cluster/${local.cluster_name}" = "shared" "kubernetes.io/role/elb" = "1" } private_subnet_tags = { "kubernetes.io/cluster/${local.cluster_name}" = "shared" "kubernetes.io/role/internal-elb" = "1" } } #--------------------------------------------------------------- # Example to consume aws-eks-accelerator-for-terraform module with Teams (Application and Platform) #--------------------------------------------------------------- module "aws-eks-accelerator-for-terraform" { source = "github.com/aws-samples/aws-eks-accelerator-for-terraform" tenant = local.tenant environment = local.environment zone = local.zone terraform_version = local.terraform_version # EKS Cluster VPC and Subnet mandatory config vpc_id = module.aws_vpc.vpc_id private_subnet_ids = module.aws_vpc.private_subnets # EKS CONTROL PLANE VARIABLES create_eks = true kubernetes_version = local.kubernetes_version tags = { "SSP-TF-Teams" = "true" } # EKS MANAGED NODE GROUPS managed_node_groups = { mg_4 = { node_group_name = "managed-ondemand" instance_types = ["m4.large"] subnet_ids = module.aws_vpc.private_subnets } } platform_teams = { admin-team-1 = { ## Users Example: # users = [ # "arn:aws:iam:::user/", # "arn:aws:iam:::role/" # ] users = [ ] } } # EKS Teams application_teams = { team-red = { "labels" = { "appName" = "read-team-app", "projectName" = "project-red", "environment" = "example", "domain" = "example", "uuid" = "example", "billingCode" = "example", "branch" = "example" } "quota" = { "requests.cpu" = "1000m", "requests.memory" = "4Gi", "limits.cpu" = "2000m", "limits.memory" = "8Gi", "pods" = "10", "secrets" = "10", "services" = "10" } ## Manifests Example: manifests_dir = "./manifests-team-red" ## Users Example: # users = [ # "arn:aws:iam:::user/", # "arn:aws:iam:::role/" # ] } team-blue = { "labels" = { "appName" = "blue-team-app", "projectName" = "project-blue", } "quota" = { "requests.cpu" = "2000m", "requests.memory" = "4Gi", "limits.cpu" = "4000m", "limits.memory" = "16Gi", "pods" = "20", "secrets" = "20", "services" = "20" } ## Manifests Example: manifests_dir = "./manifests-team-blue" ## Users Example: # users = [ # "arn:aws:iam:::user/", # "arn:aws:iam:::role/" # ] } } }