add generation of version.tf; add descriptions for variables

Author: Max Glotov

terraform/.terraform-version

@@ -1 +1 @@
-1.4.4
+1.7.3

terraform/modules/aws-acm/versions.tf

@@ -1,14 +1,3 @@
-locals {
-
-  eks_map_roles = [
-    {
-      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator"
-      username = "administrator"
-      groups   = ["system:masters"]
-    }
-  ]
-}
-
 data "aws_ami" "eks_default_arm64" {
   most_recent = true
   owners      = ["amazon"]
@@ -23,16 +12,18 @@ data "aws_ami" "eks_default_arm64" {
 #tfsec:ignore:aws-vpc-no-public-egress-sgr tfsec:ignore:aws-eks-enable-control-plane-logging tfsec:ignore:aws-eks-encrypt-secrets tfsec:ignore:aws-eks-no-public-cluster-access tfsec:ignore:aws-eks-no-public-cluster-access-to-cidr
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "19.12.0"
-
-  cluster_name              = var.name
-  cluster_version           = var.eks_cluster_version
-  subnet_ids                = var.private_subnets
-  control_plane_subnet_ids  = var.intra_subnets
-  enable_irsa               = true
-  manage_aws_auth_configmap = true
-  create_aws_auth_configmap = false
-  aws_auth_roles            = local.eks_map_roles
+  version = "20.8.4"
+
+  cluster_name             = var.name
+  cluster_version          = var.eks_cluster_version
+  vpc_id                   = var.vpc_id
+  subnet_ids               = var.private_subnets
+  control_plane_subnet_ids = var.intra_subnets
+
+  authentication_mode                      = "API"
+  enable_cluster_creator_admin_permissions = true
+  access_entries                           = var.access_entries
+
   cluster_addons = {
     coredns = {
       most_recent = true
@@ -56,8 +47,6 @@ module "eks" {
   cluster_enabled_log_types              = var.eks_cluster_enabled_log_types
   cloudwatch_log_group_retention_in_days = var.eks_cloudwatch_log_group_retention_in_days
 
-  vpc_id = var.vpc_id
-
   cluster_endpoint_public_access       = var.eks_cluster_endpoint_public_access
   cluster_endpoint_private_access      = var.eks_cluster_endpoint_private_access
   cluster_endpoint_public_access_cidrs = var.eks_cluster_endpoint_only_pritunl ? ["0.0.0.0/0"] : ["0.0.0.0/0"]

terraform/modules/aws-cis-benchmark-alerts/versions.tf

@@ -0,0 +1,11 @@
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  token                  = data.aws_eks_cluster_auth.main.token
+}
+
+data "aws_eks_cluster_auth" "main" {
+  name = module.eks.cluster_name
+}
+
+data "aws_caller_identity" "current" {}

terraform/modules/aws-cost-allocation-tags/versions.tf

@@ -1,33 +1,40 @@
 variable "name" {
-  type = string
+  type        = string
+  description = "Name, required to create unique resource names"
 }
 
 variable "env" {
-  type = string
+  type        = string
+  description = "Environment name"
 }
 
 variable "region" {
-  type = string
+  type        = string
+  description = "Infrastructure region"
 }
 
 variable "vpc_id" {
-  type = string
+  type        = string
+  description = "The ID of the VPC where cluster will created"
 }
 
 variable "intra_subnets" {
-  type = list(any)
+  type        = list(any)
+  description = "A list of intra subnets inside the VPC"
 }
 
 variable "private_subnets" {
-  type = list(any)
+  type        = list(any)
+  description = "A list of private subnets inside the VPC"
 }
 
 variable "public_subnets" {
-  type = list(any)
+  type        = list(any)
+  description = "A list of public subnets inside the VPC"
 }
 
 variable "eks_cluster_version" {
-  default     = "1.25"
+  default     = "1.29"
   description = "Version of the EKS K8S cluster"
 }
 
@@ -64,15 +71,10 @@ variable "node_group_default" {
   description = "Default node group configuration"
 }
 
-variable "eks_map_roles" {
-  description = "Additional IAM roles to add to the aws-auth configmap."
-  type = list(object({
-    rolearn  = string
-    username = string
-    groups   = list(string)
-  }))
-
-  default = []
+variable "access_entries" {
+  type        = any
+  default     = {}
+  description = "Map of access entries to add to the cluster"
 }
 
 variable "eks_cluster_enabled_log_types" {
@@ -101,7 +103,7 @@ variable "eks_cluster_endpoint_public_access" {
 
 variable "eks_cluster_endpoint_private_access" {
   type        = bool
-  default     = false
+  default     = true
   description = "Enable or not private access to cluster endpoint"
 }
 
@@ -112,6 +114,7 @@ variable "eks_cluster_endpoint_only_pritunl" {
 }
 
 variable "tags" {
-  type    = any
-  default = {}
+  type        = any
+  default     = {}
+  description = "A map of additional tags to add to resources"
 }

terraform/modules/aws-ebs-encryption-default/versions.tf

@@ -1,5 +1,5 @@
 locals {
-  az_count         = length(var.azs) - 1
+  az_count         = length(var.azs)
   cidr_subnets     = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)]
   private_subnets  = chunklist(local.cidr_subnets[0], local.az_count)[0]
   public_subnets   = chunklist(local.cidr_subnets[1], local.az_count)[0]
@@ -9,7 +9,7 @@ locals {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "4.0.1"
+  version = "5.7.1"
 
   name = var.name
   cidr = var.cidr
@@ -84,7 +84,7 @@ module "vpc" {
 
 module "vpc_gateway_endpoints" {
   source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
-  version = "4.0.1"
+  version = "5.7.1"
 
   vpc_id = module.vpc.vpc_id
 

terraform/modules/aws-eks/main.tf

@@ -1,17 +1,26 @@
 variable "name" {
-  type = string
-}
-variable "single_nat_gateway" {
-  type    = bool
-  default = false
+  type        = string
+  description = "Name, required to create unique resource names"
 }
+
 variable "cidr" {
-  type = string
+  type        = string
+  description = "The IPv4 CIDR block for the VPC"
 }
+
 variable "azs" {
-  type = list(any)
+  type        = list(any)
+  description = "A list of availability zones names or ids in the region"
+}
+
+variable "single_nat_gateway" {
+  type        = bool
+  default     = false
+  description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
 }
+
 variable "tags" {
-  type    = any
-  default = {}
+  type        = any
+  default     = {}
+  description = "A map of additional tags to add to resources"
 }

terraform/modules/aws-eks/providers.tf

@@ -1 +1,33 @@
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.main.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.main.token
+}
+
+provider "kubectl" {
+  host                   = data.aws_eks_cluster.main.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.main.token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.main.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+    token                  = data.aws_eks_cluster_auth.main.token
+  }
+
+  experiments {
+    manifest = true
+  }
+}
+
+data "aws_eks_cluster" "main" {
+  name = var.eks_cluster_id
+}
+
+data "aws_eks_cluster_auth" "main" {
+  name = var.eks_cluster_id
+}
+
 data "aws_caller_identity" "current" {}