fix: eks module update to version 20.29.0 (#186)

container-registry/aws/ecr/README.md

@@ -22,15 +22,15 @@ This module must be used with these constraints:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_generic"></a> [generic](#requirement\_generic) | >= 0.1.1 |
 | <a name="requirement_skopeo2"></a> [skopeo2](#requirement\_skopeo2) | >= 1.1.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_generic"></a> [generic](#provider\_generic) | >= 0.1.1 |
 | <a name="provider_skopeo2"></a> [skopeo2](#provider\_skopeo2) | >= 1.1.1 |
 

container-registry/aws/ecr/examples/complete/README.md

@@ -20,15 +20,15 @@ terraform destroy
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.61 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.61 |
 | <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | ~> 3.2.1 |
 

container-registry/aws/ecr/examples/complete/versions.tf

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.4.0"
+      version = "~> 5.61"
     }
     external = {
       source  = "hashicorp/external"

container-registry/aws/ecr/examples/simple/README.md

@@ -20,15 +20,15 @@ terraform destroy
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.61 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.61 |
 | <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | ~> 3.2.1 |
 

container-registry/aws/ecr/examples/simple/versions.tf

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.4.0"
+      version = "~> 5.61"
     }
     external = {
       source  = "hashicorp/external"

container-registry/aws/ecr/versions.tf

@@ -10,7 +10,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.4.0"
+      version = ">= 5.61"
     }
     skopeo2 = {
       source  = "bsquare-corp/skopeo2"

kubernetes/aws/addons/efs-csi/README.md

@@ -6,15 +6,15 @@ Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.10.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.22.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.10.1 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.22.0 |
 

kubernetes/aws/addons/efs-csi/examples/complete/README.md

@@ -20,7 +20,7 @@ terraform destroy
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.10.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.22.0 |
@@ -30,7 +30,7 @@ terraform destroy
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
 

kubernetes/aws/addons/efs-csi/examples/complete/versions.tf

@@ -37,7 +37,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.4.0"
+      version = ">= 5.61"
     }
     null = {
       source  = "hashicorp/null"

kubernetes/aws/addons/efs-csi/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.3.0"
+      version = ">= 5.61"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

kubernetes/aws/eks/README.md

@@ -4,7 +4,7 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.10.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.13.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
@@ -14,7 +14,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.10.1 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.13.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
@@ -25,7 +25,7 @@
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_aws_node_termination_handler_role"></a> [aws\_node\_termination\_handler\_role](#module\_aws\_node\_termination\_handler\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 4.1.0 |
-| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.16.0 |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 20.29.0 |
 
 ## Resources
 
@@ -53,7 +53,6 @@
 | [random_string.random_resources](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_autoscaling_groups.groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/autoscaling_groups) | data source |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.worker_autoscaling](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -113,8 +112,6 @@
 | <a name="input_instance_refresh_tag"></a> [instance\_refresh\_tag](#input\_instance\_refresh\_tag) | Instance refresh tag | `string` | n/a | yes |
 | <a name="input_instance_refresh_version"></a> [instance\_refresh\_version](#input\_instance\_refresh\_version) | Instance refresh helm chart version | `string` | n/a | yes |
 | <a name="input_kubeconfig_file"></a> [kubeconfig\_file](#input\_kubeconfig\_file) | Kubeconfig file path | `string` | n/a | yes |
-| <a name="input_map_roles_groups"></a> [map\_roles\_groups](#input\_map\_roles\_groups) | List of map roles group | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | n/a | yes |
-| <a name="input_map_users_groups"></a> [map\_users\_groups](#input\_map\_users\_groups) | List of map users group | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | AWS EKS service name | `string` | `"armonik-eks"` | no |
 | <a name="input_node_selector"></a> [node\_selector](#input\_node\_selector) | Node selector for pods of EKS system | `any` | `{}` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | Profile of AWS credentials to deploy Terraform sources | `string` | n/a | yes |

kubernetes/aws/eks/examples/complete/README.md

@@ -20,7 +20,7 @@ terraform destroy
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.10.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.21.1 |
@@ -30,7 +30,7 @@ terraform destroy
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
 

kubernetes/aws/eks/examples/complete/main.tf

@@ -63,8 +63,6 @@ module "eks" {
   instance_refresh_tag                                     = "v1.19.0"
   instance_refresh_version                                 = "0.21.0"
   kubeconfig_file                                          = "generated/kubeconfig"
-  map_roles_groups                                         = []
-  map_users_groups                                         = []
   vpc_id                                                   = data.aws_vpc.default.id
   vpc_pods_subnet_ids                                      = data.aws_subnets.subnets.ids
   vpc_private_subnet_ids                                   = data.aws_subnets.subnets.ids

kubernetes/aws/eks/examples/complete/versions.tf

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.4.0"
+      version = ">= 5.61"
     }
     null = {
       source  = "hashicorp/null"

kubernetes/aws/eks/examples/simple/README.md

@@ -20,7 +20,7 @@ terraform destroy
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.10.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.21.1 |
@@ -30,7 +30,7 @@ terraform destroy
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
 

kubernetes/aws/eks/examples/simple/main.tf

@@ -63,8 +63,6 @@ module "eks" {
   instance_refresh_tag                                     = "v1.19.0"
   instance_refresh_version                                 = "0.21.0"
   kubeconfig_file                                          = "generated/kubeconfig"
-  map_roles_groups                                         = []
-  map_users_groups                                         = []
   vpc_id                                                   = data.aws_vpc.default.id
   vpc_pods_subnet_ids                                      = data.aws_subnets.subnets.ids
   vpc_private_subnet_ids                                   = data.aws_subnets.subnets.ids

kubernetes/aws/eks/examples/simple/versions.tf

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.4.0"
+      version = ">= 5.61"
     }
     null = {
       source  = "hashicorp/null"

kubernetes/aws/eks/main.tf

@@ -1,6 +1,3 @@
-# Current account
-data "aws_caller_identity" "current" {}
-
 data "aws_region" "current" {}
 
 # Available zones
@@ -115,20 +112,22 @@ locals {
 
 module "eks" {
   source          = "terraform-aws-modules/eks/aws"
-  version         = "19.16.0"
+  version         = "20.29.0"
   create          = true
   cluster_name    = var.name
   cluster_version = var.cluster_version
 
+  # If you want to maintain the current default behavior of v19.x
+  kms_key_enable_default_policy = false
+
+  # Cluster access entry
+  # To add the current caller identity as an administrator
+  enable_cluster_creator_admin_permissions = true
+
   # VPC
   subnet_ids = var.vpc_private_subnet_ids
   vpc_id     = var.vpc_id
 
-  create_aws_auth_configmap = !(can(coalesce(var.eks_managed_node_groups)) && can(coalesce(var.fargate_profiles)))
-  # Needed to add self managed node group configuration.
-  # => kubectl get cm aws-auth -n kube-system -o yaml
-  manage_aws_auth_configmap = true
-
   # Private cluster
   cluster_endpoint_private_access = var.cluster_endpoint_private_access
 
@@ -154,6 +153,8 @@ module "eks" {
     }
   }
 
+  cluster_additional_security_group_ids = [module.eks.node_security_group_id]
+
   cluster_encryption_config = {
     provider_key_arn = var.cluster_encryption_config
     resources        = ["secrets"]
@@ -163,17 +164,6 @@ module "eks" {
   tags         = local.tags
   cluster_tags = local.tags
 
-  # IAM
-  # used to allow other users to interact with our cluster
-  aws_auth_roles = var.map_roles_groups
-  aws_auth_users = concat([
-    {
-      userarn  = "arn:aws:iam::${data.aws_caller_identity.current.arn}:user/admin"
-      username = "admin"
-      groups   = ["system:masters", "system:bootstrappers", "system:nodes"]
-    }
-  ], var.map_users_groups)
-
   # List of EKS managed node groups
   eks_managed_node_group_defaults = {
     enable_monitoring = true

kubernetes/aws/eks/variables.tf

@@ -309,25 +309,6 @@ variable "ebs_kms_key_id" {
   type        = string
 }
 
-# Map roles
-variable "map_roles_groups" {
-  description = "List of map roles group"
-  type = list(object({
-    rolearn  = string
-    username = string
-    groups   = list(string)
-  }))
-}
-
-# Map users
-variable "map_users_groups" {
-  description = "List of map users group"
-  type = list(object({
-    userarn  = string
-    username = string
-    groups   = list(string)
-  }))
-}
 # List of self managed node groups
 variable "self_managed_node_groups" {
   description = "List of self managed node groups"

kubernetes/aws/eks/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.3.0"
+      version = ">= 5.61"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

monitoring/aws/cloudwatch-log-group/README.md

@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 
 ## Modules
 

monitoring/aws/cloudwatch-log-group/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.3.0"
+      version = ">= 5.61"
     }
   }
 }

networking/aws/vpc/README.md

@@ -18,13 +18,13 @@ This module creates an AWS VPC with these constraints:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 
 ## Modules