AWS Amazon EKS Addon
This page shows how to write Terraform and CloudFormation for Amazon EKS Addon and write them securely.
aws_eks_addon (Terraform)
The Addon in Amazon EKS can be configured in Terraform with the resource name aws_eks_addon
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_eks_addon" "vpc_cni" {
cluster_name = aws_eks_cluster.cluster.name
addon_name = "vpc-cni"
}
resource "aws_eks_addon" "coredns-addon" {
resource "aws_eks_addon" "cni" {
cluster_name = aws_eks_cluster.eks_cluster.name
addon_name = "vpc-cni"
addon_version = "v1.9.1-eksbuild.1"
resolve_conflicts = "OVERWRITE"
resource "aws_eks_addon" "vpc-cni" {
depends_on = [aws_eks_node_group.ng1]
cluster_name = data.aws_eks_cluster.eks_cluster.name
addon_name = "vpc-cni"
}
resource "aws_eks_addon" "cni" {
cluster_name = aws_eks_cluster.eks_cluster.name
addon_name = "vpc-cni"
addon_version = "v1.9.0-eksbuild.1"
resolve_conflicts = "OVERWRITE"
resource "aws_eks_addon" "kube_proxy" {
cluster_name = module.eks.cluster_id
addon_name = "kube-proxy"
addon_version = var.addon_kube_proxy_version
resolve_conflicts = "OVERWRITE"
tags = {
Parameters
-
addon_name
required - string -
addon_version
optional computed - string -
arn
optional computed - string -
cluster_name
required - string -
created_at
optional computed - string -
id
optional computed - string -
modified_at
optional computed - string -
resolve_conflicts
optional - string -
service_account_role_arn
optional - string -
tags
optional computed - map from string to string
Explanation in Terraform Registry
Manages an EKS add-on.
Note: Amazon EKS add-on can only be used with Amazon EKS Clusters running version 1.18 with platform version eks.3 or later because add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later.
Tips: Best Practices for The Other AWS Amazon EKS Resources
In addition to the aws_eks_cluster, AWS Amazon EKS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_eks_cluster
Ensure public access for AWS EKS cluster endpoint is disabled
It is better to disable public access for the AWS EKS cluster endpoint. To reduce the security risks, it is recommended to disable public access and to use VPC to connect to the cluster.
AWS::EKS::Addon (CloudFormation)
The Addon in EKS can be configured in CloudFormation with the resource name AWS::EKS::Addon
. The following sections describe 6 examples of how to use the resource and its parameters.
Example Usage from GitHub
# Type: AWS::EKS::Addon
# DependsOn: Cluster
# Properties:
# AddonName: vpc-cni
# AddonVersion: v1.9.3-eksbuild.1
# ClusterName: !Ref ClusterName
Type: AWS::EKS::Addon
Properties:
AddonName: vpc-cni
AddonVersion: v1.7.5-eksbuild.2
ClusterName: !Ref EksCluster
ResolveConflicts: OVERWRITE
Type: 'AWS::EKS::Addon'
DependsOn: EKSNodegroup
Properties:
AddonName: vpc-cni
ClusterName: !Ref CapstoneCluster
Type: "AWS::EKS::Addon"
DependsOn: EKSCluster
Properties:
AddonName: "coredns"
AddonVersion: "v1.8.3-eksbuild.1"
ClusterName: !Ref EKSCluster
Type: "AWS::EKS::Addon"
DependsOn: EKSCluster
Properties:
AddonName: "coredns"
AddonVersion: "v1.8.3-eksbuild.1"
ClusterName: !Ref EKSCluster
"AWS::EKS::Addon": {
"Type": "AWS::EKS::Addon",
"Properties": {}
},
"AWS::Macie::FindingsFilter": {
"Type": "AWS::Macie::FindingsFilter",
Parameters
-
ClusterName
required - String -
AddonName
required - String -
AddonVersion
optional - String -
ResolveConflicts
optional - String -
ServiceAccountRoleArn
optional - String -
Tags
optional - List of Tag
Explanation in CloudFormation Registry
Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons can only be used with Amazon EKS clusters running version 1.
18 with platform version
eks.3
or later because add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later.
Frequently asked questions
What is AWS Amazon EKS Addon?
AWS Amazon EKS Addon is a resource for Amazon EKS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EKS Addon?
For Terraform, the gretelai/FluentBitLogging, zeadailson/eks-with-terraform and aws-samples/terraform-eks-code source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the Jessinra/TriveryID-Skadi, pgpillai/EKS-DevOps-Pipeline and PhilippMT/capstone source code examples are useful. See the CloudFormation Example section for further details.