Top / Amazon Web Service / AWS Amazon EKS / Addon

AWS Amazon EKS Addon

This page shows how to write Terraform and CloudFormation for Amazon EKS Addon and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_eks_addon (Terraform)

The Addon in Amazon EKS can be configured in Terraform with the resource name aws_eks_addon. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

addons.tf#L4
resource "aws_eks_addon" "vpc_cni" {
  cluster_name = aws_eks_cluster.cluster.name
  addon_name   = "vpc-cni"
}

resource "aws_eks_addon" "coredns-addon" {
addons.tf#L1
resource "aws_eks_addon" "cni" {
  cluster_name = aws_eks_cluster.eks_cluster.name
  addon_name   = "vpc-cni"

  addon_version     = "v1.9.1-eksbuild.1"
  resolve_conflicts = "OVERWRITE"
aws_eks-addons.tf#L2
resource "aws_eks_addon" "vpc-cni" {
  depends_on     = [aws_eks_node_group.ng1]
  cluster_name = data.aws_eks_cluster.eks_cluster.name
  addon_name   = "vpc-cni"
}
addons.tf#L1
resource "aws_eks_addon" "cni" {
  cluster_name      = aws_eks_cluster.eks_cluster.name
  addon_name        = "vpc-cni"

  addon_version     = "v1.9.0-eksbuild.1"
  resolve_conflicts = "OVERWRITE"
eks-addon.tf#L1
resource "aws_eks_addon" "kube_proxy" {
  cluster_name      = module.eks.cluster_id
  addon_name        = "kube-proxy"
  addon_version     = var.addon_kube_proxy_version
  resolve_conflicts = "OVERWRITE"
  tags = {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an EKS add-on.

Note: Amazon EKS add-on can only be used with Amazon EKS Clusters running version 1.18 with platform version eks.3 or later because add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon EKS Resources

In addition to the aws_eks_cluster, AWS Amazon EKS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_eks_cluster

Ensure public access for AWS EKS cluster endpoint is disabled

It is better to disable public access for the AWS EKS cluster endpoint. To reduce the security risks, it is recommended to disable public access and to use VPC to connect to the cluster.

Review your AWS Amazon EKS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::EKS::Addon (CloudFormation)

The Addon in EKS can be configured in CloudFormation with the resource name AWS::EKS::Addon. The following sections describe 6 examples of how to use the resource and its parameters.

Example Usage from GitHub

kubernetes.yml#L35
    #     Type: AWS::EKS::Addon
    #     DependsOn: Cluster
    #     Properties:
    #       AddonName: vpc-cni
    #       AddonVersion: v1.9.3-eksbuild.1
    #       ClusterName: !Ref ClusterName
EksCluster.yml#L102
    Type: AWS::EKS::Addon
    Properties:
      AddonName: vpc-cni
      AddonVersion: v1.7.5-eksbuild.2
      ClusterName: !Ref EksCluster
      ResolveConflicts: OVERWRITE
cloudformation.yaml#L85
    Type: 'AWS::EKS::Addon'
    DependsOn: EKSNodegroup
    Properties:
      AddonName: vpc-cni
      ClusterName: !Ref CapstoneCluster
eks.yaml#L58
        Type: "AWS::EKS::Addon"
        DependsOn: EKSCluster
        Properties:
            AddonName: "coredns"
            AddonVersion: "v1.8.3-eksbuild.1"
            ClusterName: !Ref EKSCluster
eks.yaml#L57
        Type: "AWS::EKS::Addon"
        DependsOn: EKSCluster
        Properties:
            AddonName: "coredns"
            AddonVersion: "v1.8.3-eksbuild.1"
            ClusterName: !Ref EKSCluster
template.json#L1683
    "AWS::EKS::Addon": {
      "Type": "AWS::EKS::Addon",
      "Properties": {}
    },
    "AWS::Macie::FindingsFilter": {
      "Type": "AWS::Macie::FindingsFilter",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Creates an Amazon EKS add-on.

Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons can only be used with Amazon EKS clusters running version 1.

18 with platform version eks.3 or later because add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.

18 and later.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon EKS Resources

Frequently asked questions

What is AWS Amazon EKS Addon?

AWS Amazon EKS Addon is a resource for Amazon EKS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon EKS Addon?

For Terraform, the gretelai/FluentBitLogging, zeadailson/eks-with-terraform and aws-samples/terraform-eks-code source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the Jessinra/TriveryID-Skadi, pgpillai/EKS-DevOps-Pipeline and PhilippMT/capstone source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents