feat(eks-cluster): support aws v6

Author: posquit0

modules/eks-cluster/README.md

@@ -1,3 +1,7 @@
 data "aws_cloudwatch_log_group" "this" {
+  count = var.logging.enabled ? 1 : 0
+
+  region = var.region
+
   name = "/aws/eks/${aws_eks_cluster.this.name}/cluster"
 }

modules/eks-cluster/cloudwatch.tf

@@ -6,7 +6,7 @@ module "role" {
   count = var.default_cluster_role.enabled ? 1 : 0
 
   source  = "tedilabs/account/aws//modules/iam-role"
-  version = "~> 0.30.0"
+  version = "~> 0.33.0"
 
   name = coalesce(
     var.default_cluster_role.name,
@@ -27,9 +27,11 @@ module "role" {
   )
   inline_policies = var.default_cluster_role.inline_policies
 
-  force_detach_policies  = true
-  resource_group_enabled = false
-  module_tags_enabled    = false
+  force_detach_policies = true
+  resource_group = {
+    enabled = false
+  }
+  module_tags_enabled = false
 
   tags = merge(
     local.module_tags,
@@ -46,7 +48,7 @@ module "role__node" {
   count = var.default_node_role.enabled ? 1 : 0
 
   source  = "tedilabs/account/aws//modules/iam-role"
-  version = "~> 0.30.0"
+  version = "~> 0.33.0"
 
   name = coalesce(
     var.default_node_role.name,
@@ -74,9 +76,11 @@ module "role__node" {
     enabled = true
   }
 
-  force_detach_policies  = true
-  resource_group_enabled = false
-  module_tags_enabled    = false
+  force_detach_policies = true
+  resource_group = {
+    enabled = false
+  }
+  module_tags_enabled = false
 
   tags = merge(
     local.module_tags,

modules/eks-cluster/iam.tf

@@ -4,15 +4,19 @@
 
 module "oidc_provider" {
   source  = "tedilabs/account/aws//modules/iam-oidc-identity-provider"
-  version = "~> 0.30.0"
+  version = "~> 0.33.0"
+
+  count = var.irsa_oidc_provider.enabled ? 1 : 0
 
   url       = aws_eks_cluster.this.identity[0].oidc[0].issuer
   audiences = ["sts.amazonaws.com"]
 
   auto_thumbprint_enabled = true
 
-  resource_group_enabled = false
-  module_tags_enabled    = false
+  resource_group = {
+    enabled = false
+  }
+  module_tags_enabled = false
 
   tags = merge(
     local.module_tags,

modules/eks-cluster/irsa-oidc-provider.tf

@@ -26,15 +26,35 @@ locals {
 # EKS Control Plane
 ###################################################
 
+# INFO: EKS Auto-mode Only
+# - `compute_config`
+# - `kubernetes_network_config[].elastic_load_balancing.enabled`
+# - `storage_config`
 resource "aws_eks_cluster" "this" {
-  name    = var.name
-  version = var.kubernetes_version
+  region = var.region
+
+  name                          = var.name
+  deletion_protection           = var.deletion_protection_enabled
+  bootstrap_self_managed_addons = var.bootstrap_self_managed_addons
+
   role_arn = (var.default_cluster_role.enabled
     ? module.role[0].arn
     : var.cluster_role
   )
 
-  enabled_cluster_log_types = var.log_types
+  enabled_cluster_log_types = var.logging.enabled ? var.logging.log_types : []
+
+  zonal_shift_config {
+    enabled = var.arc_zonal_shift.enabled
+  }
+
+  ## Versioning
+  version              = var.kubernetes_version
+  force_update_version = var.upgrade_policy.force_upgrade
+
+  upgrade_policy {
+    support_type = var.upgrade_policy.support_type
+  }
 
 
   ## Network
@@ -56,10 +76,10 @@ resource "aws_eks_cluster" "this" {
     content {
       outpost_arns = outpost_config.value.outposts
 
-      control_plane_instance_type = outpost_config.value.control_plane_instance_type
+      control_plane_instance_type = outpost_config.value.control_plane.instance_type
 
       dynamic "control_plane_placement" {
-        for_each = outpost_config.value.control_plane_placement_group != null ? [outpost_config.value.control_plane_placement_group] : []
+        for_each = outpost_config.value.control.plane_placement_group != null ? [outpost_config.value.control_plane.placement_group] : []
 
         content {
           group_name = control_plane_placement.value
@@ -71,6 +91,38 @@ resource "aws_eks_cluster" "this" {
   kubernetes_network_config {
     service_ipv4_cidr = var.kubernetes_network_config.service_ipv4_cidr
     ip_family         = local.ip_family[var.kubernetes_network_config.ip_family]
+
+    dynamic "elastic_load_balancing" {
+      for_each = var.auto_mode.network.elastic_load_balancing.enabled ? [var.auto_mode.network.elastic_load_balancing] : []
+
+      content {
+        enabled = elastic_load_balancing.value.enabled
+      }
+    }
+  }
+
+  dynamic "remote_network_config" {
+    for_each = (length(var.remote_network_config.node_ipv4_cidrs) > 0 || length(var.remote_network_config.pod_ipv4_cidrs) > 0
+      ? [var.remote_network_config]
+      : []
+    )
+
+    content {
+      dynamic "remote_node_networks" {
+        for_each = length(remote_network_config.value.node_ipv4_cidrs) > 0 ? ["go"] : []
+
+        content {
+          cidrs = remote_network_config.value.node_ipv4_cidrs
+        }
+      }
+      dynamic "remote_pod_networks" {
+        for_each = length(remote_network_config.value.pod_ipv4_cidrs) > 0 ? ["go"] : []
+
+        content {
+          cidrs = remote_network_config.value.pod_ipv4_cidrs
+        }
+      }
+    }
   }
 
 
@@ -93,6 +145,38 @@ resource "aws_eks_cluster" "this" {
     }
   }
 
+
+  ## Auto-mode Only
+  dynamic "compute_config" {
+    for_each = var.auto_mode.compute.enabled ? [var.auto_mode.compute] : []
+
+    content {
+      enabled    = compute_config.value.enabled
+      node_pools = compute_config.value.builtin_node_pools
+      node_role_arn = (compute_config.value.enabled
+        ? (compute_config.value.node_role != null
+          ? compute_config.value.node_role
+          : one(module.role__node[*].arn)
+        ) : null
+      )
+    }
+  }
+
+  dynamic "storage_config" {
+    for_each = var.auto_mode.storage.block_storage.enabled ? [var.auto_mode.storage] : []
+
+    content {
+      dynamic "block_storage" {
+        for_each = storage_config.value.block_storage.enabled ? [storage_config.value.block_storage] : []
+
+        content {
+          enabled = block_storage.value.enabled
+        }
+      }
+    }
+  }
+
+
   timeouts {
     create = var.timeouts.create
     update = var.timeouts.update

modules/eks-cluster/main.tf

@@ -1,3 +1,9 @@
+# 2025-11-17: Make OIDC provider for IRSA to be optional
+moved {
+  from = module.oidc_provider.aws_iam_openid_connect_provider.this
+  to   = module.oidc_provider[0].aws_iam_openid_connect_provider.this
+}
+
 # 2023-11-10: Add variable to decide whether to create IAM role for EKS node
 moved {
   from = module.role__node

modules/eks-cluster/migrations.tf

@@ -8,6 +8,8 @@ resource "aws_eks_identity_provider_config" "this" {
     provider.name => provider
   }
 
+  region = var.region
+
   cluster_name = aws_eks_cluster.this.name
 
   oidc {

modules/eks-cluster/oidc-providers.tf

@@ -1,3 +1,8 @@
+output "region" {
+  description = "The AWS region this module resources resides in."
+  value       = aws_eks_cluster.this.region
+}
+
 output "name" {
   description = "The name of the cluster."
   value       = aws_eks_cluster.this.name
@@ -23,11 +28,47 @@ output "platform_version" {
   value       = aws_eks_cluster.this.platform_version
 }
 
+output "upgrade_policy" {
+  description = "The upgrade policy for the cluster."
+  value = {
+    force_upgrade = aws_eks_cluster.this.force_update_version
+    support_type  = aws_eks_cluster.this.upgrade_policy[0].support_type
+  }
+}
+
 output "status" {
   description = "The status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`."
   value       = aws_eks_cluster.this.status
 }
 
+output "arc_zonal_shift" {
+  description = "The configurations of ARC zonal shift for the EKS cluster."
+  value = {
+    enabled = try(aws_eks_cluster.this.zonal_shift_config[0].enabled, false)
+  }
+}
+
+output "auto_mode" {
+  description = "The configuration for Auto-mode of the EKS cluster."
+  value = {
+    compute = {
+      enabled            = try(aws_eks_cluster.this.compute_config[0].enabled, false)
+      builtin_node_pools = try(aws_eks_cluster.this.compute_config[0].node_pools, [])
+      node_role          = try(aws_eks_cluster.this.compute_config[0].node_role_arn, null)
+    }
+    network = {
+      elastic_load_balancing = {
+        enabled = try(aws_eks_cluster.this.kubernetes_network_config[0].elastic_load_balancing[0].enabled, false)
+      }
+    }
+    storage = {
+      block_storage = {
+        enabled = try(aws_eks_cluster.this.storage_config[0].block_storage[0].enabled, false)
+      }
+    }
+  }
+}
+
 output "vpc_id" {
   description = "The ID of VPC associated with the cluster."
   value       = aws_eks_cluster.this.vpc_config[0].vpc_id
@@ -75,15 +116,18 @@ output "outpost_config" {
   description = <<EOF
   The configurations of the outpost for the EKS cluster.
     `outposts` - The list of the Outposts ARNs.
-    `control_plane_instance_type` - The EC2 instance type of the local EKS control plane node on Outposts.
-    `control_plane_placement_group` - The name of the placement group for the EKS control plane node on Outposts.
+    `control_plane` - The configurations of the local EKS control plane node on Outposts.
+      `instance_type` - The EC2 instance type of the local EKS control plane node on Outposts.
+      `placement_group` - The name of the placement group for the EKS control plane node on Outposts.
   EOF
   value = (var.outpost_config != null
     ? {
-      outposts                      = aws_eks_cluster.this.outpost_config[0].outpost_arns
-      cluster_id                    = aws_eks_cluster.this.cluster_id
-      control_plane_instance_type   = aws_eks_cluster.this.outpost_config[0].control_plane_instance_type
-      control_plane_placement_group = one(aws_eks_cluster.this.outpost_config[0].control_plane_placement[*].group_name)
+      outposts   = aws_eks_cluster.this.outpost_config[0].outpost_arns
+      cluster_id = aws_eks_cluster.this.cluster_id
+      control_plane = {
+        instance_type   = aws_eks_cluster.this.outpost_config[0].control_plane_instance_type
+        placement_group = one(aws_eks_cluster.this.outpost_config[0].control_plane_placement[*].group_name)
+      }
     }
     : null
   )
@@ -103,6 +147,18 @@ output "kubernetes_network_config" {
   }
 }
 
+output "remote_network_config" {
+  description = <<EOF
+  The configurations of remote network for the EKS Hybrid nodes.
+    `node_ipv4_cidrs` - A set of IPv4 CIDR blocks for remote nodes.
+    `pod_ipv4_cidrs` - A set of IPv4 CIDR blocks for remote pods.
+  EOF
+  value = {
+    node_ipv4_cidrs = try(aws_eks_cluster.this.remote_network_config[0].remote_node_networks[0].cidrs, [])
+    pod_ipv4_cidrs  = try(aws_eks_cluster.this.remote_network_config[0].remote_pod_networks[0].cidrs, [])
+  }
+}
+
 output "authentication_mode" {
   description = "The authentication mode for the cluster."
   value       = aws_eks_cluster.this.access_config[0].authentication_mode
@@ -141,27 +197,33 @@ output "default_node_role" {
 output "irsa_oidc_provider" {
   description = <<EOF
   The configurations of the OIDC provider for IRSA (IAM Roles for Service Accounts).
+    `enabled` - Whether to create the IAM OIDC provider for the EKS cluster to use IAM Roles for Service Accounts (IRSA).
     `arn` - The ARN assigned by AWS for this provider.
     `url` - The URL of the identity provider.
     `urn` - The URN of the identity provider.
     `audiences` - A list of audiences (also known as client IDs) for the IAM OIDC provider.
   EOF
   value = {
-    arn       = module.oidc_provider.arn
+    enabled   = var.irsa_oidc_provider.enabled
     url       = aws_eks_cluster.this.identity[0].oidc[0].issuer
-    urn       = module.oidc_provider.urn
-    audiences = module.oidc_provider.audiences
+    arn       = one(module.oidc_provider[*].arn)
+    urn       = one(module.oidc_provider[*].urn)
+    audiences = one(module.oidc_provider[*].audiences)
   }
 }
 
 output "logging" {
   description = "The configurations of the control plane logging."
   value = {
+    enabled   = var.logging.enabled
     log_types = aws_eks_cluster.this.enabled_cluster_log_types
-    cloudwatch_log_group = {
-      arn  = data.aws_cloudwatch_log_group.this.arn
-      name = data.aws_cloudwatch_log_group.this.name
-    }
+    cloudwatch_log_group = (var.logging.enabled
+      ? {
+        arn  = data.aws_cloudwatch_log_group.this[0].arn
+        name = data.aws_cloudwatch_log_group.this[0].name
+      }
+      : null
+    )
   }
 }
 
@@ -190,14 +252,6 @@ output "created_at" {
   value       = aws_eks_cluster.this.created_at
 }
 
-# output "debug" {
-#   value = {
-#     for k, v in aws_eks_cluster.this :
-#     k => v
-#     if !contains(["arn", "access_config", "certificate_authority", "tags", "tags_all", "created_at", "role_arn", "name", "status", "version", "timeouts", "platform_version", "kubernetes_network_config", "id", "endpoint", "encryption_config", "outpost_config", "identity", "vpc_config", "enabled_cluster_log_types", "cluster_id"], k)
-#   }
-# }
-
 output "resource_group" {
   description = "The resource group created to manage resources in this module."
   value = merge(
@@ -213,3 +267,11 @@ output "resource_group" {
     )
   )
 }
+
+# output "debug" {
+#   value = {
+#     for k, v in aws_eks_cluster.this :
+#     k => v
+#     if !contains(["arn", "access_config", "certificate_authority", "tags", "tags_all", "created_at", "role_arn", "name", "status", "version", "timeouts", "platform_version", "kubernetes_network_config", "id", "endpoint", "encryption_config", "outpost_config", "identity", "vpc_config", "enabled_cluster_log_types", "cluster_id", "deletion_protection", "region", "upgrade_policy", "force_update_version", "oidc", "remote_network_config", "bootstrap_self_managed_addons", "storage_config", "compute_config", "zonal_shift_config"], k)
+#   }
+# }