Initial commit.

modules/eks-auth/data.tf

@@ -0,0 +1,3 @@
+data "aws_eks_cluster_auth" "self" {
+  name = var.cluster_id
+}

modules/eks-auth/main.tf

@@ -0,0 +1,14 @@
+locals {
+  current_roles = yamldecode(yamldecode(var.aws_auth_configmap_yaml).data.mapRoles)
+}
+
+resource "kubernetes_config_map" "aws_auth" {
+  metadata {
+    name      = "aws-auth"
+    namespace = "kube-system"
+  }
+
+  data = {
+    mapRoles = yamlencode(concat(local.current_roles, var.aws_auth_additional_roles))
+  }
+}

modules/eks-auth/provider.tf

@@ -0,0 +1,5 @@
+provider "kubernetes" {
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
+  token                  = data.aws_eks_cluster_auth.self.token
+}

modules/eks-auth/variables.tf

@@ -0,0 +1,28 @@
+variable "aws_auth_configmap_yaml" {
+  description = "Formatted yaml for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
+  type        = string
+}
+
+variable "aws_auth_additional_roles" {
+  type = list(object({
+    rolearn  = string
+    groups   = list(string)
+    username = string
+    }
+  ))
+}
+
+variable "cluster_id" {
+  type        = string
+  description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
+}
+
+variable "cluster_endpoint" {
+  type        = string
+  description = "Endpoint for your Kubernetes API server"
+}
+
+variable "cluster_certificate_authority_data" {
+  type        = string
+  description = "Base64 encoded certificate data required to communicate with the cluster"
+}

modules/eks-auth/versions.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.8.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.4.0"
+    }
+  }
+}