Difference between revisions of "Terraform EKS: terraform apply"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
  
  [[Terraform EKS]]: terraform apply
+
  [[Terraform EKS]]: [[terraform apply]]
 
  .../...
 
  .../...
 
   + resource "[[aws_security_group]]" "worker_group_mgmt_one" {
 
   + resource "[[aws_security_group]]" "worker_group_mgmt_one" {
Line 463: Line 463:
 
     }
 
     }
  
   # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy[0] will be created
+
   # module.eks.aws_iam_role_policy_attachment.cluster_[[AmazonEKSServicePolicy]][0] will be created
 
   + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
 
   + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
 
       + id        = (known after apply)
 
       + id        = (known after apply)
Line 896: Line 896:
 
       + id                              = (known after apply)
 
       + id                              = (known after apply)
 
       + ipv6_cidr_block_association_id  = (known after apply)
 
       + ipv6_cidr_block_association_id  = (known after apply)
       + map_public_ip_on_launch        = false
+
       + [[map_public_ip_on_launch]]         = false
 
       + owner_id                        = (known after apply)
 
       + owner_id                        = (known after apply)
 
       + tags                            = (known after apply)
 
       + tags                            = (known after apply)
Line 1,047: Line 1,047:
 
* <code>[[terraform show]]</code>
 
* <code>[[terraform show]]</code>
 
* <code>[[terraform plan]]</code>
 
* <code>[[terraform plan]]</code>
 +
* [[Deploy EKS cluster using Terraform]]
  
 
== See also ==
 
== See also ==

Latest revision as of 18:33, 10 June 2022

Terraform EKS: terraform apply
.../...
 + resource "aws_security_group" "worker_group_mgmt_one" {
     + arn                    = (known after apply)
     + description            = "Managed by Terraform"
     + egress                 = (known after apply)
     + id                     = (known after apply)
     + ingress                = [
         + {
             + cidr_blocks      = [
                 + "10.0.0.0/8",
               ]
             + description      = ""
             + from_port        = 22
             + ipv6_cidr_blocks = []
             + prefix_list_ids  = []
             + protocol         = "tcp"
             + security_groups  = []
             + self             = false
             + to_port          = 22
           },
       ]
     + name                   = (known after apply)
     + name_prefix            = "worker_group_mgmt_one"
     + owner_id               = (known after apply)
     + revoke_rules_on_delete = false
     + tags_all               = (known after apply)
     + vpc_id                 = (known after apply)
   }
 # aws_security_group.worker_group_mgmt_two will be created
 + resource "aws_security_group" "worker_group_mgmt_two" {
     + arn                    = (known after apply)
     + description            = "Managed by Terraform"
     + egress                 = (known after apply)
     + id                     = (known after apply)
     + ingress                = [
         + {
             + cidr_blocks      = [
                 + "192.168.0.0/16",
               ]
             + description      = ""
             + from_port        = 22
             + ipv6_cidr_blocks = []
             + prefix_list_ids  = []
             + protocol         = "tcp"
             + security_groups  = []
             + self             = false
             + to_port          = 22
           },
       ]
     + name                   = (known after apply)
     + name_prefix            = "worker_group_mgmt_two"
     + owner_id               = (known after apply)
     + revoke_rules_on_delete = false
     + tags_all               = (known after apply)
     + vpc_id                 = (known after apply)
   }
 # random_string.suffix will be created
 + resource "random_string" "suffix" {
     + id          = (known after apply)
     + length      = 8
     + lower       = true
     + min_lower   = 0
     + min_numeric = 0
     + min_special = 0
     + min_upper   = 0
     + number      = true
     + result      = (known after apply)
     + special     = false
     + upper       = true
   }
 # module.eks.data.http.wait_for_cluster[0] will be read during apply
 # (config refers to values not yet known)
<= data "http" "wait_for_cluster"  {
     + body             = (known after apply)
     + ca_certificate   = (known after apply)
     + id               = (known after apply)
     + response_headers = (known after apply)
     + timeout          = 300
     + url              = (known after apply)
   }
 # module.eks.aws_autoscaling_group.workers[0] will be created
 + resource "aws_autoscaling_group" "workers" {
     + arn                       = (known after apply)
     + availability_zones        = (known after apply)
     + capacity_rebalance        = false
     + default_cooldown          = (known after apply)
     + desired_capacity          = 2
     + force_delete              = false
     + force_delete_warm_pool    = false
     + health_check_grace_period = 300
     + health_check_type         = (known after apply)
     + id                        = (known after apply)
     + launch_configuration      = (known after apply)
     + max_instance_lifetime     = 0
     + max_size                  = 3
     + metrics_granularity       = "1Minute"
     + min_size                  = 1
     + name                      = (known after apply)
     + name_prefix               = (known after apply)
     + protect_from_scale_in     = false
     + service_linked_role_arn   = (known after apply)
     + suspended_processes       = [
         + "AZRebalance",
       ]
     + termination_policies      = []
     + vpc_zone_identifier       = (known after apply)
     + wait_for_capacity_timeout = "10m"
     + tag {
         + key                 = "Environment"
         + propagate_at_launch = true
         + value               = "training"
       }
     + tag {
         + key                 = "GithubOrg"
         + propagate_at_launch = true
         + value               = "terraform-aws-modules"
       }
     + tag {
         + key                 = "GithubRepo"
         + propagate_at_launch = true
         + value               = "terraform-aws-eks"
       }
     + tag {
         + key                 = "Name"
         + propagate_at_launch = true
         + value               = (known after apply)
       }
     + tag {
         + key                 = (known after apply)
         + propagate_at_launch = true
         + value               = "owned"
       }
     + tag {
         + key                 = (known after apply)
         + propagate_at_launch = true
         + value               = "owned"
       }
   }
 # module.eks.aws_autoscaling_group.workers[1] will be created
 + resource "aws_autoscaling_group" "workers" {
     + arn                       = (known after apply)
     + availability_zones        = (known after apply)
     + capacity_rebalance        = false
     + default_cooldown          = (known after apply)
     + desired_capacity          = 1
     + force_delete              = false
     + force_delete_warm_pool    = false
     + health_check_grace_period = 300
     + health_check_type         = (known after apply)
     + id                        = (known after apply)
     + launch_configuration      = (known after apply)
     + max_instance_lifetime     = 0
     + max_size                  = 3
     + metrics_granularity       = "1Minute"
     + min_size                  = 1
     + name                      = (known after apply)
     + name_prefix               = (known after apply)
     + protect_from_scale_in     = false
     + service_linked_role_arn   = (known after apply)
     + suspended_processes       = [
         + "AZRebalance",
       ]
     + termination_policies      = []
     + vpc_zone_identifier       = (known after apply)
     + wait_for_capacity_timeout = "10m"
     + tag {
         + key                 = "Environment"
         + propagate_at_launch = true
         + value               = "training"
       }
     + tag {
         + key                 = "GithubOrg"
         + propagate_at_launch = true
         + value               = "terraform-aws-modules"
       }
     + tag {
         + key                 = "GithubRepo"
         + propagate_at_launch = true
         + value               = "terraform-aws-eks"
       }
     + tag {
         + key                 = "Name"
         + propagate_at_launch = true
         + value               = (known after apply)
       }
     + tag {
         + key                 = (known after apply)
         + propagate_at_launch = true
         + value               = "owned"
       }
     + tag {
         + key                 = (known after apply)
         + propagate_at_launch = true
         + value               = "owned"
       }
   }
 # module.eks.aws_eks_cluster.this[0] will be created
 + resource "aws_eks_cluster" "this" {
     + arn                   = (known after apply)
     + certificate_authority = (known after apply)
     + created_at            = (known after apply)
     + endpoint              = (known after apply)
     + id                    = (known after apply)
     + identity              = (known after apply)
     + name                  = (known after apply)
     + platform_version      = (known after apply)
     + role_arn              = (known after apply)
     + status                = (known after apply)
     + tags                  = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all              = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + version               = "1.20"
     + kubernetes_network_config {
         + service_ipv4_cidr = (known after apply)
       }
     + timeouts {
         + create = "30m"
         + delete = "15m"
         + update = "60m"
       }
     + vpc_config {
         + cluster_security_group_id = (known after apply)
         + endpoint_private_access   = false
         + endpoint_public_access    = true
         + public_access_cidrs       = [
             + "0.0.0.0/0",
           ]
         + security_group_ids        = (known after apply)
         + subnet_ids                = (known after apply)
         + vpc_id                    = (known after apply)
       }
   }
 # module.eks.aws_iam_instance_profile.workers[0] will be created
 + resource "aws_iam_instance_profile" "workers" {
     + arn         = (known after apply)
     + create_date = (known after apply)
     + id          = (known after apply)
     + name        = (known after apply)
     + name_prefix = (known after apply)
     + path        = "/"
     + role        = (known after apply)
     + tags        = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all    = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + unique_id   = (known after apply)
   }
 # module.eks.aws_iam_instance_profile.workers[1] will be created
 + resource "aws_iam_instance_profile" "workers" {
     + arn         = (known after apply)
     + create_date = (known after apply)
     + id          = (known after apply)
     + name        = (known after apply)
     + name_prefix = (known after apply)
     + path        = "/"
     + role        = (known after apply)
     + tags        = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all    = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + unique_id   = (known after apply)
   }
 # module.eks.aws_iam_policy.cluster_deny_log_group[0] will be created
 + resource "aws_iam_policy" "cluster_deny_log_group" {
     + arn         = (known after apply)
     + description = "Deny CreateLogGroup"
     + id          = (known after apply)
     + name        = (known after apply)
     + name_prefix = (known after apply)
     + path        = "/"
     + policy      = jsonencode(
           {
             + Statement = [
                 + {
                     + Action   = "logs:CreateLogGroup"
                     + Effect   = "Deny"
                     + Resource = "*"
                     + Sid      = ""
                   },
               ]
             + Version   = "2012-10-17"
           }
       )
     + policy_id   = (known after apply)
     + tags        = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all    = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
   }
 # module.eks.aws_iam_policy.cluster_elb_sl_role_creation[0] will be created
 + resource "aws_iam_policy" "cluster_elb_sl_role_creation" {
     + arn         = (known after apply)
     + description = "Permissions for EKS to create AWSServiceRoleForElasticLoadBalancing service-linked role"
     + id          = (known after apply)
     + name        = (known after apply)
     + name_prefix = (known after apply)
     + path        = "/"
     + policy      = jsonencode(
           {
             + Statement = [
                 + {
                     + Action   = [
                         + "ec2:DescribeInternetGateways",
                         + "ec2:DescribeAddresses",
                         + "ec2:DescribeAccountAttributes",
                       ]
                     + Effect   = "Allow"
                     + Resource = "*"
                     + Sid      = ""
                   },
               ]
             + Version   = "2012-10-17"
           }
       )
     + policy_id   = (known after apply)
     + tags        = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all    = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
   }
 # module.eks.aws_iam_role.cluster[0] will be created
 + resource "aws_iam_role" "cluster" {
     + arn                   = (known after apply)
     + assume_role_policy    = jsonencode(
           {
             + Statement = [
                 + {
                     + Action    = "sts:AssumeRole"
                     + Effect    = "Allow"
                     + Principal = {
                         + Service = "eks.amazonaws.com"
                       }
                     + Sid       = "EKSClusterAssumeRole"
                   },
               ]
             + Version   = "2012-10-17"
           }
       )
     + create_date           = (known after apply)
     + force_detach_policies = true
     + id                    = (known after apply)
     + managed_policy_arns   = (known after apply)
     + max_session_duration  = 3600
     + name                  = (known after apply)
     + name_prefix           = (known after apply)
     + path                  = "/"
     + tags                  = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all              = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + unique_id             = (known after apply)
     + inline_policy {
         + name   = (known after apply)
         + policy = (known after apply)
       }
   }
 # module.eks.aws_iam_role.workers[0] will be created
 + resource "aws_iam_role" "workers" {
     + arn                   = (known after apply)
     + assume_role_policy    = jsonencode(
           {
             + Statement = [
                 + {
                     + Action    = "sts:AssumeRole"
                     + Effect    = "Allow"
                     + Principal = {
                         + Service = "ec2.amazonaws.com"
                       }
                     + Sid       = "EKSWorkerAssumeRole"
                   },
               ]
             + Version   = "2012-10-17"
           }
       )
     + create_date           = (known after apply)
     + force_detach_policies = true
     + id                    = (known after apply)
     + managed_policy_arns   = (known after apply)
     + max_session_duration  = 3600
     + name                  = (known after apply)
     + name_prefix           = (known after apply)
     + path                  = "/"
     + tags                  = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + tags_all              = {
         + "Environment" = "training"
         + "GithubOrg"   = "terraform-aws-modules"
         + "GithubRepo"  = "terraform-aws-eks"
       }
     + unique_id             = (known after apply)
     + inline_policy {
         + name   = (known after apply)
         + policy = (known after apply)
       }
   }
 # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceControllerPolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSVPCResourceControllerPolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.cluster_deny_log_group[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_deny_log_group" {
     + id         = (known after apply)
     + policy_arn = (known after apply)
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.cluster_elb_sl_role_creation[0] will be created
 + resource "aws_iam_role_policy_attachment" "cluster_elb_sl_role_creation" {
     + id         = (known after apply)
     + policy_arn = (known after apply)
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly[0] will be created
 + resource "aws_iam_role_policy_attachment" "workers_AmazonEC2ContainerRegistryReadOnly" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy[0] will be created
 + resource "aws_iam_role_policy_attachment" "workers_AmazonEKSWorkerNodePolicy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
     + role       = (known after apply)
   }
 # module.eks.aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy[0] will be created
 + resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" {
     + id         = (known after apply)
     + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
     + role       = (known after apply)
   }
 # module.eks.aws_launch_configuration.workers[0] will be created
 + resource "aws_launch_configuration" "workers" {
     + arn                         = (known after apply)
     + associate_public_ip_address = false
     + ebs_optimized               = false
     + enable_monitoring           = true
     + iam_instance_profile        = (known after apply)
     + id                          = (known after apply)
     + image_id                    = "ami-0c9f07c8fbe372099"
     + instance_type               = "t2.small"
     + key_name                    = (known after apply)
     + name                        = (known after apply)
     + name_prefix                 = (known after apply)
     + security_groups             = (known after apply)
     + user_data_base64            = (known after apply)
     + ebs_block_device {
         + delete_on_termination = (known after apply)
         + device_name           = (known after apply)
         + encrypted             = (known after apply)
         + iops                  = (known after apply)
         + no_device             = (known after apply)
         + snapshot_id           = (known after apply)
         + throughput            = (known after apply)
         + volume_size           = (known after apply)
         + volume_type           = (known after apply)
       }
     + metadata_options {
         + http_endpoint               = "enabled"
         + http_put_response_hop_limit = (known after apply)
         + http_tokens                 = "optional"
       }
     + root_block_device {
         + delete_on_termination = true
         + encrypted             = false
         + iops                  = 0
         + throughput            = (known after apply)
         + volume_size           = 100
         + volume_type           = "gp2"
       }
   }
 # module.eks.aws_launch_configuration.workers[1] will be created
 + resource "aws_launch_configuration" "workers" {
     + arn                         = (known after apply)
     + associate_public_ip_address = false
     + ebs_optimized               = false
     + enable_monitoring           = true
     + iam_instance_profile        = (known after apply)
     + id                          = (known after apply)
     + image_id                    = "ami-0c9f07c8fbe372099"
     + instance_type               = "t2.medium"
     + key_name                    = (known after apply)
     + name                        = (known after apply)
     + name_prefix                 = (known after apply)
     + security_groups             = (known after apply)
     + user_data_base64            = (known after apply)
     + ebs_block_device {
         + delete_on_termination = (known after apply)
         + device_name           = (known after apply)
         + encrypted             = (known after apply)
         + iops                  = (known after apply)
         + no_device             = (known after apply)
         + snapshot_id           = (known after apply)
         + throughput            = (known after apply)
         + volume_size           = (known after apply)
         + volume_type           = (known after apply)
       }
     + metadata_options {
         + http_endpoint               = "enabled"
         + http_put_response_hop_limit = (known after apply)
         + http_tokens                 = "optional"
       }
     + root_block_device {
         + delete_on_termination = true
         + encrypted             = false
         + iops                  = 0
         + throughput            = (known after apply)
         + volume_size           = 100
         + volume_type           = "gp2"
       }
   }
 # module.eks.aws_security_group.cluster[0] will be created
 + resource "aws_security_group" "cluster" {
     + arn                    = (known after apply)
     + description            = "EKS cluster security group."
     + egress                 = (known after apply)
     + id                     = (known after apply)
     + ingress                = (known after apply)
     + name                   = (known after apply)
     + name_prefix            = (known after apply)
     + owner_id               = (known after apply)
     + revoke_rules_on_delete = false
     + tags                   = (known after apply)
     + tags_all               = (known after apply)
     + vpc_id                 = (known after apply)
   }
 # module.eks.aws_security_group.workers[0] will be created
 + resource "aws_security_group" "workers" {
     + arn                    = (known after apply)
     + description            = "Security group for all nodes in the cluster."
     + egress                 = (known after apply)
     + id                     = (known after apply)
     + ingress                = (known after apply)
     + name                   = (known after apply)
     + name_prefix            = (known after apply)
     + owner_id               = (known after apply)
     + revoke_rules_on_delete = false
     + tags                   = (known after apply)
     + tags_all               = (known after apply)
     + vpc_id                 = (known after apply)
   }
 # module.eks.aws_security_group_rule.cluster_egress_internet[0] will be created
 + resource "aws_security_group_rule" "cluster_egress_internet" {
     + cidr_blocks              = [
         + "0.0.0.0/0",
       ]
     + description              = "Allow cluster egress access to the Internet."
     + from_port                = 0
     + id                       = (known after apply)
     + protocol                 = "-1"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 0
     + type                     = "egress"
   }
 # module.eks.aws_security_group_rule.cluster_https_worker_ingress[0] will be created
 + resource "aws_security_group_rule" "cluster_https_worker_ingress" {
     + description              = "Allow pods to communicate with the EKS cluster API."
     + from_port                = 443
     + id                       = (known after apply)
     + protocol                 = "tcp"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 443
     + type                     = "ingress"
   }
 # module.eks.aws_security_group_rule.workers_egress_internet[0] will be created
 + resource "aws_security_group_rule" "workers_egress_internet" {
     + cidr_blocks              = [
         + "0.0.0.0/0",
       ]
     + description              = "Allow nodes all egress to the Internet."
     + from_port                = 0
     + id                       = (known after apply)
     + protocol                 = "-1"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 0
     + type                     = "egress"
   }
 # module.eks.aws_security_group_rule.workers_ingress_cluster[0] will be created
 + resource "aws_security_group_rule" "workers_ingress_cluster" {
     + description              = "Allow workers pods to receive communication from the cluster control plane."
     + from_port                = 1025
     + id                       = (known after apply)
     + protocol                 = "tcp"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 65535
     + type                     = "ingress"
   }
 # module.eks.aws_security_group_rule.workers_ingress_cluster_https[0] will be created
 + resource "aws_security_group_rule" "workers_ingress_cluster_https" {
     + description              = "Allow pods running extension API servers on port 443 to receive communication from cluster control plane."
     + from_port                = 443
     + id                       = (known after apply)
     + protocol                 = "tcp"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 443
     + type                     = "ingress"
   }
 # module.eks.aws_security_group_rule.workers_ingress_self[0] will be created
 + resource "aws_security_group_rule" "workers_ingress_self" {
     + description              = "Allow node to communicate with each other."
     + from_port                = 0
     + id                       = (known after apply)
     + protocol                 = "-1"
     + security_group_id        = (known after apply)
     + self                     = false
     + source_security_group_id = (known after apply)
     + to_port                  = 65535
     + type                     = "ingress"
   }
 # module.eks.kubernetes_config_map.aws_auth[0] will be created
 + resource "kubernetes_config_map" "aws_auth" {
     + data = (known after apply)
     + id   = (known after apply)
     + metadata {
         + generation       = (known after apply)
         + labels           = {
             + "app.kubernetes.io/managed-by" = "Terraform"
             + "terraform.io/module"          = "terraform-aws-modules.eks.aws"
           }
         + name             = "aws-auth"
         + namespace        = "kube-system"
         + resource_version = (known after apply)
         + uid              = (known after apply)
       }
   }
 # module.eks.local_file.kubeconfig[0] will be created
 + resource "local_file" "kubeconfig" {
     + content              = (known after apply)
     + directory_permission = "0755"
     + file_permission      = "0600"
     + filename             = (known after apply)
     + id                   = (known after apply)
   }
 # module.vpc.aws_eip.nat[0] will be created
 + resource "aws_eip" "nat" {
     + allocation_id        = (known after apply)
     + association_id       = (known after apply)
     + carrier_ip           = (known after apply)
     + customer_owned_ip    = (known after apply)
     + domain               = (known after apply)
     + id                   = (known after apply)
     + instance             = (known after apply)
     + network_border_group = (known after apply)
     + network_interface    = (known after apply)
     + private_dns          = (known after apply)
     + private_ip           = (known after apply)
     + public_dns           = (known after apply)
     + public_ip            = (known after apply)
     + public_ipv4_pool     = (known after apply)
     + tags                 = (known after apply)
     + tags_all             = (known after apply)
     + vpc                  = true
   }
 # module.vpc.aws_internet_gateway.this[0] will be created
 + resource "aws_internet_gateway" "this" {
     + arn      = (known after apply)
     + id       = (known after apply)
     + owner_id = (known after apply)
     + tags     = (known after apply)
     + tags_all = (known after apply)
     + vpc_id   = (known after apply)
   }
 # module.vpc.aws_nat_gateway.this[0] will be created
 + resource "aws_nat_gateway" "this" {
     + allocation_id        = (known after apply)
     + connectivity_type    = "public"
     + id                   = (known after apply)
     + network_interface_id = (known after apply)
     + private_ip           = (known after apply)
     + public_ip            = (known after apply)
     + subnet_id            = (known after apply)
     + tags                 = (known after apply)
     + tags_all             = (known after apply)
   }
 # module.vpc.aws_route.private_nat_gateway[0] will be created
 + resource "aws_route" "private_nat_gateway" {
     + destination_cidr_block = "0.0.0.0/0"
     + id                     = (known after apply)
     + instance_id            = (known after apply)
     + instance_owner_id      = (known after apply)
     + nat_gateway_id         = (known after apply)
     + network_interface_id   = (known after apply)
     + origin                 = (known after apply)
     + route_table_id         = (known after apply)
     + state                  = (known after apply)
     + timeouts {
         + create = "5m"
       }
   }
 # module.vpc.aws_route.public_internet_gateway[0] will be created
 + resource "aws_route" "public_internet_gateway" {
     + destination_cidr_block = "0.0.0.0/0"
     + gateway_id             = (known after apply)
     + id                     = (known after apply)
     + instance_id            = (known after apply)
     + instance_owner_id      = (known after apply)
     + network_interface_id   = (known after apply)
     + origin                 = (known after apply)
     + route_table_id         = (known after apply)
     + state                  = (known after apply)
     + timeouts {
         + create = "5m"
       }
   }
 # module.vpc.aws_route_table.private[0] will be created
 + resource "aws_route_table" "private" {
     + arn              = (known after apply)
     + id               = (known after apply)
     + owner_id         = (known after apply)
     + propagating_vgws = (known after apply)
     + route            = (known after apply)
     + tags             = (known after apply)
     + tags_all         = (known after apply)
     + vpc_id           = (known after apply)
   }
 # module.vpc.aws_route_table.public[0] will be created
 + resource "aws_route_table" "public" {
     + arn              = (known after apply)
     + id               = (known after apply)
     + owner_id         = (known after apply)
     + propagating_vgws = (known after apply)
     + route            = (known after apply)
     + tags             = (known after apply)
     + tags_all         = (known after apply)
     + vpc_id           = (known after apply)
   }
 # module.vpc.aws_route_table_association.private[0] will be created
 + resource "aws_route_table_association" "private" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_route_table_association.private[1] will be created
 + resource "aws_route_table_association" "private" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_route_table_association.private[2] will be created
 + resource "aws_route_table_association" "private" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_route_table_association.public[0] will be created
 + resource "aws_route_table_association" "public" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_route_table_association.public[1] will be created
 + resource "aws_route_table_association" "public" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_route_table_association.public[2] will be created
 + resource "aws_route_table_association" "public" {
     + id             = (known after apply)
     + route_table_id = (known after apply)
     + subnet_id      = (known after apply)
   }
 # module.vpc.aws_subnet.private[0] will be created
 + resource "aws_subnet" "private" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2a"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.1.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = false
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_subnet.private[1] will be created
 + resource "aws_subnet" "private" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2b"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.2.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = false
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_subnet.private[2] will be created
 + resource "aws_subnet" "private" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2c"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.3.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = false
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_subnet.public[0] will be created
 + resource "aws_subnet" "public" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2a"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.4.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = true
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_subnet.public[1] will be created
 + resource "aws_subnet" "public" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2b"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.5.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = true
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_subnet.public[2] will be created
 + resource "aws_subnet" "public" {
     + arn                             = (known after apply)
     + assign_ipv6_address_on_creation = false
     + availability_zone               = "us-east-2c"
     + availability_zone_id            = (known after apply)
     + cidr_block                      = "10.0.6.0/24"
     + id                              = (known after apply)
     + ipv6_cidr_block_association_id  = (known after apply)
     + map_public_ip_on_launch         = true
     + owner_id                        = (known after apply)
     + tags                            = (known after apply)
     + tags_all                        = (known after apply)
     + vpc_id                          = (known after apply)
   }
 # module.vpc.aws_vpc.this[0] will be created
 + resource "aws_vpc" "this" {
     + arn                              = (known after apply)
     + assign_generated_ipv6_cidr_block = false
     + cidr_block                       = "10.0.0.0/16"
     + default_network_acl_id           = (known after apply)
     + default_route_table_id           = (known after apply)
     + default_security_group_id        = (known after apply)
     + dhcp_options_id                  = (known after apply)
     + enable_classiclink               = (known after apply)
     + enable_classiclink_dns_support   = (known after apply)
     + enable_dns_hostnames             = true
     + enable_dns_support               = true
     + id                               = (known after apply)
     + instance_tenancy                 = "default"
     + ipv6_association_id              = (known after apply)
     + ipv6_cidr_block                  = (known after apply)
     + main_route_table_id              = (known after apply)
     + owner_id                         = (known after apply)
     + tags                             = (known after apply)
     + tags_all                         = (known after apply)
   }

Plan: 53 to add, 0 to change, 0 to destroy.

Changes to Outputs:

 + cluster_endpoint          = (known after apply)
 + cluster_id                = (known after apply)
 + cluster_name              = (known after apply)
 + cluster_security_group_id = (known after apply)
 + config_map_aws_auth       = [
     + {
         + binary_data = null
         + data        = (known after apply)
         + id          = (known after apply)
         + metadata    = [
             + {
                 + annotations      = null
                 + generate_name    = null
                 + generation       = (known after apply)
                 + labels           = {
                     + "app.kubernetes.io/managed-by" = "Terraform"
                     + "terraform.io/module"          = "terraform-aws-modules.eks.aws"
                   }
                 + name             = "aws-auth"
                 + namespace        = "kube-system"
                 + resource_version = (known after apply)
                 + uid              = (known after apply)
               },
           ]
       },
   ]
 + kubectl_config            = (known after apply)
 + region                    = "us-east-2"

Do you want to perform these actions?

 Terraform will perform the actions described above.
 Only 'yes' will be accepted to approve.
 Enter a value:

Related[edit]

See also[edit]

Advertising: