| attach_cluster_encryption_policy | Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | bool | false | |
| cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | false | |
| cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 90 days | number | false | |
| cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) | false | |
| cluster_addons | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with name | any | false | |
| cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | false | |
| cluster_encryption_config | Configuration block with encryption configuration for the cluster | list(object({\n provider_key_arn = string\n resources = list(string)\n })) | false | |
| cluster_encryption_policy_description | Description of the cluster encryption policy created | string | false | |
| cluster_encryption_policy_name | Name to use on cluster encryption policy created | string | false | |
| cluster_encryption_policy_path | Cluster encryption policy path | string | false | |
| cluster_encryption_policy_tags | A map of additional tags to add to the cluster encryption policy created | map(string) | false | |
| cluster_encryption_policy_use_name_prefix | Determines whether cluster encryption policy name (cluster_encryption_policy_name) is used as a prefix | string | false | |
| cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool | false | |
| cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool | false | |
| cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) | false | |
| cluster_iam_role_dns_suffix | Base DNS domain name for the current partition (e.g., amazonaws.com in AWS Commercial, amazonaws.com.cn in AWS China) | string | false | |
| cluster_identity_providers | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | any | false | |
| cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | string | false | |
| cluster_name | Name of the EKS cluster | string | false | |
| cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source | any | false | |
| cluster_security_group_description | Description of the cluster security group created | string | false | |
| cluster_security_group_id | Existing security group ID to be attached to the cluster. Required if create_cluster_security_group = false | string | false | |
| cluster_security_group_name | Name to use on cluster security group created | string | false | |
| cluster_security_group_tags | A map of additional tags to add to the cluster security group created | map(string) | false | |
| cluster_security_group_use_name_prefix | Determines whether cluster security group name (cluster_security_group_name) is used as a prefix | string | false | |
| cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | string | false | |
| cluster_tags | A map of additional tags to add to the cluster | map(string) | false | |
| cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false | |
| cluster_version | Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.21) | string | false | |
| create | Controls if EKS resources should be created (affects nearly all resources) | bool | false | |
| create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool | false | |
| create_cluster_security_group | Determines if a security group is created for the cluster or use the existing cluster_security_group_id | bool | false | |
| create_cni_ipv6_iam_policy | Determines whether to create an AmazonEKS_CNI_IPv6_Policy | bool | false | |
| create_iam_role | Determines whether a an IAM role is created or to use an existing IAM role | bool | false | |
| create_node_security_group | Determines whether to create a security group for the node groups or use the existing node_security_group_id | bool | false | |
| custom_oidc_thumbprints | Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s) | list(string) | false | |
| eks_managed_node_group_defaults | Map of EKS managed node group default configurations | any | false | |
| eks_managed_node_groups | Map of EKS managed node group definitions to create | any | false | |
| enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool | false | |
| fargate_profile_defaults | Map of Fargate Profile default configurations | any | false | |
| fargate_profiles | Map of Fargate Profile definitions to create | any | false | |
| iam_role_additional_policies | Additional policies to be added to the IAM role | list(string) | false | |
| iam_role_arn | Existing IAM role ARN for the cluster. Required if create_iam_role is set to false | string | false | |
| iam_role_description | Description of the role | string | false | |
| iam_role_name | Name to use on IAM role created | string | false | |
| iam_role_path | Cluster IAM role path | string | false | |
| iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string | false | |
| iam_role_tags | A map of additional tags to add to the IAM role created | map(string) | false | |
| iam_role_use_name_prefix | Determines whether the IAM role name (iam_role_name) is used as a prefix | string | false | |
| node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source | any | false | |
| node_security_group_description | Description of the node security group created | string | false | |
| node_security_group_id | ID of an existing security group to attach to the node groups created | string | false | |
| node_security_group_name | Name to use on node security group created | string | false | |
| node_security_group_tags | A map of additional tags to add to the node security group created | map(string) | false | |
| node_security_group_use_name_prefix | Determines whether node security group name (node_security_group_name) is used as a prefix | string | false | |
| openid_connect_audiences | List of OpenID Connect audience client IDs to add to the IRSA provider | list(string) | false | |
| prefix_separator | The separator to use between the prefix and the generated timestamp for resource names | string | false | |
| putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false | |
| self_managed_node_group_defaults | Map of self-managed node group default configurations | any | false | |
| self_managed_node_groups | Map of self-managed node group definitions to create | any | false | |
| subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) | false | |
| tags | A map of tags to add to all resources | map(string) | false | |
| vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string | false | |
| writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | writeConnectionSecretToRef | false | |