Add EKS cluster infrastructure with VPC, subnets, and node groups

README.md

@@ -1 +1 @@
-# terraformcode
+# terraform_code

eks/main.tf

@@ -1,60 +1,301 @@
+# Configure AWS Provider
 provider "aws" {
   region = "us-east-1"
 }
 
+# ============================================
+# VPC Configuration
+# ============================================
+
 # Create VPC
 resource "aws_vpc" "eks_vpc" {
-  cidr_block = "10.0.0.0/16"
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = {
+    Name = "eks-vpc"
+  }
+}
+
+# Create Internet Gateway
+resource "aws_internet_gateway" "eks_igw" {
+  vpc_id = aws_vpc.eks_vpc.id
+
+  tags = {
+    Name = "eks-igw"
+  }
 }
 
-# Create Subnets
+# Create Route Table
+resource "aws_route_table" "eks_rt" {
+  vpc_id = aws_vpc.eks_vpc.id
+
+  route {
+    cidr_block      = "0.0.0.0/0"
+    gateway_id      = aws_internet_gateway.eks_igw.id
+  }
+
+  tags = {
+    Name = "eks-rt"
+  }
+}
+
+# ============================================
+# Subnets Configuration
+# ============================================
+
+# Create Subnet A
 resource "aws_subnet" "eks_subnet_a" {
-  vpc_id            = aws_vpc.eks_vpc.id
-  cidr_block        = "10.0.1.0/24"
-  availability_zone = "us-east-1a"
+  vpc_id                  = aws_vpc.eks_vpc.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "eks-subnet-a"
+  }
 }
 
+# Create Subnet B
 resource "aws_subnet" "eks_subnet_b" {
-  vpc_id            = aws_vpc.eks_vpc.id
-  cidr_block        = "10.0.2.0/24"
-  availability_zone = "us-east-1b"
+  vpc_id                  = aws_vpc.eks_vpc.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone       = "us-east-1b"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "eks-subnet-b"
+  }
 }
 
-# Create IAM Role for EKS Cluster
+# Associate Subnets with Route Table
+resource "aws_route_table_association" "eks_rta_a" {
+  subnet_id      = aws_subnet.eks_subnet_a.id
+  route_table_id = aws_route_table.eks_rt.id
+}
+
+resource "aws_route_table_association" "eks_rta_b" {
+  subnet_id      = aws_subnet.eks_subnet_b.id
+  route_table_id = aws_route_table.eks_rt.id
+}
+
+# ============================================
+# Security Groups
+# ============================================
+
+# Security Group for EKS Cluster
+resource "aws_security_group" "eks_cluster_sg" {
+  name        = "eks-cluster-sg"
+  description = "Security group for EKS cluster"
+  vpc_id      = aws_vpc.eks_vpc.id
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "eks-cluster-sg"
+  }
+}
+
+# Security Group for EKS Nodes
+resource "aws_security_group" "eks_node_sg" {
+  name        = "eks-node-sg"
+  description = "Security group for EKS nodes"
+  vpc_id      = aws_vpc.eks_vpc.id
+
+  ingress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "eks-node-sg"
+  }
+}
+
+# ============================================
+# IAM Roles and Policies - EKS Cluster
+# ============================================
+
+# IAM Role for EKS Cluster
 resource "aws_iam_role" "eks_cluster_role" {
   name = "eks-cluster-role"
 
   assume_role_policy = jsonencode({
-    Version = "2012-10-17",
+    Version = "2012-10-17"
     Statement = [{
-      Action = "sts:AssumeRole",
-      Effect = "Allow",
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
       Principal = {
         Service = "eks.amazonaws.com"
       }
     }]
   })
+
+  tags = {
+    Name = "eks-cluster-role"
+  }
 }
 
-# Attach EKS Policy to IAM Role
+# Attach EKS Cluster Policy
 resource "aws_iam_role_policy_attachment" "eks_cluster_policy" {
   role       = aws_iam_role.eks_cluster_role.name
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
 }
 
-# Create EKS Cluster
-resource "aws_eks_cluster" "example" {
+# Attach VPC Resource Controller Policy
+resource "aws_iam_role_policy_attachment" "eks_vpc_resource_controller" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+}
+
+# ============================================
+# IAM Roles and Policies - Node Group
+# ============================================
+
+# IAM Role for Node Group
+resource "aws_iam_role" "eks_node_role" {
+  name = "eks-node-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = {
+        Service = "ec2.amazonaws.com"
+      }
+    }]
+  })
+
+  tags = {
+    Name = "eks-node-role"
+  }
+}
+
+# Attach EKS Worker Node Policy
+resource "aws_iam_role_policy_attachment" "eks_worker_node_policy" {
+  role       = aws_iam_role.eks_node_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+}
+
+# Attach EKS CNI Policy
+resource "aws_iam_role_policy_attachment" "eks_cni_policy" {
+  role       = aws_iam_role.eks_node_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+}
+
+# Attach ECR Read Only Policy
+resource "aws_iam_role_policy_attachment" "eks_registry_policy" {
+  role       = aws_iam_role.eks_node_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
+# ============================================
+# EKS Cluster
+# ============================================
+
+resource "aws_eks_cluster" "main" {
   name     = "my-eks-cluster"
   role_arn = aws_iam_role.eks_cluster_role.arn
+  version  = "1.33"
 
   vpc_config {
-    subnet_ids = [
-      aws_subnet.eks_subnet_a.id,
-      aws_subnet.eks_subnet_b.id,
-    ]
+    subnet_ids              = [aws_subnet.eks_subnet_a.id, aws_subnet.eks_subnet_b.id]
+    security_group_ids      = [aws_security_group.eks_cluster_sg.id]
+    endpoint_private_access = true
+    endpoint_public_access  = true
   }
 
+  # Enable Control Plane Logging
+  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
+
   depends_on = [
     aws_iam_role_policy_attachment.eks_cluster_policy,
+    aws_iam_role_policy_attachment.eks_vpc_resource_controller,
   ]
+
+  tags = {
+    Name = "my-eks-cluster"
+  }
+}
+
+# ============================================
+# EKS Node Group
+# ============================================
+
+resource "aws_eks_node_group" "main" {
+  cluster_name    = aws_eks_cluster.main.name
+  node_group_name = "my-node-group"
+  node_role_arn   = aws_iam_role.eks_node_role.arn
+  subnet_ids      = [aws_subnet.eks_subnet_a.id, aws_subnet.eks_subnet_b.id]
+  version         = "1.33"
+
+  scaling_config {
+    desired_size = 2
+    max_size     = 4
+    min_size     = 1
+  }
+
+  instance_types = ["t3.medium"]
+
+  disk_size = 20
+
+  tags = {
+    Name = "my-node-group"
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.eks_worker_node_policy,
+    aws_iam_role_policy_attachment.eks_cni_policy,
+    aws_iam_role_policy_attachment.eks_registry_policy,
+  ]
+}
+
+# ============================================
+# Outputs
+# ============================================
+
+output "cluster_id" {
+  description = "EKS cluster ID"
+  value       = aws_eks_cluster.main.id
+}
+
+output "cluster_arn" {
+  description = "EKS cluster ARN"
+  value       = aws_eks_cluster.main.arn
+}
+
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane"
+  value       = aws_eks_cluster.main.endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ID attached to the EKS cluster"
+  value       = aws_security_group.eks_cluster_sg.id
+}
+
+output "node_group_id" {
+  description = "EKS node group ID"
+  value       = aws_eks_node_group.main.id
+}
+
+output "node_group_status" {
+  description = "Status of the EKS node group"
+  value       = aws_eks_node_group.main.status
 }