diff --git a/README.md b/README.md
index 6a2517b1..45bfbda0 100644
--- a/README.md
+++ b/README.md
@@ -396,6 +396,7 @@ Available targets:
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_eks_addon.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
| [aws_eks_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource |
| [aws_iam_openid_connect_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -423,6 +424,7 @@ Available targets:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [addons](#input\_addons) | Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources. | list(object({
addon_name = string
addon_version = string
resolve_conflicts = string
service_account_role_arn = string
})) | `[]` | no |
| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks to be allowed to connect to the EKS cluster | `list(string)` | `[]` | no |
| [allowed\_security\_groups](#input\_allowed\_security\_groups) | List of Security Group IDs to be allowed to connect to the EKS cluster | `list(string)` | `[]` | no |
| [apply\_config\_map\_aws\_auth](#input\_apply\_config\_map\_aws\_auth) | Whether to apply the ConfigMap to allow worker nodes to join the EKS cluster and allow additional users, accounts and roles to acces the cluster | `bool` | `true` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 7918d132..90720295 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -32,6 +32,7 @@
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_eks_addon.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
| [aws_eks_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource |
| [aws_iam_openid_connect_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -59,6 +60,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [addons](#input\_addons) | Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources. | list(object({
addon_name = string
addon_version = string
resolve_conflicts = string
service_account_role_arn = string
})) | `[]` | no |
| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks to be allowed to connect to the EKS cluster | `list(string)` | `[]` | no |
| [allowed\_security\_groups](#input\_allowed\_security\_groups) | List of Security Group IDs to be allowed to connect to the EKS cluster | `list(string)` | `[]` | no |
| [apply\_config\_map\_aws\_auth](#input\_apply\_config\_map\_aws\_auth) | Whether to apply the ConfigMap to allow worker nodes to join the EKS cluster and allow additional users, accounts and roles to acces the cluster | `bool` | `true` | no |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 93f17790..9c3d8769 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -29,3 +29,12 @@ disk_size = 20
kubernetes_labels = {}
cluster_encryption_config_enabled = true
+
+addons = [
+ {
+ addon_name = "vpc-cni"
+ addon_version = null
+ resolve_conflicts = "NONE"
+ service_account_role_arn = null
+ }
+]
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 69609ca7..9bdfa8b0 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -78,6 +78,8 @@ module "eks_cluster" {
cluster_encryption_config_kms_key_policy = var.cluster_encryption_config_kms_key_policy
cluster_encryption_config_resources = var.cluster_encryption_config_resources
+ addons = var.addons
+
context = module.this.context
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 382e9319..69b3e01f 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -134,3 +134,14 @@ variable "cluster_encryption_config_resources" {
default = ["secrets"]
description = "Cluster Encryption Config Resources to encrypt, e.g. ['secrets']"
}
+
+variable "addons" {
+ type = list(object({
+ addon_name = string
+ addon_version = string
+ resolve_conflicts = string
+ service_account_role_arn = string
+ }))
+ default = []
+ description = "Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources."
+}
diff --git a/main.tf b/main.tf
index 68aaa153..64a7b490 100644
--- a/main.tf
+++ b/main.tf
@@ -91,15 +91,30 @@ resource "aws_eks_cluster" "default" {
#
data "tls_certificate" "cluster" {
- count = (local.enabled && var.oidc_provider_enabled) ? 1 : 0
+ count = local.enabled && var.oidc_provider_enabled ? 1 : 0
url = join("", aws_eks_cluster.default.*.identity.0.oidc.0.issuer)
}
resource "aws_iam_openid_connect_provider" "default" {
- count = (local.enabled && var.oidc_provider_enabled) ? 1 : 0
+ count = local.enabled && var.oidc_provider_enabled ? 1 : 0
url = join("", aws_eks_cluster.default.*.identity.0.oidc.0.issuer)
tags = module.label.tags
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [join("", data.tls_certificate.cluster.*.certificates.0.sha1_fingerprint)]
}
+
+resource "aws_eks_addon" "cluster" {
+ for_each = local.enabled ? {
+ for addon in var.addons :
+ addon.addon_name => addon
+ } : {}
+
+ cluster_name = join("", aws_eks_cluster.default.*.name)
+ addon_name = each.key
+ addon_version = lookup(each.value, "addon_version", null)
+ resolve_conflicts = lookup(each.value, "resolve_conflicts", null)
+ service_account_role_arn = lookup(each.value, "service_account_role_arn", null)
+
+ tags = module.label.tags
+}
diff --git a/variables.tf b/variables.tf
index e5a3f437..e5329977 100644
--- a/variables.tf
+++ b/variables.tf
@@ -277,3 +277,14 @@ variable "dummy_kubeapi_server" {
via `kubeconfig_path` and set `kubeconfig_path_enabled` to `true`.
EOT
}
+
+variable "addons" {
+ type = list(object({
+ addon_name = string
+ addon_version = string
+ resolve_conflicts = string
+ service_account_role_arn = string
+ }))
+ default = []
+ description = "Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources."
+}