thoughtbot · clarissalimab · Aug 14, 2024 · Aug 14, 2024 · Aug 14, 2024 · Aug 14, 2024
@@ -101,10 +101,12 @@ module "cluster" {
 | <a name="input_k8s_version"></a> [k8s\_version](#input\_k8s\_version) | Kubernetes version to deploy | `string` | n/a | yes |
 | <a name="input_labels"></a> [labels](#input\_labels) | Labels to be applied to created resources | `map(string)` | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
+| <a name="input_metadata_options"></a> [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the cluster nodes | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
 | <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | <pre>map(object({<br>    capacity_type   = optional(string, "ON_DEMAND")<br>    instance_types  = list(string),<br>    max_size        = number<br>    max_unavailable = optional(number, 3)<br>    min_size        = number<br>  }))</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all created resources | `map(string)` | `{}` | no |
+| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | Optional user data script for the launch template | `map(string)` | `{}` | no |
 
 ## Outputs
 

@@ -41,18 +41,20 @@ module "node_groups" {
   for_each = var.node_groups
   source   = "./modules/eks-node-group"
 
-  capacity_type   = each.value.capacity_type
-  cluster         = module.eks_cluster.instance
-  instance_types  = each.value.instance_types
-  labels          = var.labels
-  max_size        = each.value.max_size
-  max_unavailable = each.value.max_unavailable
-  min_size        = each.value.min_size
-  name            = each.key
-  namespace       = [module.cluster_name.full]
-  role            = module.node_role.instance
-  subnets         = values(data.aws_subnet.private)
-  tags            = var.tags
+  capacity_type    = each.value.capacity_type
+  cluster          = module.eks_cluster.instance
+  instance_types   = each.value.instance_types
+  labels           = var.labels
+  max_size         = each.value.max_size
+  max_unavailable  = each.value.max_unavailable
+  metadata_options = var.metadata_options
+  min_size         = each.value.min_size
+  name             = each.key
+  namespace        = [module.cluster_name.full]
+  role             = module.node_role.instance
+  subnets          = values(data.aws_subnet.private)
+  tags             = var.tags
+  user_data        = lookup(var.user_data, each.key, null)
 
   depends_on = [module.node_role]
 }

@@ -17,6 +17,7 @@
 | Name | Type |
 |------|------|
 | [aws_eks_node_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource |
+| [aws_launch_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
 
 ## Inputs
 
@@ -29,12 +30,14 @@
 | <a name="input_labels"></a> [labels](#input\_labels) | Labels to be applied to created resources | `map(string)` | `{}` | no |
 | <a name="input_max_size"></a> [max\_size](#input\_max\_size) | Maximum number of nodes in this group | `number` | n/a | yes |
 | <a name="input_max_unavailable"></a> [max\_unavailable](#input\_max\_unavailable) | Maximum number of nodes that can be unavailable during a rolling update | `number` | `1` | no |
+| <a name="input_metadata_options"></a> [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the cluster nodes | `map(string)` | `{}` | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | Minimum number of nodes in this group | `number` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS node group | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
 | <a name="input_role"></a> [role](#input\_role) | IAM role nodes in this group will assume | `object({ arn = string })` | n/a | yes |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | Subnets in which the node group should run | `list(object({ id = string, availability_zone = string }))` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to created resources | `map(string)` | `{}` | no |
+| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | Optional user data script for the launch template | `string` | `null` | no |
 
 ## Outputs
 

@@ -8,6 +8,15 @@ resource "aws_eks_node_group" "this" {
   node_role_arn   = var.role.arn
   subnet_ids      = [each.value.id]
 
+  dynamic "launch_template" {
+    for_each = var.metadata_options != {} ? [aws_launch_template.this[0]] : []
+
+    content {
+      id      = launch_template.value.id
+      version = launch_template.value.latest_version
+    }
+  }
+
   scaling_config {
     desired_size = local.min_size_per_node_group
     max_size     = local.max_size_per_node_group
@@ -31,6 +40,24 @@ resource "aws_eks_node_group" "this" {
   }
 }
 
+# resource "aws_launch_template" "this" {
+#   count = var.user_data != null ? 1 : 0
+
+#   user_data = base64encode(var.user_data)
+# }
+
+resource "aws_launch_template" "this" {
+  count = var.metadata_options != {} ? 1 : 0
+
+  metadata_options {
+    http_endpoint               = lookup(var.metadata_options, "http_endpoint", "enabled")
+    http_tokens                 = lookup(var.metadata_options, "http_tokens", "optional")
+    http_put_response_hop_limit = lookup(var.metadata_options, "http_put_response_hop_limit", "2")
+    http_protocol_ipv6          = lookup(var.metadata_options, "http_protocol_ipv6", "disabled")
+    instance_metadata_tags      = lookup(var.metadata_options, "instance_metadata_tags", "disabled")
+  }
+}
+
 locals {
   min_size_per_node_group = ceil(var.min_size / 2)
   max_size_per_node_group = ceil(var.max_size / 2)
@@ -39,4 +66,6 @@ locals {
     var.subnets[*].availability_zone,
     var.subnets
   )
+
+
 }
@@ -69,3 +69,15 @@ variable "max_unavailable" {
   description = "Maximum number of nodes that can be unavailable during a rolling update"
   default     = 1
 }
+
+variable "user_data" {
+  type        = string
+  description = "Optional user data script for the launch template"
+  default     = null # Default to an empty string if no user data is provided
+}
+
+variable "metadata_options" {
+  type        = map(string)
+  description = "Customize the metadata options for the cluster nodes"
+  default     = {}
+}
@@ -20,6 +20,7 @@
 | [aws_iam_role_policy_attachment.ec2_container_registry_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.eks_cloudwatch_agent_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.eks_cni_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.eks_s3_instance_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.eks_ssm_instance_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.eks_worker_node_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.eks_xray_writeonly_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

@@ -34,6 +34,11 @@ resource "aws_iam_role_policy_attachment" "eks_cloudwatch_agent_policy" {
   role       = aws_iam_role.this.name
 }
 
+resource "aws_iam_role_policy_attachment" "eks_s3_instance_policy" {
+  policy_arn = "${local.policy_prefix}/AmazonS3ReadOnlyAccess"
+  role       = aws_iam_role.this.name
+}
+
 resource "aws_iam_role_policy_attachment" "eks_ssm_instance_policy" {
   policy_arn = "${local.policy_prefix}/AmazonSSMManagedInstanceCore"
   role       = aws_iam_role.this.name

@@ -61,3 +61,15 @@ variable "labels" {
   description = "Labels to be applied to created resources"
   default     = {}
 }
+
+variable "user_data" {
+  type        = map(string)
+  description = "Optional user data script for the launch template"
+  default     = {} # Default to an empty string if no user data is provided
+}
+
+variable "metadata_options" {
+  type        = map(string)
+  description = "Customize the metadata options for the cluster nodes"
+  default     = {}
+}