Refactor Terraform configuration: parameterize AWS region, enhance EKS module with subnet handling, and update node group settings for improved resource management.

Author: karimzakzouk

Terraform/1-provider.tf

@@ -1,4 +1,4 @@
 # Configure the AWS Provider
 provider "aws" {
-  region = "us-east-1"
+  region = var.region
 }

Terraform/3-main.tf

@@ -9,20 +9,20 @@ module "vpc" {
 }
 
 module "eks" {
-  source             = "./modules/eks"
-  cluster_name       = var.cluster_name
-  cluster_version    = var.cluster_version
-  vpc_id             = module.vpc.vpc_id
-  cluster_subnet_ids = concat(module.vpc.private_subnet_ids, module.vpc.public_subnet_ids)
-  node_subnet_ids    = module.vpc.private_subnet_ids
-  node_groups        = var.node_groups
-  depends_on         = [module.vpc]
+  source = "./modules/eks" 
+  cluster_name    = var.cluster_name
+  cluster_version = var.cluster_version
+  vpc_id          = module.vpc.vpc_id
+  subnet_ids      = module.vpc.private_subnet_ids
+  node_groups     = var.node_groups
+  depends_on = [ module.vpc ]
 }
+
 resource "aws_eks_addon" "metrics_server" {
   cluster_name                = module.eks.cluster_name
   addon_name                  = "metrics-server"
   addon_version               = null
   resolve_conflicts_on_create = "OVERWRITE"
   resolve_conflicts_on_update = "OVERWRITE"
-  depends_on                  = [module.eks]
+  depends_on                  = [ module.eks ]
 }

Terraform/4-variables.tf

@@ -1,3 +1,9 @@
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-east-1"
+}
+
 variable "vpc_cidr" {
   description = "CIDR Block for VPC"
   type        = string
@@ -47,6 +53,7 @@ variable "node_groups" {
       max_size     = number
       min_size     = number
     })
+    ssh_key_name = string
   }))
 
   default = {
@@ -58,6 +65,7 @@ variable "node_groups" {
         max_size     = 3
         min_size     = 1
       }
+      ssh_key_name = "MyPairKey"
     }
   }
 }

Terraform/5-outputs.tf

@@ -1,3 +1,8 @@
+output "region" {
+  description = "AWS region"
+  value       = var.region
+}
+
 output "vpc_id" {
   description = "VPC ID"
   value       = module.vpc.vpc_id

Terraform/modules/eks/main.tf

@@ -1,7 +1,53 @@
 data "aws_caller_identity" "current" {}
 
+resource "aws_eks_cluster" "main" {
+  name     = var.cluster_name
+  version  = var.cluster_version
+  role_arn = aws_iam_role.cluster.arn
+
+  access_config {
+    authentication_mode                         = "API_AND_CONFIG_MAP"
+    bootstrap_cluster_creator_admin_permissions = true
+  }
+
+  vpc_config {
+    subnet_ids = var.subnet_ids
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.cluster_policy
+  ]
+
+  tags = {
+    "karpenter.sh/discovery" = var.cluster_name
+    "Name"                   = var.cluster_name
+  }
+}
+
+resource "aws_ec2_tag" "cluster_sg_karpenter" {
+  resource_id = aws_eks_cluster.main.vpc_config[0].cluster_security_group_id
+  key         = "karpenter.sh/discovery"
+  value       = var.cluster_name
+
+  depends_on = [
+    aws_eks_cluster.main
+  ]
+}
+
+# EKS OIDC Identity Provider
+resource "aws_iam_openid_connect_provider" "eks" {
+  client_id_list  = ["sts.amazonaws.com"]
+  thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280"]
+  url             = aws_eks_cluster.main.identity[0].oidc[0].issuer
+
+  depends_on = [
+    aws_eks_cluster.main
+  ]
+}
+
 resource "aws_iam_role" "cluster" {
   name = "${var.cluster_name}-cluster-role"
+
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -22,12 +68,11 @@ resource "aws_iam_role" "cluster" {
 resource "aws_iam_role_policy_attachment" "cluster_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
   role       = aws_iam_role.cluster.name
-  
-  depends_on = [aws_iam_role.cluster]
 }
 
 resource "aws_iam_role" "node" {
   name = "${var.cluster_name}-node-role"
+
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -45,66 +90,22 @@ resource "aws_iam_role" "node" {
 resource "aws_iam_role_policy_attachment" "node_policy" {
   for_each = toset([
     "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
-    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
     "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly",
-    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
   ])
 
   policy_arn = each.value
   role       = aws_iam_role.node.name
-  
-  depends_on = [aws_iam_role.node]
-}
-
-resource "aws_eks_cluster" "main" {
-  name     = var.cluster_name
-  version  = var.cluster_version
-  role_arn = aws_iam_role.cluster.arn
-
-  access_config {
-    authentication_mode                         = "API_AND_CONFIG_MAP"
-    bootstrap_cluster_creator_admin_permissions = true
-  }
-
-  vpc_config {
-    subnet_ids = var.cluster_subnet_ids # Changed from var.subnet_ids
-  }
-
-  depends_on = [
-    aws_iam_role.cluster,
-    aws_iam_role_policy_attachment.cluster_policy
-  ]
-
-  tags = {
-    "karpenter.sh/discovery" = var.cluster_name
-    "Name"                   = var.cluster_name
-  }
-}
-
-# EKS OIDC Identity Provider
-resource "aws_iam_openid_connect_provider" "eks" {
-  client_id_list  = ["sts.amazonaws.com"]
-  thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280"]
-  url             = aws_eks_cluster.main.identity[0].oidc[0].issuer
-  
-  depends_on = [aws_eks_cluster.main]
-}
-
-resource "aws_ec2_tag" "cluster_sg_karpenter" {
-  resource_id = aws_eks_cluster.main.vpc_config[0].cluster_security_group_id
-  key         = "karpenter.sh/discovery"
-  value       = var.cluster_name
-  
-  depends_on = [aws_eks_cluster.main]
 }
 
 resource "aws_eks_node_group" "main" {
-  for_each        = var.node_groups
+  for_each = var.node_groups
+
   cluster_name    = aws_eks_cluster.main.name
   node_group_name = each.key
   node_role_arn   = aws_iam_role.node.arn
-  subnet_ids      = var.node_subnet_ids # Changed from var.subnet_ids
-  
+  subnet_ids      = var.subnet_ids
+
   scaling_config {
     desired_size = each.value.scaling_config.desired_size
     max_size     = each.value.scaling_config.max_size
@@ -116,24 +117,25 @@ resource "aws_eks_node_group" "main" {
   }
 
   depends_on = [
-    aws_eks_cluster.main,
-    aws_iam_role.node,
-    aws_iam_role_policy_attachment.node_policy
+    aws_iam_role_policy_attachment.node_policy,
+    aws_eks_cluster.main
   ]
 }
 
 # Karpenter Node Instance Profile (reuse existing node role)
 resource "aws_iam_instance_profile" "karpenter_node" {
-  name = "KarpenterNodeInstanceProfile-${var.cluster_name}"
+  name = "KarpenterNodeInstanceProfile"
   role = aws_iam_role.node.name
-  
-  depends_on = [aws_iam_role.node]
+
+  depends_on = [
+    aws_iam_role.node
+  ]
 }
 
 # Karpenter Controller IAM Role
 resource "aws_iam_role" "karpenter_controller" {
   name = "KarpenterControllerRole-${var.cluster_name}"
-
+  
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -152,10 +154,10 @@ resource "aws_iam_role" "karpenter_controller" {
       }
     ]
   })
-  
+
   depends_on = [
-    aws_eks_cluster.main,
-    aws_iam_openid_connect_provider.eks
+    aws_iam_openid_connect_provider.eks,
+    aws_eks_cluster.main
   ]
 }
 
@@ -201,8 +203,8 @@ resource "aws_iam_role_policy" "karpenter_controller" {
         Resource = "*"
       },
       {
-        Effect   = "Allow"
-        Action   = "iam:CreateServiceLinkedRole"
+        Effect = "Allow"
+        Action = "iam:CreateServiceLinkedRole"
         Resource = "*"
         Condition = {
           StringEquals = {
@@ -212,12 +214,14 @@ resource "aws_iam_role_policy" "karpenter_controller" {
       }
     ]
   })
-  
-  depends_on = [aws_iam_role.karpenter_controller]
+
+  depends_on = [
+    aws_iam_role.karpenter_controller
+  ]
 }
 
 # SQS Queue for Spot Interruption Notifications
 resource "aws_sqs_queue" "karpenter_interruption" {
   name                      = "karpenter-interruption-queue-${var.cluster_name}"
   message_retention_seconds = 300
-}
+}

Terraform/modules/eks/variables.tf

@@ -1,36 +1,32 @@
 variable "cluster_name" {
-  description = "Name of the EKS cluster"
-  type        = string
+  description   = "Name of the EKS cluster"
+  type          = string
 }
 
 variable "cluster_version" {
-  description = "Kubernetes version"
-  type        = string
+  description   = "Kubernetes version"
+  type          = string
 }
 
 variable "vpc_id" {
   description = "VPC ID"
   type        = string
 }
 
-variable "cluster_subnet_ids" {
-  description = "List of subnet IDs for EKS cluster (public + private)"
-  type        = list(string)
+variable "subnet_ids" {
+  description   = "Subnets IDS"
+  type          = list(string)
 }
 
-variable "node_subnet_ids" {
-  description = "List of subnet IDs for EKS node groups (private only)"
-  type        = list(string)
-}
 variable "node_groups" {
-  description = "EKS node groups configuration"
-  type = map(object({
+  description   = "EKS node groups configuration"
+  type          = map(object({
     instance_types = list(string)
     capacity_type  = string
     scaling_config = object({
       desired_size = number
       max_size     = number
-      min_size     = number
+      min_size     = number 
     })
   }))
 }