Merge pull request #15 from abhi-dev91/main

Removed unwanted variables for kms policy arn

README.md

@@ -180,7 +180,6 @@ In this module, we have implemented the following CIS Compliance checks for EKS:
 | <a name="input_image_high_threshold_percent"></a> [image\_high\_threshold\_percent](#input\_image\_high\_threshold\_percent) | The percentage of disk usage at which garbage collection should be triggered. | `number` | `60` | no |
 | <a name="input_image_low_threshold_percent"></a> [image\_low\_threshold\_percent](#input\_image\_low\_threshold\_percent) | The percentage of disk usage at which garbage collection took place. | `number` | `40` | no |
 | <a name="input_eventRecordQPS"></a> [eventRecordQPS](#input\_eventRecordQPS) | The maximum number of events created per second. | `number` | `5` | no |
-| <a name="input_kms_policy_arn"></a> [kms\_policy\_arn](#input\_kms\_policy\_arn) | The KMS policy ARN used for encrypting Kubernetes PVC. | `string` | `""` | no |
 | <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Set to true to enable network interface for launch template. | `bool` | `false` | no |
 | <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether to enable monitoring for nodes. | `bool` | `true` | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | The minimum number of nodes for the node group. | `string` | `"1"` | no |

examples/complete-ipv6/main.tf

@@ -120,7 +120,6 @@ module "eks" {
   cluster_log_types                    = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   default_addon_enabled                = local.default_addon_enabled
   eks_nodes_keypair_name               = module.key_pair_eks.key_pair_name
-  kms_policy_arn                       = module.eks.kms_policy_arn
   private_subnet_ids                   = module.vpc.private_subnets
   cluster_log_retention_in_days        = 30
   cluster_endpoint_public_access       = true
@@ -171,7 +170,7 @@ module "managed_node_group_production" {
   worker_iam_role_name   = module.eks.worker_iam_role_name
   eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
   k8s_labels = {
-    "Infra-Services" = "true"
+    "Addon-Services" = "true"
   }
   tags         = local.additional_aws_tags
   ipv6_enabled = local.ipv6_enabled

examples/complete/main.tf

@@ -119,7 +119,6 @@ module "eks" {
   create_aws_auth_configmap            = true
   default_addon_enabled                = local.default_addon_enabled
   eks_nodes_keypair_name               = module.key_pair_eks.key_pair_name
-  kms_policy_arn                       = module.eks.kms_policy_arn
   aws_auth_roles = [
     {
       rolearn  = "arn:aws:iam::222222222222:role/service-role"
@@ -164,7 +163,7 @@ module "managed_node_group_production" {
   worker_iam_role_name   = module.eks.worker_iam_role_name
   eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
   k8s_labels = {
-    "Infra-Services" = "true"
+    "Addon-Services" = "true"
   }
   tags = local.additional_aws_tags
 }

main.tf

@@ -218,7 +218,7 @@ EOF
 
 resource "aws_iam_role_policy_attachment" "eks_kms_worker_policy_attachment" {
   role       = aws_iam_role.node_role.name
-  policy_arn = var.kms_policy_arn
+  policy_arn = aws_iam_policy.kubernetes_pvc_kms_policy.arn
 }
 
 resource "aws_iam_role_policy_attachment" "eks_worker_policy" {

variables.tf

@@ -141,11 +141,6 @@ variable "eventRecordQPS" {
   default     = 5
 }
 
-variable "kms_policy_arn" {
-  description = "The KMS policy ARN used for encrypting Kubernetes PVC."
-  type        = string
-  default     = ""
-}
 
 variable "associate_public_ip_address" {
   description = "Set to true to enable network interface for launch template."