// the find
cloudposse/terraform-aws-eks-cluster
Terraform module for provisioning an EKS cluster
Terraform module for standing up an EKS cluster on AWS — control plane, IAM, OIDC provider, KMS encryption, addons, and access entries. Part of Cloud Posse's ecosystem of composable Terraform modules, designed to be used alongside their node group and Fargate profile modules. Targets teams that want a production-grade starting point without writing all the IAM and addon wiring themselves.
First-class support for EKS Auto Mode (GA December 2024) with automatic IAM policy attachment and bootstrap_self_managed_addons handling — most community modules haven't caught up to this yet. The v4 access entry rewrite dropped the old aws-auth ConfigMap approach entirely and uses the proper AWS API instead, which removes a whole class of race conditions and drift issues that plagued earlier versions. Terratest-based integration tests actually deploy to AWS, not just validate HCL syntax — that's a meaningful quality bar. The addons input handles the resolve_conflicts deprecation gracefully with backwards-compatible fallback logic.
Hard dependency on Cloud Posse's label/null module and the entire 'context' pattern — if your org doesn't already use this ecosystem, onboarding means pulling in an opinionated naming convention you may not want. The examples explicitly warn against using the current caller identity for access entries in production but show it anyway, which is a footgun for teams copying the example verbatim. Cluster log retention defaults to 0 days, meaning control plane logs vanish immediately unless you remember to set cluster_log_retention_period — a bad default for anyone doing incident response. The capabilities block (ACK, ArgoCD, KRO) is a new AWS feature with sparse documentation and the module abstracts it in a way that makes debugging IAM trust policy issues harder, not easier.