// the find
terraform-aws-modules/terraform-aws-eks
Terraform module to create Amazon Elastic Kubernetes (EKS) resources 🇺🇦
The de facto standard Terraform module for provisioning EKS clusters on AWS. Covers managed node groups, self-managed node groups, Fargate profiles, Karpenter, EKS Auto Mode, hybrid nodes, and EFA support. Aimed at teams running production Kubernetes on AWS who don't want to hand-roll all the IAM, security groups, launch templates, and addon wiring themselves.
- Variable surface area is extremely thorough — launch template options, block device mappings, EFA interface enumeration, placement groups, capacity reservations, node repair config — nearly every AWS API knob is exposed without requiring module forks.
- Explicit upgrade guides for every major version (v17 through v21) with documented breaking changes, which makes the painful EKS Terraform migration path much less painful in practice.
- The `before_compute` addon flag is a genuine quality-of-life feature that handles the ordering problem (vpc-cni, pod-identity-agent must exist before nodes join) that trips up most hand-written configs.
- Tests directory includes rendered user-data snapshot files for AL2, AL2023, Bottlerocket, and Windows across multiple scenarios — good for catching regressions in the bootstrap logic without deploying a real cluster.
- Requires aws provider >= 6.42, which is a very recent constraint. Anyone on a monorepo with other modules pinned to aws provider 5.x is blocked from upgrading to v21 without coordinating a provider bump across everything.
- The `eks_managed_node_groups` variable is a map of objects with ~80 optional fields. HCL's type system forces you to specify the full object shape even for simple cases, and the lack of sensible per-field defaults in the type definition means debugging type mismatch errors is tedious.
- No automated integration tests that actually deploy infrastructure — the `tests/` directory contains Terraform configs that look like they're meant to be run manually or via some external CI trigger, but there's no evidence of them running against a real AWS account in the CI workflows shown.
- EKS Auto Mode's disable behavior (must explicitly set `enabled = false` before removing the block) is a footgun that stems from an AWS API limitation, but the module does nothing to guard against it — a lifecycle precondition or a validation rule could catch this before apply.