Merge pull request #40 from fluxcd/eks-disable-kms-logs

EKS: Disable cloudwatch logs & cluster encryption

tf-modules/aws/eks/main.tf

@@ -28,13 +28,15 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
+  # Define the default node group configuration.
   eks_managed_node_group_defaults = {
     disk_size            = 50
     instance_types       = ["t2.medium"]
     launch_template_tags = module.tags.tags
   }
 
   eks_managed_node_groups = {
+    # Create node groups using on-demand nodes and spot nodes.
     blue = {}
     green = {
       min_size     = 1
@@ -48,6 +50,14 @@ module "eks" {
 
   enable_cluster_creator_admin_permissions = true
 
+  # Disable log aggregation for such ephemeral clusters.
+  cluster_enabled_log_types   = []
+  create_cloudwatch_log_group = false
+
+  # Disable encryption unless it's needed for some test.
+  cluster_encryption_config = {}
+  create_kms_key            = false
+
   tags = module.tags.tags
 }