From 6ab9c82560715659953c051e70f2e376f7b0f13a Mon Sep 17 00:00:00 2001 From: Sunny Date: Tue, 21 May 2024 21:08:24 +0000 Subject: [PATCH] EKS: Disable cloudwatch logs & cluster encryption Cloudwatch logs and cluster encryption are not needed for the current test infrastructure needs. It is also a workaround for a bug in aws-nuke which gets stuck because the log group get's recreated by the EKS cluster. Disabling cluster encryption helps reduce KMS usage and reduce cost. It can be enabled if needed in the future. Signed-off-by: Sunny --- tf-modules/aws/eks/main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tf-modules/aws/eks/main.tf b/tf-modules/aws/eks/main.tf index 16c259c..94cbca5 100644 --- a/tf-modules/aws/eks/main.tf +++ b/tf-modules/aws/eks/main.tf @@ -28,6 +28,7 @@ module "eks" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets + # Define the default node group configuration. eks_managed_node_group_defaults = { disk_size = 50 instance_types = ["t2.medium"] @@ -35,6 +36,7 @@ module "eks" { } eks_managed_node_groups = { + # Create node groups using on-demand nodes and spot nodes. blue = {} green = { min_size = 1 @@ -48,6 +50,14 @@ module "eks" { enable_cluster_creator_admin_permissions = true + # Disable log aggregation for such ephemeral clusters. + cluster_enabled_log_types = [] + create_cloudwatch_log_group = false + + # Disable encryption unless it's needed for some test. + cluster_encryption_config = {} + create_kms_key = false + tags = module.tags.tags }