Enable EKS access entries authentication option (#220)

* Enable EKS access entries authentication option
---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

aws/cluster/README.md

@@ -95,6 +95,8 @@ module "cluster" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_auth_mode"></a> [auth\_mode](#input\_auth\_mode) | Authentiation mode associated with the cluster Access config | `string` | `"API_AND_CONFIG_MAP"` | no |
+| <a name="input_bootstrap_cluster_creator_admin_permission"></a> [bootstrap\_cluster\_creator\_admin\_permission](#input\_bootstrap\_cluster\_creator\_admin\_permission) | Bootstrap access config values to the cluster | `bool` | `false` | no |
 | <a name="input_enabled_cluster_log_types"></a> [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | `[]` | no |
 | <a name="input_endpoint_private_access"></a> [endpoint\_private\_access](#input\_endpoint\_private\_access) | Enables the Amazon EKS private API server endpoint. | `bool` | `false` | no |
 | <a name="input_endpoint_public_access"></a> [endpoint\_public\_access](#input\_endpoint\_public\_access) | Enables the Amazon EKS public API server endpoint. | `bool` | `true` | no |

aws/cluster/main.tf

@@ -16,16 +16,18 @@ module "network" {
 module "eks_cluster" {
   source = "./modules/eks-cluster"
 
-  enabled_cluster_log_types = var.enabled_cluster_log_types
-  endpoint_private_access   = var.endpoint_private_access
-  endpoint_public_access    = var.endpoint_public_access
-  k8s_version               = var.k8s_version
-  log_retention_in_days     = var.log_retention_in_days
-  name                      = module.cluster_name.full
-  private_subnet_ids        = module.network.private_subnet_ids
-  public_subnet_ids         = module.network.public_subnet_ids
-  tags                      = var.tags
-  vpc                       = module.network.vpc
+  auth_mode                                  = var.auth_mode
+  bootstrap_cluster_creator_admin_permission = var.bootstrap_cluster_creator_admin_permission
+  enabled_cluster_log_types                  = var.enabled_cluster_log_types
+  endpoint_private_access                    = var.endpoint_private_access
+  endpoint_public_access                     = var.endpoint_public_access
+  k8s_version                                = var.k8s_version
+  log_retention_in_days                      = var.log_retention_in_days
+  name                                       = module.cluster_name.full
+  private_subnet_ids                         = module.network.private_subnet_ids
+  public_subnet_ids                          = module.network.public_subnet_ids
+  tags                                       = var.tags
+  vpc                                        = module.network.vpc
 
   depends_on = [module.node_role]
 }

aws/cluster/modules/eks-cluster/README.md

@@ -31,6 +31,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_auth_mode"></a> [auth\_mode](#input\_auth\_mode) | Authentiation mode associated with the cluster Access config | `string` | `"API_AND_CONFIG_MAP"` | no |
+| <a name="input_bootstrap_cluster_creator_admin_permission"></a> [bootstrap\_cluster\_creator\_admin\_permission](#input\_bootstrap\_cluster\_creator\_admin\_permission) | Bootstrap access config values to the cluster | `bool` | `false` | no |
 | <a name="input_enabled_cluster_log_types"></a> [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | <pre>[<br>  "api",<br>  "audit"<br>]</pre> | no |
 | <a name="input_endpoint_private_access"></a> [endpoint\_private\_access](#input\_endpoint\_private\_access) | Enables the Amazon EKS private API server endpoint. | `bool` | `false` | no |
 | <a name="input_endpoint_public_access"></a> [endpoint\_public\_access](#input\_endpoint\_public\_access) | Enables the Amazon EKS public API server endpoint. | `bool` | `true` | no |

aws/cluster/modules/eks-cluster/main.tf

@@ -9,6 +9,11 @@ resource "aws_eks_cluster" "this" {
   tags                      = var.tags
   version                   = var.k8s_version
 
+  access_config {
+    authentication_mode                         = var.auth_mode
+    bootstrap_cluster_creator_admin_permissions = var.bootstrap_cluster_creator_admin_permission
+  }
+
   vpc_config {
     security_group_ids      = [aws_security_group.control_plane.id]
     subnet_ids              = concat(var.private_subnet_ids, var.public_subnet_ids)

aws/cluster/modules/eks-cluster/variables.tf

@@ -1,3 +1,15 @@
+variable "auth_mode" {
+  type        = string
+  description = "Authentiation mode associated with the cluster Access config"
+  default     = "API_AND_CONFIG_MAP"
+}
+
+variable "bootstrap_cluster_creator_admin_permission" {
+  type        = bool
+  description = "Bootstrap access config values to the cluster"
+  default     = false
+}
+
 variable "enabled_cluster_log_types" {
   type        = list(string)
   default     = ["api", "audit"]

aws/cluster/variables.tf

@@ -1,3 +1,15 @@
+variable "auth_mode" {
+  type        = string
+  description = "Authentiation mode associated with the cluster Access config"
+  default     = "API_AND_CONFIG_MAP"
+}
+
+variable "bootstrap_cluster_creator_admin_permission" {
+  type        = bool
+  description = "Bootstrap access config values to the cluster"
+  default     = false
+}
+
 variable "enabled_cluster_log_types" {
   type        = list(string)
   default     = []