README.md

Terraform Modules Template

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.18
helm	>= 2.5
http	>= 2.2.0
kubernetes	>= 2.11

Providers

Name	Version
aws	>= 4.18
helm	>= 2.5
http	>= 2.2.0
kubernetes	>= 2.11

Modules

Name	Source	Version
secrets_manager_role	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	~> 4.21.1

Resources

Name	Type
helm_release.release	resource
kubernetes_manifest.ascp	resource
aws_caller_identity.current	data source
aws_region.current	data source
http_http.ascp_manifest	data source

Inputs

Name	Description	Type	Default	Required
ascp_manifest_url	ASCP YAML file in the GitHub repo deployment directory	string	"https://raw.githubusercontent.com/aws/secrets-store-csi-driver-provider-aws/main/deployment/aws-provider-installer.yaml"	no
chart_name	Helm chart name to provision	string	"secrets-store-csi-driver"	no
chart_namespace	Namespace to install the chart into	string	"kube-system"	no
chart_repository	Helm repository for the chart	string	"https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"	no
chart_timeout	Timeout to wait for the Chart to be deployed.	number	300	no
chart_version	Version of Chart to install. Set to empty to install the latest version	string	"1.1.2"	no
cluster_name	Name of Kubernetes Cluster	string	n/a	yes
create_default_irsa	Create default IRSA for service account	bool	true	no
external_secrets_secrets_manager_arns	List of Secrets Manager ARNs that contain secrets to mount using External Secrets	list(string)	[ "arn:aws:secretsmanager:::secret:*" ]	no
external_secrets_ssm_parameter_arns	List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets	list(string)	[ "arn:aws:ssm:::parameter/*" ]	no
iam_role_description	Description for IAM role for controller	string	"Used by AWS Load Balancer Controller for EKS"	no
iam_role_name	Name of IAM role for controller	string	""	no
iam_role_path	IAM Role path for controller	string	""	no
iam_role_permission_boundary	Permission boundary ARN for IAM Role for controller	string	""	no
iam_role_policy	Override the IAM policy for the controller	string	""	no
iam_role_tags	Tags for IAM Role for controller	map(string)	{}	no
image_repository	Image repository on Dockerhub	string	"k8s.gcr.io/csi-secrets-store/driver"	no
image_tag	Image tag	string	"v1.1.2"	no
max_history	Max History for Helm	number	20	no
namespace	Kubernetes namespace, where the service account want to create	string	"default"	no
oidc_provider_arn	OIDC Provider ARN for IRSA	string	n/a	yes
region	The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example.	string	""	no
release_name	Helm release name	string	"secrets-store-csi-driver"	no
resources_driver	Driver Resources	map(any)	{ "limits": { "cpu": "200m", "memory": "200Mi" }, "requests": { "cpu": "200m", "memory": "200Mi" } }	no
resources_liveness	LivenessProbe Resources	map(any)	{ "limits": { "cpu": "100m", "memory": "100Mi" }, "requests": { "cpu": "100m", "memory": "100Mi" } }	no
resources_registrar	Registrar Resources	map(any)	{ "limits": { "cpu": "100m", "memory": "100Mi" }, "requests": { "cpu": "100m", "memory": "100Mi" } }	no
service_account_name	Name of service account to create. Not generated	string	"csi-secrets-store-provider-aws"	no

Outputs

Name	Description
iam_role_arn	ARN of IAM role
iam_role_name	Name of IAM role
iam_role_path	Path of IAM role
iam_role_unique_id	Unique ID of IAM role