From c725251666408da818c573fc471041f139095117 Mon Sep 17 00:00:00 2001
From: Olamide <Olamide@thoughtbot.com>
Date: Mon, 16 Dec 2024 17:28:20 +0100
Subject: [PATCH] Enable EKS access entries authentication option

---
 aws/cluster/main.tf                          | 22 +++++++++++---------
 aws/cluster/modules/eks-cluster/main.tf      |  5 +++++
 aws/cluster/modules/eks-cluster/variables.tf | 11 ++++++++++
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/aws/cluster/main.tf b/aws/cluster/main.tf
index d7222ee1..28a5fb67 100644
--- a/aws/cluster/main.tf
+++ b/aws/cluster/main.tf
@@ -16,16 +16,18 @@ module "network" {
 module "eks_cluster" {
   source = "./modules/eks-cluster"
 
-  enabled_cluster_log_types = var.enabled_cluster_log_types
-  endpoint_private_access   = var.endpoint_private_access
-  endpoint_public_access    = var.endpoint_public_access
-  k8s_version               = var.k8s_version
-  log_retention_in_days     = var.log_retention_in_days
-  name                      = module.cluster_name.full
-  private_subnet_ids        = module.network.private_subnet_ids
-  public_subnet_ids         = module.network.public_subnet_ids
-  tags                      = var.tags
-  vpc                       = module.network.vpc
+  auth_mode                                  = var.auth_mode
+  bootstrap_cluster_creator_admin_permission = var.bootstrap_cluster_creator_admin_permission
+  enabled_cluster_log_types                  = var.enabled_cluster_log_types
+  endpoint_private_access                    = var.endpoint_private_access
+  endpoint_public_access                     = var.endpoint_public_access
+  k8s_version                                = var.k8s_version
+  log_retention_in_days                      = var.log_retention_in_days
+  name                                       = module.cluster_name.full
+  private_subnet_ids                         = module.network.private_subnet_ids
+  public_subnet_ids                          = module.network.public_subnet_ids
+  tags                                       = var.tags
+  vpc                                        = module.network.vpc
 
   depends_on = [module.node_role]
 }
diff --git a/aws/cluster/modules/eks-cluster/main.tf b/aws/cluster/modules/eks-cluster/main.tf
index bc51f4b8..6c8dcc66 100644
--- a/aws/cluster/modules/eks-cluster/main.tf
+++ b/aws/cluster/modules/eks-cluster/main.tf
@@ -9,6 +9,11 @@ resource "aws_eks_cluster" "this" {
   tags                      = var.tags
   version                   = var.k8s_version
 
+  access_config {
+    authentication_mode                         = var.auth_mode
+    bootstrap_cluster_creator_admin_permissions = var.bootstrap_cluster_creator_admin_permission
+  }
+
   vpc_config {
     security_group_ids      = [aws_security_group.control_plane.id]
     subnet_ids              = concat(var.private_subnet_ids, var.public_subnet_ids)
diff --git a/aws/cluster/modules/eks-cluster/variables.tf b/aws/cluster/modules/eks-cluster/variables.tf
index 015e5aea..85fc70fe 100644
--- a/aws/cluster/modules/eks-cluster/variables.tf
+++ b/aws/cluster/modules/eks-cluster/variables.tf
@@ -1,3 +1,14 @@
+variable "auth_mode" {
+  type        = string
+  description = "Authentiation mode associated with the cluster Access config"
+  default     = "API_AND_CONFIG_MAP"
+}
+variable "bootstrap_cluster_creator_admin_permission" {
+  type        = bool
+  description = "Bootstrap access config values to the cluster"
+  default     = false
+}
+
 variable "enabled_cluster_log_types" {
   type        = list(string)
   default     = ["api", "audit"]