module "eks_prometheus_metrics" {
source = "Lupus-Metallum/terraform-aws-amazon-managed-prometheus-for-eks/aws"
version = 1.0.0
prometheus_workspace_alias = "Example-EKS-Metrics"
eks_cluster_name = var.eks_cluster_name
grafana_namespace = "grafana"
prometheus_namespace = "prometheus"
service_account_name = "iamproxy-service-account"
service_account_iam_role_name = "EKS-AMP-ServiceAccount-Role"
service_account_iam_role_description = "IAM role to be used by a K8s service account with write access to AMP"
service_account_iam_policy_name = "AWSManagedPrometheusWriteAccessPolicy"
create_oidc_iam_provider = false
create_amp_vpc_endpoint = true
create_prometheus_server = true
vpc_id = aws_vpc.prod_us_east_1.id
vpc_endpoint_security_groups = [
aws_security_group.prod_eks_us_east_1.id
]
vpc_endpoint_subnets = [
aws_subnet.prod_vpc_edpt_private_us_east_1a.id,
aws_subnet.prod_vpc_edpt_private_us_east_1b.id,
aws_subnet.prod_vpc_edpt_private_us_east_1c.id,
aws_subnet.prod_vpc_edpt_private_us_east_1d.id,
aws_subnet.prod_vpc_edpt_private_us_east_1e.id,
aws_subnet.prod_vpc_edpt_private_us_east_1f.id,
]
tags = merge(
var.default_tags,
{
Name = "Prometheus VPC Endpoint"
})
}
| Name | Version |
|---|---|
| helm | >= 2.1.2 |
| kubernetes | ~> 1.11 |
| Name | Version |
|---|---|
| aws | n/a |
| helm | >= 2.1.2 |
| kubernetes | ~> 1.11 |
| local | n/a |
| null | n/a |
| template | n/a |
| tls | n/a |
| Name | Type |
|---|---|
| aws_iam_openid_connect_provider.this | resource |
| aws_iam_policy.amp_write | resource |
| aws_iam_role.eks_amp_role | resource |
| aws_iam_role_policy_attachment.amp_write | resource |
| aws_prometheus_workspace.prod_eks_metrics | resource |
| aws_vpc_endpoint.prometheus | resource |
| helm_release.prometheus_install | resource |
| kubernetes_namespace.prometheus | resource |
| local_file.prometheus_values | resource |
| null_resource.prometheus_update | resource |
| aws_caller_identity.this | data source |
| aws_eks_cluster.this | data source |
| aws_iam_policy_document.remote_write_assume | data source |
| aws_region.this | data source |
| template_file.prometheus_values | data source |
| tls_certificate.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| eks_cluster_name | Name of the EKS cluster to use. | string |
n/a | yes |
| create_amp_vpc_endpoint | Should this module create a VPC endpoint for Amazon Managed Prometheus? | bool |
true |
no |
| create_oidc_iam_provider | Should this module create the required IAM OIDC Provider? | bool |
false |
no |
| create_prometheus_server | Should this module create a Prometheus server statefulset in the EKS cluster for Amazon Managed Prometheus? | bool |
true |
no |
| grafana_namespace | Name of Grafana namespace. | string |
"grafana" |
no |
| prometheus_namespace | Name of Prometheus namespace. | string |
"prometheus" |
no |
| prometheus_workspace_alias | Friendly alias for the Prometheus workspace | string |
"Prometheus-Metrics" |
no |
| service_account_iam_policy_name | Name of the service account IAM policy | string |
"AWSManagedPrometheusWriteAccessPolicy" |
no |
| service_account_iam_role_description | Description of IAM role for the service account | string |
"IAM role to be used by a K8s service account with write access to AMP" |
no |
| service_account_iam_role_name | Name of IAM role for the service account | string |
"EKS-AMP-ServiceAccount-Role" |
no |
| service_account_name | Name of IAM Proxy Service Account. | string |
"iamproxy-service-account" |
no |
| tags | Map of tags to apply to tagable resources | map(string) |
{} |
no |
| vpc_endpoint_security_groups | List of security groups for a VPC endpoint for AMP | list(string) |
[] |
no |
| vpc_endpoint_subnets | List of subnets to place ENI's in for a VPC endpoint for AMP | list(string) |
[] |
no |
| vpc_id | ID for the VPC to create the VPC endpoint in. | string |
"" |
no |
| Name | Description |
|---|---|
| iam_role_arn | n/a |
| prometheus_workspace_arn | n/a |
| prometheus_workspace_endpoint | n/a |
| prometheus_workspace_id | n/a |
