aws VS terraform-aws-eks-blueprints

Do you have a policy that you want to codify, or that you’ve been running with python or bash scripts? You are welcome to try codifying it with CloudQuery Policies (See our github and docs for how to develop one). Feel free to visit our discord or GitHub to get help - we’ll also be happy to share your policy on CloudQuery Hub.

CloudQuery is an open-source cloud asset inventory powered by SQL, so a policy to the tool is simply an HCL configuration file that references SQL queries. How this works is by CloudQuery ingesting the data from your cloud provider, such as AWS or Azure, and then the policy executes the SQL statements against that data as if it were a test suite. Our co-founder Yevgeny recently wrote an amazing piece on running the PCI DSS policy against AWS. If you are curious about the multitude of policies currently available you can check them out at https://hub.cloudquery.io/ which is our centrally available and searchable source for publicly available policies.

Have you checked out this repo https://github.com/aws-ia/terraform-aws-eks-blueprints

Now that you have the networking part done, you can build configurations for the EKS cluster and its add-ons. You will use the terraform-aws-modules to create the EKS cluster and eks_blueprints module from terraform-aws-eks-blueprintsto configure EKS add-ons.

## (https://github.com/aws-ia/terraform-aws-eks-blueprints) ## ... [other Terraform code] ## Cluster Configuration module "eks" { # ... [other configuration] self_managed_node_groups = { gpu_node_group = { node_group_name = "gpu-node-group" ami_type = "AL2_x86_64_GPU" capacity_type = "ON_DEMAND" instance_types = [ "g4dn.xlarge", "g4dn.2xlarge", ] # ... [other configuration] taints = { dedicated = { key = "nvidia.com/gpu" value = "true" effect = "NO_SCHEDULE" } } # ... [other configuration] } } }

Here is the link: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/examples/karpenter/main.tf

Anyone using eks blueprints or cloudposse's module?

Take a look at the EKS Blueprints for Terraform as a place to start. I know the team is working on their v5 release which should be a solid improvement. https://github.com/aws-ia/terraform-aws-eks-blueprints/milestone/1

Take a look at the EKS Blueprints for Terraform v5 rewrite for more details. However, EKS Blueprints for Terraform (v4 as it is today) is pretty darn good _if_ you just want to manage basic charst like load balancer controller and Karpenter. It provisions IAM Roles and Policies along with Helm charts all in one easy set-up. It's just not something I'd want to touch with more complex use cases and we'll see how the EKS Blueprints team does with the v5 rewrite - their direction looks reasonable, but Terraform just isn't really designed for the problem it's trying to solve there, so it's going to be somewhat clunky one way or another.