google_container_aws_cluster

An Anthos cluster running on AWS.

For more information, see:

Example Usage - basic_aws_cluster

A basic example of a containeraws cluster

data "google_container_aws_versions" "versions" {
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
    admin_groups {
      group = "group@domain.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"
}

Example Usage - basic_enum_aws_cluster

A basic example of a containeraws cluster with lowercase enums

data "google_container_aws_versions" "versions" {
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"
}

Example Usage - beta_basic_enum_aws_cluster

A basic example of a containeraws cluster with lowercase enums (beta)

data "google_container_aws_versions" "versions" {
  provider = google-beta
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  provider = google-beta
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }

    instance_placement {
      tenancy = "dedicated"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"

  logging_config {
    component_config {
      enable_components = ["system_components", "workloads"]
    }
  }

}

Argument Reference

The following arguments are supported:

The authorization block supports:

The admin_users block supports:

The control_plane block supports:

The aws_services_authentication block supports:

The config_encryption block supports:

The database_encryption block supports:

The fleet block supports:

The networking block supports:


Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

The admin_groups block supports:

The binary_authorization block supports:

The instance_placement block supports:

The main_volume block supports:

The proxy_config block supports:

The root_volume block supports:

The ssh_config block supports:

The logging_config block supports:

The component_config block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

Cluster can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import Cluster using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/awsClusters/{{name}}"
  to = google_container_aws_cluster.default
}

When using the terraform import command, Cluster can be imported using one of the formats above. For example:

$ terraform import google_container_aws_cluster.default projects/{{project}}/locations/{{location}}/awsClusters/{{name}}
$ terraform import google_container_aws_cluster.default {{project}}/{{location}}/{{name}}
$ terraform import google_container_aws_cluster.default {{location}}/{{name}}