datafold · gtoonstra · Aug 30, 2025 · Aug 29, 2025
@@ -1,9 +1,10 @@
 data "aws_caller_identity" "current" {}
 
 module "ebs_csi_irsa_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  version = "6.2.1"
 
-  name             = "${var.deployment_name}-ebs-csi-controller"
+  name                  = "${var.deployment_name}-ebs-csi-controller"
   attach_ebs_csi_policy = true
 
   oidc_providers = {
@@ -15,9 +16,10 @@ module "ebs_csi_irsa_role" {
 }
 
 module "k8s_load_balancer_controller_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  version = "6.2.1"
 
-  name                              = "${var.deployment_name}-lb-controller"
+  name                                   = "${var.deployment_name}-lb-controller"
   attach_load_balancer_controller_policy = true
 
   oidc_providers = {
@@ -29,9 +31,10 @@ module "k8s_load_balancer_controller_role" {
 }
 
 module "cluster_autoscaler_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  version = "6.2.1"
 
-  name                        = "${var.deployment_name}-cluster-autoscaler"
+  name                             = "${var.deployment_name}-cluster-autoscaler"
   attach_cluster_autoscaler_policy = true
   cluster_autoscaler_cluster_names = [module.eks.cluster_name]
 
@@ -53,7 +56,7 @@ module "eks" {
   name               = var.deployment_name
   kubernetes_version = var.k8s_cluster_version
 
-  endpoint_public_access = true
+  endpoint_public_access       = true
   endpoint_public_access_cidrs = var.k8s_public_access_cidrs
 
   enable_irsa = true
@@ -79,10 +82,10 @@ module "eks" {
       service_account_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.deployment_name}-ebs-csi-controller"
       most_recent              = true
       before_compute           = true
-      configuration_values     = jsonencode({
-        "sidecars": {
-          "snapshotter": {
-            "forceEnable": false
+      configuration_values = jsonencode({
+        "sidecars" : {
+          "snapshotter" : {
+            "forceEnable" : false
           }
         }
       })
@@ -96,24 +99,24 @@ module "eks" {
 
   # Self Managed Node Group(s)
   self_managed_node_groups = var.self_managed_node_grps
-  eks_managed_node_groups = var.managed_node_grps
-
-#  access_entries = {
-#    allow_support_access = {
-#      kubernetes_groups = []
-#      principal_arn     = resource.aws_iam_role.eks_support_role.arn  (# from cloud-infra)
-#
-#      policy_associations = {
-#        single = {
-#          policy_arn   = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
-#          access_scope = {
-#            namespaces = []
-#            type       = "cluster"
-#          }
-#        }
-#      }
-#    }
-#  }
+  eks_managed_node_groups  = var.managed_node_grps
+
+  #  access_entries = {
+  #    allow_support_access = {
+  #      kubernetes_groups = []
+  #      principal_arn     = resource.aws_iam_role.eks_support_role.arn  (# from cloud-infra)
+  #
+  #      policy_associations = {
+  #        single = {
+  #          policy_arn   = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+  #          access_scope = {
+  #            namespaces = []
+  #            type       = "cluster"
+  #          }
+  #        }
+  #      }
+  #    }
+  #  }
 
   tags = var.tags
 }

@@ -20,126 +20,126 @@ output "cluster_endpoint" {
 
 # dfshell
 output "dfshell_role_arn" {
-  value = module.dfshell_role[0].arn
+  value       = module.dfshell_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "dfshell_service_account_name" {
-  value = var.dfshell_service_account_name
+  value       = var.dfshell_service_account_name
   description = "The name of the service account for dfshell"
 }
 
 # worker_portal
 output "worker_portal_role_arn" {
-  value = module.worker_portal_role[0].arn
+  value       = module.worker_portal_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_portal_service_account_name" {
-  value = var.worker_portal_service_account_name
+  value       = var.worker_portal_service_account_name
   description = "The name of the service account for worker_portal"
 }
 
 # operator
 output "operator_role_arn" {
-  value = module.operator_role[0].arn
+  value       = module.operator_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "operator_service_account_name" {
-  value = var.operator_service_account_name
+  value       = var.operator_service_account_name
   description = "The name of the service account for operator"
 }
 
 # server
 output "server_role_arn" {
-  value = module.server_role[0].arn
+  value       = module.server_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "server_service_account_name" {
-  value = var.server_service_account_name
+  value       = var.server_service_account_name
   description = "The name of the service account for server"
 }
 
 # scheduler
 output "scheduler_role_arn" {
-  value = module.scheduler_role[0].arn
+  value       = module.scheduler_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "scheduler_service_account_name" {
-  value = var.scheduler_service_account_name
+  value       = var.scheduler_service_account_name
   description = "The name of the service account for scheduler"
 }
 
 # worker, worker1, worker2 etc.
 output "worker_role_arn" {
-  value = module.worker_role[0].arn
+  value       = module.worker_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_service_account_name" {
-  value = var.worker_service_account_name
+  value       = var.worker_service_account_name
   description = "The name of the service account for worker"
 }
 
 # worker_catalog
 output "worker_catalog_role_arn" {
-  value = module.worker_catalog_role[0].arn
+  value       = module.worker_catalog_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_catalog_service_account_name" {
-  value = var.worker_catalog_service_account_name
+  value       = var.worker_catalog_service_account_name
   description = "The name of the service account for worker_catalog"
 }
 
 # worker_interactive
 output "worker_interactive_role_arn" {
-  value = module.worker_interactive_role[0].arn
+  value       = module.worker_interactive_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_interactive_service_account_name" {
-  value = var.worker_interactive_service_account_name
+  value       = var.worker_interactive_service_account_name
   description = "The name of the service account for worker_interactive"
 }
 
 # worker_singletons
 output "worker_singletons_role_arn" {
-  value = module.worker_singletons_role[0].arn
+  value       = module.worker_singletons_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_singletons_service_account_name" {
-  value = var.worker_singletons_service_account_name
+  value       = var.worker_singletons_service_account_name
   description = "The name of the service account for worker_singletons"
 }
 
 # worker_lineage
 output "worker_lineage_role_arn" {
-  value = module.worker_lineage_role[0].arn
+  value       = module.worker_lineage_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_lineage_service_account_name" {
-  value = var.worker_lineage_service_account_name
+  value       = var.worker_lineage_service_account_name
   description = "The name of the service account for worker_lineage"
 }
 
 # worker_monitor
 output "worker_monitor_role_arn" {
-  value = module.worker_monitor_role[0].arn
+  value       = module.worker_monitor_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "worker_monitor_service_account_name" {
-  value = var.worker_monitor_service_account_name
+  value       = var.worker_monitor_service_account_name
   description = "The name of the service account for worker_monitor"
 }
 
 # storage_worker
 output "storage_worker_role_arn" {
-  value = module.storage_worker_role[0].arn
+  value       = module.storage_worker_role[0].arn
   description = "The ARN of the AWS Bedrock role"
 }
 output "storage_worker_service_account_name" {
-  value = var.storage_worker_service_account_name
+  value       = var.storage_worker_service_account_name
   description = "The name of the service account for storage_worker"
 }
 
 # Clickhouse backup
 output "clickhouse_backup_role_name" {
-  value = module.clickhouse_backup_role.arn
+  value       = module.clickhouse_backup_role.arn
   description = "The name of the role for clickhouse backups"
 }