Initial kubernetes / aws platform infrastructure

[obriensystems]

• https://github.com/ObrienlabsDev/blog/wiki/Architecture

[obriensystems]

ichaelobrien@mbp7 modules % terraform init     
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

[obriensystems]

michaelobrien@mbp7 modules % terraform plan                               
data.aws_availability_zones.available: Reading...
data.aws_availability_zones.available: Read complete after 1s [id=us-east-1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_eks_cluster.eks_cluster will be created
  + resource "aws_eks_cluster" "eks_cluster" {
      + arn                       = (known after apply)
      + certificate_authority     = (known after apply)
      + cluster_id                = (known after apply)
      + created_at                = (known after apply)
      + enabled_cluster_log_types = [
          + "api",
          + "audit",
          + "authenticator",
          + "controllerManager",
          + "scheduler",
        ]
      + endpoint                  = (known after apply)
      + id                        = (known after apply)
      + identity                  = (known after apply)
      + name                      = "example-eks-cluster"
      + platform_version          = (known after apply)
      + role_arn                  = (known after apply)
      + status                    = (known after apply)
      + tags                      = {
          + "Name" = "eks-cluster"
        }
      + tags_all                  = {
          + "Name" = "eks-cluster"
        }
      + version                   = "1.31"

      + kubernetes_network_config (known after apply)

      + vpc_config {
          + cluster_security_group_id = (known after apply)
          + endpoint_private_access   = false
          + endpoint_public_access    = true
          + public_access_cidrs       = [
              + "0.0.0.0/0",
            ]
          + subnet_ids                = (known after apply)
          + vpc_id                    = (known after apply)
        }
    }

  # aws_eks_node_group.eks_node_group will be created
  + resource "aws_eks_node_group" "eks_node_group" {
      + ami_type               = (known after apply)
      + arn                    = (known after apply)
      + capacity_type          = (known after apply)
      + cluster_name           = "example-eks-cluster"
      + disk_size              = (known after apply)
      + id                     = (known after apply)
      + instance_types         = [
          + "t3.medium",
        ]
      + node_group_name        = "eks-node-group"
      + node_group_name_prefix = (known after apply)
      + node_role_arn          = (known after apply)
      + release_version        = (known after apply)
      + resources              = (known after apply)
      + status                 = (known after apply)
      + subnet_ids             = (known after apply)
      + tags                   = {
          + "Name" = "my-node-group"
        }
      + tags_all               = {
          + "Name" = "my-node-group"
        }
      + version                = (known after apply)

      + scaling_config {
          + desired_size = 2
          + max_size     = 3
          + min_size     = 1
        }

      + update_config (known after apply)
    }

  # aws_iam_role.eks_cluster_role will be created
  + resource "aws_iam_role" "eks_cluster_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "eks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "eks-cluster-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + role_last_used        = (known after apply)
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy will be created
  + resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSClusterPolicy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
      + role       = "eks-cluster-role"
    }

  # aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly will be created
  + resource "aws_iam_role_policy_attachment" "eks-node-AmazonEC2ContainerRegistryReadOnly" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
      + role       = "eks-cluster-role"
    }

  # aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy will be created
  + resource "aws_iam_role_policy_attachment" "eks-node-AmazonEKSWorkerNodePolicy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
      + role       = "eks-cluster-role"
    }

  # aws_subnet.private_subnet_1 will be created
  + resource "aws_subnet" "private_subnet_1" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name" = "eks-private-subnet-1"
        }
      + tags_all                                       = {
          + "Name" = "eks-private-subnet-1"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnet_2 will be created
  + resource "aws_subnet" "private_subnet_2" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name" = "eks-private-subnet-2"
        }
      + tags_all                                       = {
          + "Name" = "eks-private-subnet-2"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.eks_vpc will be created
  + resource "aws_vpc" "eks_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_classiclink                   = (known after apply)
      + enable_classiclink_dns_support       = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "eks-vpc"
        }
      + tags_all                             = {
          + "Name" = "eks-vpc"
        }
    }

Plan: 9 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────

apply

Plan: 9 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_iam_role.eks_cluster_role: Creating...
aws_vpc.eks_vpc: Creating...
aws_iam_role.eks_cluster_role: Creation complete after 1s [id=eks-cluster-role]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Creating...
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Creating...
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Creating...
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Creation complete after 0s [id=eks-cluster-role-20241030022900957500000001]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Creation complete after 0s [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Creation complete after 0s [id=eks-cluster-role-20241030022901100500000003]
aws_vpc.eks_vpc: Creation complete after 2s [id=vpc-0b1cdd805dcb295a7]
aws_subnet.private_subnet_1: Creating...
aws_subnet.private_subnet_2: Creating...
aws_subnet.private_subnet_2: Creation complete after 1s [id=subnet-0b1864ff8053ea05f]
aws_subnet.private_subnet_1: Creation complete after 1s [id=subnet-068e4d3fe6ad6bf3f]
aws_eks_cluster.eks_cluster: Creating...
aws_eks_cluster.eks_cluster: Still creating... [10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [1m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [2m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [3m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [4m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [5m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [6m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [7m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m0s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m10s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m20s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m30s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m40s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [8m50s elapsed]
aws_eks_cluster.eks_cluster: Still creating... [9m0s elapsed]
aws_eks_cluster.eks_cluster: Creation complete after 9m6s [id=example-eks-cluster]
aws_eks_node_group.eks_node_group: Creating...
╷
│ Error: creating EKS Node Group (example-eks-cluster:eks-node-group): InvalidParameterException: Following required service principals [ec2.amazonaws.com] were not found in the trust relationships of nodeRole arn:aws:iam::453279094200:role/eks-cluster-role
│ {
│   RespMetadata: {
│     StatusCode: 400,
│     RequestID: "e45c0b6f-5664-49f0-8382-e05c098be3a9"
│   },
│   ClusterName: "example-eks-cluster",
│   Message_: "Following required service principals [ec2.amazonaws.com] were not found in the trust relationships of nodeRole arn:aws:iam::453279094200:role/eks-cluster-role",
│   NodegroupName: "eks-node-group"
│ }
│ 
│   with aws_eks_node_group.eks_node_group,
│   on eks.tf line 119, in resource "aws_eks_node_group" "eks_node_group":
│  119: resource "aws_eks_node_group" "eks_node_group" {
│ 
╵

[obriensystems]

comment out node group for now

michaelobrien@mbp7 modules % terraform plan 
data.aws_availability_zones.available: Reading...
aws_vpc.eks_vpc: Refreshing state... [id=vpc-0b1cdd805dcb295a7]
aws_iam_role.eks_cluster_role: Refreshing state... [id=eks-cluster-role]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Refreshing state... [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Refreshing state... [id=eks-cluster-role-20241030022901100500000003]
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Refreshing state... [id=eks-cluster-role-20241030022900957500000001]
aws_subnet.private_subnet_1: Refreshing state... [id=subnet-068e4d3fe6ad6bf3f]
aws_subnet.private_subnet_2: Refreshing state... [id=subnet-0b1864ff8053ea05f]
aws_eks_cluster.eks_cluster: Refreshing state... [id=example-eks-cluster]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
michaelobrien@mbp7 modules % terraform apply
data.aws_availability_zones.available: Reading...
aws_vpc.eks_vpc: Refreshing state... [id=vpc-0b1cdd805dcb295a7]
aws_iam_role.eks_cluster_role: Refreshing state... [id=eks-cluster-role]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Refreshing state... [id=eks-cluster-role-20241030022901100500000003]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Refreshing state... [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Refreshing state... [id=eks-cluster-role-20241030022900957500000001]
aws_subnet.private_subnet_1: Refreshing state... [id=subnet-068e4d3fe6ad6bf3f]
aws_subnet.private_subnet_2: Refreshing state... [id=subnet-0b1864ff8053ea05f]
aws_eks_cluster.eks_cluster: Refreshing state... [id=example-eks-cluster]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

[obriensystems]

check extended support costs

[obriensystems]

downgrade kubernetes cluster from 1.31 to 1.30

michaelobrien@mbp7 modules % terraform plan                         
data.aws_availability_zones.available: Reading...
aws_vpc.eks_vpc: Refreshing state... [id=vpc-0b1cdd805dcb295a7]
aws_iam_role.eks_cluster_role: Refreshing state... [id=eks-cluster-role]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Refreshing state... [id=eks-cluster-role-20241030022901100500000003]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Refreshing state... [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Refreshing state... [id=eks-cluster-role-20241030022900957500000001]
aws_subnet.private_subnet_2: Refreshing state... [id=subnet-0b1864ff8053ea05f]
aws_subnet.private_subnet_1: Refreshing state... [id=subnet-068e4d3fe6ad6bf3f]
aws_eks_cluster.eks_cluster: Refreshing state... [id=example-eks-cluster]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_eks_cluster.eks_cluster will be updated in-place
  ~ resource "aws_eks_cluster" "eks_cluster" {
        id                        = "example-eks-cluster"
        name                      = "example-eks-cluster"
        tags                      = {
            "Name" = "eks-cluster"
        }
      ~ version                   = "1.31" -> "1.30"
        # (10 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[obriensystems]

need to destroy - downgrade not possible

aws_eks_cluster.eks_cluster: Modifying... [id=example-eks-cluster]
╷
│ Error: updating EKS Cluster (example-eks-cluster) version: InvalidParameterException: Unsupported Kubernetes minor version update from 1.31 to 1.30
│ {
│   RespMetadata: {
│     StatusCode: 400,
│     RequestID: "cedb31ff-c03a-48ea-828b-b7225a300f8f"
│   },
│   ClusterName: "example-eks-cluster",
│   Message_: "Unsupported Kubernetes minor version update from 1.31 to 1.30"
│ }
│ 
│   with aws_eks_cluster.eks_cluster,
│   on eks.tf line 16, in resource "aws_eks_cluster" "eks_cluster":
│   16: resource "aws_eks_cluster" "eks_cluster" {
│ 
╵
michaelobrien@mbp7 modules % 

[obriensystems]

destroy

michaelobrien@mbp7 modules % terraform destroy                      
data.aws_availability_zones.available: Reading...
aws_vpc.eks_vpc: Refreshing state... [id=vpc-0b1cdd805dcb295a7]
aws_iam_role.eks_cluster_role: Refreshing state... [id=eks-cluster-role]
data.aws_availability_zones.available: Read complete after 1s [id=us-east-1]
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Refreshing state... [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Refreshing state... [id=eks-cluster-role-20241030022901100500000003]
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Refreshing state... [id=eks-cluster-role-20241030022900957500000001]
aws_subnet.private_subnet_2: Refreshing state... [id=subnet-0b1864ff8053ea05f]
aws_subnet.private_subnet_1: Refreshing state... [id=subnet-068e4d3fe6ad6bf3f]
aws_eks_cluster.eks_cluster: Refreshing state... [id=example-eks-cluster]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_eks_cluster.eks_cluster will be destroyed
  - resource "aws_eks_cluster" "eks_cluster" {
      - arn                       = "arn:aws:eks:us-east-1:453279094200:cluster/example-eks-cluster" -> null
      - certificate_authority     = [
          - {
              - data = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTVVsTFZRaHVaMHd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRFd016QXdNalUzTURGYUZ3MHpOREV3TWpnd016QXlNREZhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURMS2pWdTl1K3BneEhBaWM4Z2loaERWYnJHUkRVNnk3T0lnY2xqNnZVcXYzRnBMcThlY1NZMXZSY2QKUkRvaVh1ZEg3S3ZOd1lNQlRxRkVDQ1FHWGFUSmd6WFozeXZQNVJ3UlZrajJwUW9ZUFlQNTQ5ZitnY2NBcTJaWQowSEEvYlhQMmZpN3hjdUZkY21wUXBteXhEdTNYTGppeGxUVkE1NDZrQVlFb1N2TGZ1NFEzckU5Tk1oOHppZ0NGCi81ai9raXBZRHh2U2VVTlE5ZElveUg1R3B3MGIycm01WWYvTUN2TmpERHA5Wk5ONWNmcHRPZEppMzJ0TXdEQXQKbVhxUGRHOTBWdGpSU2NLeFBuUWlsQ2QrYjZmTXRyVlRQaXd6V01KWVZWRVorU2h4TjY5VUdIQ0FPcEFoUi9uWgpZQlVnRlMvdnQrT0VWTENSbWF1anh5aUhubDN0QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRdUkvYnArNDRHMXBzc2tjRDJLSkxqeFpPRzVEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQnB3QStTRWZZeApwOFNndDZLSXZnazlBYjgrbW1XM3c4TkpFZ2IweS9jKzE4UWczOU1sU0xNME1QdDh1RVhKeDN6K0xxS1JEYTlTClVQcHVjWDRXTGphbHkzRkFMWDlyd25YcTZyYm1UWUtqYm5QUkJLcEJrWi9LUmpsbGhvbnNud0hJY3Z2QURzNVMKd3pybGVRMmg3MTRIRVRqT0dwQUdOQUo5Qnc0Rkw5bHRzUHovQ0k0UThrbHRrRGNPeVNlekJZNTd2YWRBUUFZbQp4aHRZTTEyWFR3N0FDWlBKZEovNVlqL1ZBdTVpOVA2WWQ5bGJyWTJqOGJFSnBzVi8zN2VpeUE2WE1QWVJMWE00CjMyb2Rwc3NSUm9DMFdyMS94eGorUWFIbGEyYkRQRU9oOVEycWtobkpkdHB4WEU0K3BmcFlWeThyblZ5OWtBbWsKbUNoNFY5RXM3a2YzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
            },
        ] -> null
      - created_at                = "2024-10-30 02:56:49.37 +0000 UTC" -> null
      - enabled_cluster_log_types = [
          - "api",
          - "audit",
          - "authenticator",
          - "controllerManager",
          - "scheduler",
        ] -> null
      - endpoint                  = "https://919DCCD681EF5D9ACAE6BB2D998E5D34.gr7.us-east-1.eks.amazonaws.com" -> null
      - id                        = "example-eks-cluster" -> null
      - identity                  = [
          - {
              - oidc = [
                  - {
                      - issuer = "https://oidc.eks.us-east-1.amazonaws.com/id/919DCCD681EF5D9ACAE6BB2D998E5D34"
                    },
                ]
            },
        ] -> null
      - name                      = "example-eks-cluster" -> null
      - platform_version          = "eks.12" -> null
      - role_arn                  = "arn:aws:iam::453279094200:role/eks-cluster-role" -> null
      - status                    = "ACTIVE" -> null
      - tags                      = {
          - "Name" = "eks-cluster"
        } -> null
      - tags_all                  = {
          - "Name" = "eks-cluster"
        } -> null
      - version                   = "1.30" -> null

      - kubernetes_network_config {
          - ip_family         = "ipv4" -> null
          - service_ipv4_cidr = "172.20.0.0/16" -> null
            # (1 unchanged attribute hidden)
        }

      - vpc_config {
          - cluster_security_group_id = "sg-00da8008d457b4647" -> null
          - endpoint_private_access   = false -> null
          - endpoint_public_access    = true -> null
          - public_access_cidrs       = [
              - "0.0.0.0/0",
            ] -> null
          - security_group_ids        = [] -> null
          - subnet_ids                = [
              - "subnet-068e4d3fe6ad6bf3f",
              - "subnet-0b1864ff8053ea05f",
            ] -> null
          - vpc_id                    = "vpc-0b1cdd805dcb295a7" -> null
        }
    }

  # aws_iam_role.eks_cluster_role will be destroyed
  - resource "aws_iam_role" "eks_cluster_role" {
      - arn                   = "arn:aws:iam::453279094200:role/eks-cluster-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "eks.amazonaws.com"
                        }
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2024-10-30T02:29:00Z" -> null
      - force_detach_policies = false -> null
      - id                    = "eks-cluster-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
          - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
          - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "eks-cluster-role" -> null
      - path                  = "/" -> null
      - role_last_used        = [
          - {
              - last_used_date = "2024-10-30T02:35:05Z"
              - region         = "us-east-1"
            },
        ] -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - unique_id             = "AROAWTCMKCW4EZT4GH6IV" -> null
        # (2 unchanged attributes hidden)
    }

  # aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy will be destroyed
  - resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSClusterPolicy" {
      - id         = "eks-cluster-role-20241030022900957500000001" -> null
      - policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" -> null
      - role       = "eks-cluster-role" -> null
    }

  # aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly will be destroyed
  - resource "aws_iam_role_policy_attachment" "eks-node-AmazonEC2ContainerRegistryReadOnly" {
      - id         = "eks-cluster-role-20241030022901059500000002" -> null
      - policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" -> null
      - role       = "eks-cluster-role" -> null
    }

  # aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy will be destroyed
  - resource "aws_iam_role_policy_attachment" "eks-node-AmazonEKSWorkerNodePolicy" {
      - id         = "eks-cluster-role-20241030022901100500000003" -> null
      - policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" -> null
      - role       = "eks-cluster-role" -> null
    }

  # aws_subnet.private_subnet_1 will be destroyed
  - resource "aws_subnet" "private_subnet_1" {
      - arn                                            = "arn:aws:ec2:us-east-1:453279094200:subnet/subnet-068e4d3fe6ad6bf3f" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-east-1a" -> null
      - availability_zone_id                           = "use1-az1" -> null
      - cidr_block                                     = "10.0.1.0/24" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-068e4d3fe6ad6bf3f" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "453279094200" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Name" = "eks-private-subnet-1"
        } -> null
      - tags_all                                       = {
          - "Name" = "eks-private-subnet-1"
        } -> null
      - vpc_id                                         = "vpc-0b1cdd805dcb295a7" -> null
        # (4 unchanged attributes hidden)
    }

  # aws_subnet.private_subnet_2 will be destroyed
  - resource "aws_subnet" "private_subnet_2" {
      - arn                                            = "arn:aws:ec2:us-east-1:453279094200:subnet/subnet-0b1864ff8053ea05f" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-east-1b" -> null
      - availability_zone_id                           = "use1-az2" -> null
      - cidr_block                                     = "10.0.2.0/24" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-0b1864ff8053ea05f" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "453279094200" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Name" = "eks-private-subnet-2"
        } -> null
      - tags_all                                       = {
          - "Name" = "eks-private-subnet-2"
        } -> null
      - vpc_id                                         = "vpc-0b1cdd805dcb295a7" -> null
        # (4 unchanged attributes hidden)
    }

  # aws_vpc.eks_vpc will be destroyed
  - resource "aws_vpc" "eks_vpc" {
      - arn                                  = "arn:aws:ec2:us-east-1:453279094200:vpc/vpc-0b1cdd805dcb295a7" -> null
      - assign_generated_ipv6_cidr_block     = false -> null
      - cidr_block                           = "10.0.0.0/16" -> null
      - default_network_acl_id               = "acl-0f22dd5b0f82fffd0" -> null
      - default_route_table_id               = "rtb-000d0e7cfdb5df5c2" -> null
      - default_security_group_id            = "sg-01bfe91ec145bfd9b" -> null
      - dhcp_options_id                      = "dopt-1c6b737e" -> null
      - enable_classiclink                   = false -> null
      - enable_classiclink_dns_support       = false -> null
      - enable_dns_hostnames                 = false -> null
      - enable_dns_support                   = true -> null
      - enable_network_address_usage_metrics = false -> null
      - id                                   = "vpc-0b1cdd805dcb295a7" -> null
      - instance_tenancy                     = "default" -> null
      - ipv6_netmask_length                  = 0 -> null
      - main_route_table_id                  = "rtb-000d0e7cfdb5df5c2" -> null
      - owner_id                             = "453279094200" -> null
      - tags                                 = {
          - "Name" = "eks-vpc"
        } -> null
      - tags_all                             = {
          - "Name" = "eks-vpc"
        } -> null
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 0 to change, 8 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Destroying... [id=eks-cluster-role-20241030022901059500000002]
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Destroying... [id=eks-cluster-role-20241030022900957500000001]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Destroying... [id=eks-cluster-role-20241030022901100500000003]
aws_eks_cluster.eks_cluster: Destroying... [id=example-eks-cluster]
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Destruction complete after 0s
aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy: Destruction complete after 0s
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Destruction complete after 1s
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 10s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 20s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 30s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 40s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 50s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m0s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m10s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m20s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m30s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m40s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 1m50s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 2m0s elapsed]
aws_eks_cluster.eks_cluster: Still destroying... [id=example-eks-cluster, 2m10s elapsed]
aws_eks_cluster.eks_cluster: Destruction complete after 2m15s
aws_subnet.private_subnet_1: Destroying... [id=subnet-068e4d3fe6ad6bf3f]
aws_subnet.private_subnet_2: Destroying... [id=subnet-0b1864ff8053ea05f]
aws_iam_role.eks_cluster_role: Destroying... [id=eks-cluster-role]
aws_iam_role.eks_cluster_role: Destruction complete after 1s
aws_subnet.private_subnet_2: Destruction complete after 1s
aws_subnet.private_subnet_1: Destruction complete after 1s
aws_vpc.eks_vpc: Destroying... [id=vpc-0b1cdd805dcb295a7]
aws_vpc.eks_vpc: Destruction complete after 1s

Destroy complete! Resources: 8 destroyed.
michaelobrien@mbp7 modules %