From 1bf4f97d415b291935c1ae33c7a1d2bcdbb64b84 Mon Sep 17 00:00:00 2001
From: Ruchika Modi <ruchimo@amazon.com>
Date: Wed, 17 Jan 2024 14:28:17 +0000
Subject: [PATCH] Updating EKS container insights- Adding doc and fixing
 pre-commit errors

---
 docs/container-insights/eks.md              |  2 +-
 examples/eks-container-insights/README.md   | 12 ++++----
 examples/eks-container-insights/data.tf     |  7 +++++
 examples/eks-container-insights/main.tf     |  2 +-
 modules/eks-container-insights/README.md    | 31 +++++++++------------
 modules/eks-container-insights/data.tf      |  2 +-
 modules/eks-container-insights/locals.tf    |  1 -
 modules/eks-container-insights/main.tf      |  9 +++---
 modules/eks-container-insights/variables.tf | 17 ++++++-----
 9 files changed, 43 insertions(+), 40 deletions(-)
 create mode 100644 examples/eks-container-insights/data.tf

diff --git a/docs/container-insights/eks.md b/docs/container-insights/eks.md
index 5c58a4d1..4dd5ca01 100644
--- a/docs/container-insights/eks.md
+++ b/docs/container-insights/eks.md
@@ -48,7 +48,7 @@ Next, you have to update your Application to `Configure application metrics and
 1. **Annotate Workload** auto-instruments a single workload in the cluster.
     - Paste the below line into the PodTemplate section of the workload manifest.
     ```
-    annotations: instrumentation.opentelemetry.io/inject-java: "true" 
+    annotations: instrumentation.opentelemetry.io/inject-java: "true"
     ```
     - In your terminal, enter `kubectl apply -f your_deployment_yaml` to apply the change.
 
diff --git a/examples/eks-container-insights/README.md b/examples/eks-container-insights/README.md
index a87b34c9..4303c5b7 100644
--- a/examples/eks-container-insights/README.md
+++ b/examples/eks-container-insights/README.md
@@ -12,9 +12,6 @@ under **Amazon CloudWatch Container Insights**
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 2.0.3 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
@@ -41,10 +38,11 @@ under **Amazon CloudWatch Container Insights**
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | EKS cluster region | `string` | n/a | yes |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS cluster name | `string` | n/a | yes |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `null` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name | `string` | n/a | yes |
+| <a name="input_eks_cluster_domain"></a> [eks\_cluster\_domain](#input\_eks\_cluster\_domain) | The domain for the EKS cluster | `string` | `""` | no |
+| <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | The Kubernetes version for the cluster | `string` | `"1.28"` | no |
+| <a name="input_eks_oidc_provider"></a> [eks\_oidc\_provider](#input\_eks\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | `string` | `null` | no |
+| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | The OpenID Connect identity provider ARN | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
 
 ## Outputs
diff --git a/examples/eks-container-insights/data.tf b/examples/eks-container-insights/data.tf
new file mode 100644
index 00000000..096c5757
--- /dev/null
+++ b/examples/eks-container-insights/data.tf
@@ -0,0 +1,7 @@
+data "aws_partition" "current" {}
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+data "aws_eks_cluster" "eks_cluster" {
+  name = var.cluster_name
+}
\ No newline at end of file
diff --git a/examples/eks-container-insights/main.tf b/examples/eks-container-insights/main.tf
index b15743e4..4b02f8d8 100644
--- a/examples/eks-container-insights/main.tf
+++ b/examples/eks-container-insights/main.tf
@@ -1,5 +1,5 @@
 module "eks_container_insights" {
-  source                                    = "./modules/eks-container-insights"
+  source                                    = "../../modules/eks-container-insights"
   cluster_name                              = var.cluster_name
   enable_amazon_eks_cw_observability        = true
   create_cloudwatch_observability_irsa_role = true
diff --git a/modules/eks-container-insights/README.md b/modules/eks-container-insights/README.md
index d520688c..62004237 100644
--- a/modules/eks-container-insights/README.md
+++ b/modules/eks-container-insights/README.md
@@ -14,9 +14,6 @@ Use CloudWatch Container Insights to collect, aggregate, and summarize metrics a
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 2.0.3 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
@@ -28,15 +25,17 @@ Use CloudWatch Container Insights to collect, aggregate, and summarize metrics a
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.32.1 |
+| <a name="module_cloudwatch_observability_irsa_role"></a> [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | v5.33.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_eks_addon.amazon_cloudwatch_observability](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
+| [aws_iam_service_linked_role.application_signals_cw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_linked_role) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_addon_version.eks_addon_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
 | [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_iam_policy.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -44,21 +43,17 @@ Use CloudWatch Container Insights to collect, aggregate, and summarize metrics a
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aws_cloudwatch_metrics_chart_verison"></a> [aws\_cloudwatch\_metrics\_chart\_verison](#input\_aws\_cloudwatch\_metrics\_chart\_verison) | AWS CloudWatch Observability Metrics helm chart version | `string` | `"0.0.7"` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for adot-exporter-for-eks-on-ec2 | `any` | `{}` | no |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `null` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
+| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed CloudWatch Observability Add-on config | `any` | `{}` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `"eks-cw"` | no |
+| <a name="input_create_cloudwatch_application_signals_role"></a> [create\_cloudwatch\_application\_signals\_role](#input\_create\_cloudwatch\_application\_signals\_role) | Create a Cloudwatch Application Signals service-linked role | `string` | `true` | no |
+| <a name="input_create_cloudwatch_observability_irsa_role"></a> [create\_cloudwatch\_observability\_irsa\_role](#input\_create\_cloudwatch\_observability\_irsa\_role) | Create a Cloudwatch Observability IRSA | `string` | `true` | no |
+| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | The OIDC Provider ARN of AWS EKS cluster | `string` | `""` | no |
+| <a name="input_enable_amazon_eks_cw_observability"></a> [enable\_amazon\_eks\_cw\_observability](#input\_enable\_amazon\_eks\_cw\_observability) | Enable Amazon EKS CloudWatch Observability add-on | `bool` | `false` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version | `string` | `"1.28"` | no |
+| <a name="input_most_recent"></a> [most\_recent](#input\_most\_recent) | Most Recent | `string` | `"false"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
+No outputs.
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/eks-container-insights/data.tf b/modules/eks-container-insights/data.tf
index 096c5757..500e4476 100644
--- a/modules/eks-container-insights/data.tf
+++ b/modules/eks-container-insights/data.tf
@@ -4,4 +4,4 @@ data "aws_region" "current" {}
 
 data "aws_eks_cluster" "eks_cluster" {
   name = var.cluster_name
-}
\ No newline at end of file
+}
diff --git a/modules/eks-container-insights/locals.tf b/modules/eks-container-insights/locals.tf
index d1a43f17..98e169c9 100644
--- a/modules/eks-container-insights/locals.tf
+++ b/modules/eks-container-insights/locals.tf
@@ -1,5 +1,4 @@
 locals {
-  name                = "amazon-cloudwatch-observability"
   kubernetes_version  = var.kubernetes_version
   eks_oidc_issuer_url = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "")
 
diff --git a/modules/eks-container-insights/main.tf b/modules/eks-container-insights/main.tf
index 0b7e816a..33657757 100644
--- a/modules/eks-container-insights/main.tf
+++ b/modules/eks-container-insights/main.tf
@@ -3,9 +3,10 @@ locals {
 }
 
 module "cloudwatch_observability_irsa_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  count  = var.create_cloudwatch_observability_irsa_role ? 1 : 0
+  count = var.create_cloudwatch_observability_irsa_role ? 1 : 0
 
+  source                                 = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version                                = "v5.33.0"
   role_name                              = "cloudwatch-observability"
   attach_cloudwatch_observability_policy = true
 
@@ -23,7 +24,7 @@ data "aws_eks_addon_version" "eks_addon_version" {
   most_recent        = var.most_recent
 }
 
-resource "aws_eks_addon" "amazon-cloudwatch-observability" {
+resource "aws_eks_addon" "amazon_cloudwatch_observability" {
   count = var.enable_amazon_eks_cw_observability ? 1 : 0
 
   cluster_name                = var.cluster_name
@@ -40,7 +41,7 @@ resource "aws_eks_addon" "amazon-cloudwatch-observability" {
   )
 }
 
-resource "aws_iam_service_linked_role" "application-signals-cw" {
+resource "aws_iam_service_linked_role" "application_signals_cw" {
   count            = var.create_cloudwatch_application_signals_role ? 1 : 0
   aws_service_name = "application-signals.cloudwatch.amazonaws.com"
 }
diff --git a/modules/eks-container-insights/variables.tf b/modules/eks-container-insights/variables.tf
index 491edb1c..599177a2 100644
--- a/modules/eks-container-insights/variables.tf
+++ b/modules/eks-container-insights/variables.tf
@@ -1,6 +1,7 @@
 variable "cluster_name" {
-  default = "eks-cw"
-  type    = string
+  description = "Name of the EKS cluster"
+  default     = "eks-cw"
+  type        = string
 }
 
 variable "enable_amazon_eks_cw_observability" {
@@ -22,13 +23,15 @@ variable "kubernetes_version" {
 }
 
 variable "most_recent" {
-  type    = string
-  default = "false"
+  description = "Most Recent"
+  type        = string
+  default     = "false"
 }
 
 variable "eks_oidc_provider_arn" {
-  type    = string
-  default = ""
+  description = "The OIDC Provider ARN of AWS EKS cluster"
+  type        = string
+  default     = ""
 }
 
 variable "create_cloudwatch_observability_irsa_role" {
@@ -47,4 +50,4 @@ variable "tags" {
   description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
   type        = map(string)
   default     = {}
-}
\ No newline at end of file
+}