terraform: add aws-eks-operator

[clstokes]

No description provided.

[clstokes]

@rajsinghtech, I'd appreciate your review when you have a chance.

[Copilot]

Pull request overview

This PR adds a new Terraform module for deploying an AWS EKS cluster with the Tailscale Kubernetes operator, enabling secure cluster access through Tailscale's mesh network.

• Introduces a complete Terraform configuration for EKS with Tailscale operator integration
• Configures provider authentication using AWS EKS token-based authentication
• Includes comprehensive documentation with deployment and verification instructions

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
terraform/aws/aws-eks-operator/versions.tf	Defines Terraform version constraints and configures AWS, Kubernetes, and Helm providers with EKS authentication
terraform/aws/aws-eks-operator/variables.tf	Declares Tailscale OAuth credentials as sensitive variables with validation rules
terraform/aws/aws-eks-operator/outputs.tf	Exports VPC ID, cluster name, namespace, and kubeconfig commands for cluster access
terraform/aws/aws-eks-operator/main.tf	Implements the main infrastructure including VPC, EKS cluster, and Tailscale operator Helm deployment
terraform/aws/aws-eks-operator/README.md	Provides comprehensive documentation for prerequisites, deployment steps, and verification procedures

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The API version "client.authentication.k8s.io/v1beta1" is deprecated. Kubernetes 1.24+ uses "client.authentication.k8s.io/v1" as the stable API version. Since the cluster version in main.tf is set to "1.34", this should be updated to use the stable v1 API version.

[Copilot]

The API version "client.authentication.k8s.io/v1beta1" is deprecated. Kubernetes 1.24+ uses "client.authentication.k8s.io/v1" as the stable API version. Since the cluster version in main.tf is set to "1.34", this should be updated to use the stable v1 API version.

[Copilot]

The apiServerProxyConfig mode should be a boolean value, not a string. Change mode = "true" to mode = true to ensure proper type handling.

Suggested change

	mode = "true"
	mode = true

[Copilot]

The sensitive values are already being set through the set_sensitive block below (lines 115-124). Including them in the yamlencode values block on lines 109-110 will expose these sensitive values in the Terraform state and logs. Remove the oauth block from the yamlencode section since set_sensitive will handle these values securely.

Suggested change

	oauth = {
	clientId = local.tailscale_oauth_client_id
	clientSecret = local.tailscale_oauth_client_secret
	}

[Copilot]

The data source is defined in the outputs file but would be more appropriately placed in a data.tf file or at the beginning of main.tf. Placing data sources at the end of an outputs file is unconventional and can make the code harder to maintain.

[Copilot]

The variable reference ${local.operator_name} in the README will not be interpolated when users read the documentation. This should be replaced with a concrete example value or instruction like "example-aws-eks-operator-operator" or use the actual terraform output command reference.

Suggested change

	tailscale configure kubeconfig ${local.operator_name}
	tailscale configure kubeconfig $(terraform output -raw operator_name)

[Copilot]

Missing description for output. All outputs should include a description field to document their purpose and usage, especially for user-facing command outputs.

Suggested change

	value = "tailscale configure kubeconfig ${local.operator_name}"
	}
	output "cmd_kubeconfig_aws" {
	value = "aws eks update-kubeconfig --region ${data.aws_region.current.region} --name ${module.eks.cluster_name}"
	description = "Command to configure kubeconfig for the EKS cluster using the Tailscale operator"
	value = "tailscale configure kubeconfig ${local.operator_name}"
	}
	output "cmd_kubeconfig_aws" {
	description = "AWS CLI command to configure kubeconfig for the EKS cluster"
	value = "aws eks update-kubeconfig --region ${data.aws_region.current.region} --name ${module.eks.cluster_name}"

[Copilot]

Missing description for output. All outputs should include a description field to document their purpose and usage, especially for user-facing command outputs.

Suggested change

	value = "tailscale configure kubeconfig ${local.operator_name}"
	}
	output "cmd_kubeconfig_aws" {
	value = "aws eks update-kubeconfig --region ${data.aws_region.current.region} --name ${module.eks.cluster_name}"
	description = "Command to configure kubectl using the Tailscale operator"
	value = "tailscale configure kubeconfig ${local.operator_name}"
	}
	output "cmd_kubeconfig_aws" {
	description = "AWS CLI command to configure kubectl for this EKS cluster"
	value = "aws eks update-kubeconfig --region ${data.aws_region.current.region} --name ${module.eks.cluster_name}"