PSPDFKit · tomassurin · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
diff --git a/examples/de-aws-eks/modules/document-engine-storage/utility.tf b/examples/de-aws-eks/modules/document-engine-storage/utility.tf
@@ -10,7 +10,7 @@ data "aws_caller_identity" "current" {}
 data "aws_default_tags" "current" {}
 
 locals {
-  aws_region_name = data.aws_region.current.name
+  aws_region_name = data.aws_region.current.id
   aws_account_id  = data.aws_caller_identity.current.account_id
   default_tags    = data.aws_default_tags.current.tags
 

diff --git a/examples/de-aws-eks/modules/document-engine-storage/variables.tf b/examples/de-aws-eks/modules/document-engine-storage/variables.tf
@@ -20,7 +20,7 @@ locals {
   cluster_oidc_provider_arn          = var.cluster_info["cluster_oidc_provider_arn"]
   cluster_endpoint                   = var.cluster_info["cluster_endpoint"]
   cluster_certificate_authority_data = var.cluster_info["cluster_certificate_authority_data"]
-  containers_log_group_prefix_ec2    = var.cluster_info["containers_log_group_prefix_ec2"]
+  containers_log_group_prefix        = var.cluster_info["containers_log_group_prefix"]
 }
 
 variable "database_properties" {

diff --git a/examples/de-aws-eks/modules/eks-cluster/compute.tf b/examples/de-aws-eks/modules/eks-cluster/compute.tf
@@ -114,7 +114,7 @@ data "aws_iam_policy_document" "additional_node_policy" {
       "logs:putRetentionPolicy"
     ]
     resources = [
-      "arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix_ec2}/*",
+      "arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix}/*",
     ]
   }
 }

diff --git a/examples/de-aws-eks/modules/eks-cluster/keys.tf b/examples/de-aws-eks/modules/eks-cluster/keys.tf
@@ -52,7 +52,7 @@ data "aws_iam_policy_document" "kms_logging_policy" {
     condition {
       test     = "ArnLike"
       variable = "kms:EncryptionContext:aws:logs:arn"
-      values   = ["arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:*"]
+      values   = ["arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix}/*"]
     }
   }
 }
diff --git a/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf b/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf
@@ -10,9 +10,10 @@ locals {
 }
 
 module "load_balancer_controller_irsa_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  version = "~> 6.0"
 
-  role_name                              = "${var.cluster_name}-AmazonEKS-LoadBalancerController-Role"
+  name                                   = "${var.cluster_name}-ALB-Role"
   attach_load_balancer_controller_policy = true
 
   oidc_providers = {
@@ -39,7 +40,7 @@ resource "helm_release" "aws-load-balancer-controller" {
   values = [
     templatefile("${path.module}/load-balancer-controller.values.yaml.tftpl", {
       service_account_name     = local.load_balancer_controller_service_account_name
-      service_account_role_arn = module.load_balancer_controller_irsa_role.iam_role_arn
+      service_account_role_arn = module.load_balancer_controller_irsa_role.arn
       aws_region               = local.aws_region_name
       cluster_name             = var.cluster_name
       vpc_id                   = module.cluster_vpc.vpc_id

diff --git a/examples/de-aws-eks/modules/eks-cluster/logging.tf b/examples/de-aws-eks/modules/eks-cluster/logging.tf
@@ -14,7 +14,7 @@ resource "helm_release" "aws-for-fluent-bit" {
     templatefile("${path.module}/logging-ec2_fluentbit.values.yaml.tftpl",
       {
         aws_region         = local.aws_region_name
-        log_group_prefix   = local.containers_log_group_prefix_ec2
+        log_group_prefix   = local.containers_log_group_prefix
         log_stream_prefix  = "k-"
         log_retention_days = var.container_log_retention_days
         checksum_values    = filemd5("${path.module}/logging-ec2_fluentbit.values.yaml.tftpl")

diff --git a/examples/de-aws-eks/modules/eks-cluster/main.tf b/examples/de-aws-eks/modules/eks-cluster/main.tf
@@ -6,29 +6,30 @@
 # 
 locals {
   #
-  # Cluster log group name is hardcoded: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L115
+  # Cluster log group name is hardcoded: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L236
   # So we follow the pattern
   #
-  containers_log_group_prefix_ec2 = "/aws/eks/${var.cluster_name}/ec2"
+  containers_log_group_prefix = "/aws/eks/${var.cluster_name}"
 }
 
 module "cluster_eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20"
+  version = "~> 21.0"
+
+  name                   = var.cluster_name
+  kubernetes_version     = var.cluster_version
+  endpoint_public_access = var.cluster_endpoint_public_access
 
-  cluster_name                             = var.cluster_name
-  cluster_version                          = var.cluster_version
-  cluster_endpoint_public_access           = var.cluster_endpoint_public_access
   enable_cluster_creator_admin_permissions = true
   create_kms_key                           = true
 
-  cluster_addons = {
+  addons = {
     kube-proxy = { most_recent = true }
     coredns    = { most_recent = true }
     vpc-cni = {
       most_recent              = true
       before_compute           = true
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+      service_account_role_arn = module.vpc_cni_irsa.arn
     }
   }
 
@@ -39,18 +40,17 @@ module "cluster_eks" {
   cloudwatch_log_group_kms_key_id        = aws_kms_key.cluster_eks_logs.arn
   cloudwatch_log_group_retention_in_days = var.cluster_log_retention_days
 
-  eks_managed_node_group_defaults = local.eks_managed_node_group_defaults
-  eks_managed_node_groups         = local.eks_managed_node_groups
+  eks_managed_node_groups = local.eks_managed_node_groups
 
   tags = {
-    "karpenter.sh/discovery" = var.cluster_name
   }
 }
 
 module "vpc_cni_irsa" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
+  version = "~> 6.0"
 
-  role_name             = "${var.cluster_name}-AmazonEKS-VPC-CNI-Role"
+  name                  = "${var.cluster_name}-CNI-Role"
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
   vpc_cni_enable_ipv6   = false

diff --git a/examples/de-aws-eks/modules/eks-cluster/outputs.tf b/examples/de-aws-eks/modules/eks-cluster/outputs.tf
@@ -38,7 +38,7 @@ output "cluster_info" {
     cluster_endpoint                   = module.cluster_eks.cluster_endpoint
     cluster_version                    = module.cluster_eks.cluster_version
     cluster_certificate_authority_data = module.cluster_eks.cluster_certificate_authority_data
-    containers_log_group_prefix_ec2    = local.containers_log_group_prefix_ec2
+    containers_log_group_prefix        = local.containers_log_group_prefix
   }
 }
 

diff --git a/examples/de-aws-eks/modules/eks-cluster/utility.tf b/examples/de-aws-eks/modules/eks-cluster/utility.tf
@@ -10,7 +10,7 @@ data "aws_caller_identity" "current" {}
 data "aws_default_tags" "current" {}
 
 locals {
-  aws_region_name = data.aws_region.current.name
+  aws_region_name = data.aws_region.current.id
   aws_account_id  = data.aws_caller_identity.current.account_id
   default_tags    = data.aws_default_tags.current.tags
 

diff --git a/examples/de-aws-eks/storage.tf b/examples/de-aws-eks/storage.tf
@@ -13,7 +13,7 @@ module "document_engine_storage" {
     username                     = "nutrient"
     db_name                      = local.document_engine_db_name
     ec2_instance_type            = "db.t3.micro"
-    postgres_engine_version      = "15.4"
+    postgres_engine_version      = "15.14"
     postgres_parameter_family    = "postgres15"
     publicly_accessible          = false
     preferred_maintenance_window = "sun:05:00-sun:06:00"

diff --git a/examples/de-aws-eks/terraform.tfvars b/examples/de-aws-eks/terraform.tfvars
@@ -5,7 +5,7 @@ document_engine = {
   logging_level      = "debug"
   namespace_name     = "nutrient-document-engine"
   helm_release_name  = "document-engine"
-  helm_chart_version = "" # get the latest
+  helm_chart_version = "5.4.0"
 }
 
 # AWS
@@ -30,6 +30,6 @@ cluster_nodes_count       = 1
 
 # Versions
 
-cluster_version                                 = "1.30"
+cluster_version                                 = "1.33"
 aws_for_fluent_bit_helm_chart_version           = "0.1.34"
 aws_load_balancer_controller_helm_chart_version = "1.9.0"
diff --git a/examples/de-aws-eks/utility.tf b/examples/de-aws-eks/utility.tf
@@ -50,7 +50,7 @@ data "aws_ecrpublic_authorization_token" "token" {
 
 locals {
   azs             = slice(data.aws_availability_zones.available.names, 0, 3)
-  aws_region_name = data.aws_region.current.name
+  aws_region_name = data.aws_region.current.id
   aws_account_id  = data.aws_caller_identity.current.account_id
 }
 
@@ -68,15 +68,15 @@ provider "kubernetes" {
 }
 
 provider "helm" {
-  kubernetes {
+  kubernetes = {
     host                   = module.kubernetes_cluster.cluster_endpoint
     cluster_ca_certificate = base64decode(module.kubernetes_cluster.cluster_certificate_authority_data)
     token                  = data.aws_eks_cluster_auth.default.token
   }
 
-  registry {
+  registries = [{
     url      = "oci://public.ecr.aws/"
     password = data.aws_ecrpublic_authorization_token.token.password
     username = "AWS"
-  }
+  }]
 }