feat: add cluster encryption config support to aws_eks module

[wolf31o2]

This PR corrects the parameter name for cluster encryption configuration in the aws_eks module, changing from cluster_encryption_config to encryption_config to match the upstream terraform-aws-modules/eks/aws module.

---

Summary by cubic

Updated the aws_eks module to use encryption_config (instead of cluster_encryption_config) for EKS cluster secret encryption. Aligns with terraform-aws-modules/eks/aws and ensures KMS envelope encryption is configured correctly.

^{Written for commit fd17259. Summary will update automatically on new commits.}

Summary by CodeRabbit

• Refactor
  • Updated infrastructure configuration parameter naming for improved consistency in EKS module inputs.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A variable renaming refactoring is performed across two Terraform configuration files. The variable cluster_encryption_config is renamed to encryption_config in aws_eks/variables.tf, and the corresponding module input parameter mapping in aws_eks/eks.tf is updated to reference the new variable name. The variable's structure, type, description, and default values remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Straightforward, consistent naming refactoring across only two files
• No logic or structural changes; purely cosmetic variable name updates
• Homogeneous changes (identical pattern applied uniformly)
• Simple verification needed to ensure parameter mappings remain aligned

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title claims to 'add cluster encryption config support' but the changeset only renames an existing parameter from cluster_encryption_config to encryption_config without adding new functionality.	Update the title to reflect the actual change, e.g., 'refactor: rename cluster_encryption_config to encryption_config in aws_eks module' or 'fix: align encryption_config parameter with upstream terraform-aws-modules/eks/aws module'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/eks-secret-encryption

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

aws_eks/eks.tf (1)

5-12: Consider documenting the breaking change.

Renaming a public module input parameter is a breaking change. Consumers of this module who currently use cluster_encryption_config will experience failures. Consider adding migration guidance, a CHANGELOG entry, or version bump documentation to help users transition to the new parameter name.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de9d14b and fd17259.

📒 Files selected for processing (2)

• aws_eks/eks.tf (1 hunks)
• aws_eks/variables.tf (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: cubic · AI code reviewer

🔇 Additional comments (3)

aws_eks/eks.tf (1)

11-11: Module input mapping correctly updated to match the renamed variable.

The module input parameter has been updated from cluster_encryption_config to encryption_config to align with the renamed variable. This change is consistent with the variable rename in variables.tf.

aws_eks/variables.tf (2)

30-39: All references to the old variable name have been successfully updated.

The search found no remaining occurrences of cluster_encryption_config in any Terraform files (.tf) across the repository. The breaking change to rename the variable to encryption_config has been properly implemented with no incomplete migrations.

---

30-39: Confirmed: "encryption_config" is the correct parameter name for terraform-aws-modules/eks/aws version 21.0.

The web search confirms that the module renamed cluster_encryption_config to encryption_config in v21.0.0. The variable structure in your code matches the expected schema (list of objects with resources and provider.key_arn). No action needed.

[cubic-dev-ai]

No issues found across 2 files