Leveraging built-in Terraform Functions in CDKTF

Hi everyone,

I’ve recently begun using cdktf and am loving it so far, however I’m finding a potential gap in functionality or haven’t found relevant documentation.

I’m leveraging the terraform-aws-modules/eks/aws module to create an EKS cluster with cdktf and am trying to access the base64 encoded certificate authority data to apply the AWS Authentication configmap thats leveraged as part of the module.

To do this I’m initializing the KubernetesProvider as such:

    KubernetesProvider(self, 'k8s', host=eks_cluster.cluster_endpoint_output,
                       cluster_ca_certificate=
                       eks_cluster.cluster_certificate_authority_data_output,
                       token=eks_cluster_auth.token, load_config_file=False),

However the output of eks_cluster.cluster_certificate_authority_data_output is ${module.eks_clusterName_SomeId.cluster_certificate_authority_data}

Since this data is natively base64 encoded I would simply call base64decode() in Terraform to decode it, but I’m not seeing that functionality in the CDK.

I’ve worked around it by stripping the ${} from the output string and using a custom formatted string as such:

        cluster_ca_lookup_string = ''.join(c for c in eks_cluster.cluster_certificate_authority_data_output
                                       if c not in '{}$')
    KubernetesProvider(self, 'k8s', host=eks_cluster.cluster_endpoint_output,
                       cluster_ca_certificate=
                       f'${{base64decode({cluster_ca_lookup_string})}}',
                       token=eks_cluster_auth.token, load_config_file=False),

This seems to work but is a bit messy. Is there a recommended way to perform these types of functions natively in the CDK or is it something that is still not developed/supported yet?

Cheers!

Using terraform functions in cdktf isn’t natively supported at this point in time. Adding support isn’t immediately on the roadmap, but I hope it can be added in the future.

1 Like

Ah that’s unfortunate. There’s a definite need I think for this to be added as certain modules and resources need things like base64decode/encode so I may open a Feature request.

Thanks for the info!