Skip to content

Commit 7f4d7b3

Browse files
Benbentwoclaude
andcommitted
revert: remove submodule-level access entry filtering
The ARN-based filtering caused "count depends on resource attributes" errors because the node_role_arn isn't known at plan time when the IAM role is being created in the same apply. The fix is handled at the component level instead — the component simply does not pass the auto mode node role to access_entries_for_nodes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent edcf6a7 commit 7f4d7b3

1 file changed

Lines changed: 4 additions & 13 deletions

File tree

auth.tf

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,6 @@ locals {
33
# Extract the cluster certificate for use in OIDC configuration
44
certificate_authority_data = try(aws_eks_cluster.default[0].certificate_authority[0]["data"], "")
55

6-
# When Auto Mode is enabled, EKS automatically creates the access entry for the node role.
7-
# Filter it out to avoid a 409 ResourceInUseException.
8-
linux_node_arns = lookup(var.access_entries_for_nodes, "EC2_LINUX", [])
9-
filtered_linux_node_arns = local.auto_mode_all_enabled ? [
10-
for arn in local.linux_node_arns : arn if arn != try(var.compute_config.node_role_arn, null)
11-
] : local.linux_node_arns
12-
13-
windows_node_arns = lookup(var.access_entries_for_nodes, "EC2_WINDOWS", [])
14-
156
eks_policy_short_abbreviation_map = {
167
# List available policies with `aws eks list-access-policies --output table`
178

@@ -112,20 +103,20 @@ resource "aws_eks_access_entry" "standard" {
112103
}
113104

114105
resource "aws_eks_access_entry" "linux" {
115-
count = local.enabled ? length(local.filtered_linux_node_arns) : 0
106+
count = local.enabled ? length(lookup(var.access_entries_for_nodes, "EC2_LINUX", [])) : 0
116107

117108
cluster_name = local.eks_cluster_id
118-
principal_arn = local.filtered_linux_node_arns[count.index]
109+
principal_arn = var.access_entries_for_nodes.EC2_LINUX[count.index]
119110
type = "EC2_LINUX"
120111

121112
tags = module.this.tags
122113
}
123114

124115
resource "aws_eks_access_entry" "windows" {
125-
count = local.enabled ? length(local.windows_node_arns) : 0
116+
count = local.enabled ? length(lookup(var.access_entries_for_nodes, "EC2_WINDOWS", [])) : 0
126117

127118
cluster_name = local.eks_cluster_id
128-
principal_arn = local.windows_node_arns[count.index]
119+
principal_arn = var.access_entries_for_nodes.EC2_WINDOWS[count.index]
129120
type = "EC2_WINDOWS"
130121

131122
tags = module.this.tags

0 commit comments

Comments
 (0)