Skip to content

Commit edcf6a7

Browse files
Benbentwoclaude
andcommitted
fix: filter auto mode node role from linux access entries
When EKS Auto Mode is enabled, AWS automatically creates an access entry for the node role specified in compute_config. Attempting to create it again via aws_eks_access_entry.linux causes a 409 ResourceInUseException. Filter out the compute_config.node_role_arn from the linux access entries when auto mode is enabled. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 61b3dea commit edcf6a7

1 file changed

Lines changed: 13 additions & 4 deletions

File tree

auth.tf

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,15 @@ locals {
33
# Extract the cluster certificate for use in OIDC configuration
44
certificate_authority_data = try(aws_eks_cluster.default[0].certificate_authority[0]["data"], "")
55

6+
# When Auto Mode is enabled, EKS automatically creates the access entry for the node role.
7+
# Filter it out to avoid a 409 ResourceInUseException.
8+
linux_node_arns = lookup(var.access_entries_for_nodes, "EC2_LINUX", [])
9+
filtered_linux_node_arns = local.auto_mode_all_enabled ? [
10+
for arn in local.linux_node_arns : arn if arn != try(var.compute_config.node_role_arn, null)
11+
] : local.linux_node_arns
12+
13+
windows_node_arns = lookup(var.access_entries_for_nodes, "EC2_WINDOWS", [])
14+
615
eks_policy_short_abbreviation_map = {
716
# List available policies with `aws eks list-access-policies --output table`
817

@@ -103,20 +112,20 @@ resource "aws_eks_access_entry" "standard" {
103112
}
104113

105114
resource "aws_eks_access_entry" "linux" {
106-
count = local.enabled ? length(lookup(var.access_entries_for_nodes, "EC2_LINUX", [])) : 0
115+
count = local.enabled ? length(local.filtered_linux_node_arns) : 0
107116

108117
cluster_name = local.eks_cluster_id
109-
principal_arn = var.access_entries_for_nodes.EC2_LINUX[count.index]
118+
principal_arn = local.filtered_linux_node_arns[count.index]
110119
type = "EC2_LINUX"
111120

112121
tags = module.this.tags
113122
}
114123

115124
resource "aws_eks_access_entry" "windows" {
116-
count = local.enabled ? length(lookup(var.access_entries_for_nodes, "EC2_WINDOWS", [])) : 0
125+
count = local.enabled ? length(local.windows_node_arns) : 0
117126

118127
cluster_name = local.eks_cluster_id
119-
principal_arn = var.access_entries_for_nodes.EC2_WINDOWS[count.index]
128+
principal_arn = local.windows_node_arns[count.index]
120129
type = "EC2_WINDOWS"
121130

122131
tags = module.this.tags

0 commit comments

Comments
 (0)