The aws-auth submodule for the aws/eks module no longer validates about terraform-aws-eks HOT 7 CLOSED

that is not true - its no longer in the root module, you need to define a new sub-module definition to use that

from terraform-aws-eks.

First, thank you for the response. The docs should probably be updated... And not to be too dense, but by submodule definition, I should insert something like...

module "eks" {
  aws_auth = {
    manage_aws_auth_configmap = true
    aws_auth_roles = [
      {
        rolearn  = data.aws_iam_role.karpenter_instance.arn
        username = "system:node:{{EC2PrivateDNSName}}"
        groups   = ["system:bootstrappers", "system:nodes"]
      },
    ]
    aws_auth_users = var.eks_additional_users
  }
}

...because I make my way through these things by documentation as opposed to actually knowing what I'm doing.

from terraform-aws-eks.

I figured out the module declaration. Thnks.

from terraform-aws-eks.

@zenbones what's the proper module declaration? I'm experiencing the same issue.

from terraform-aws-eks.

Whether something is true or not it is complex topic, but I can say that I found the same issue. I understand that this is a change in the contract of the module, and as such it should be treated gently.

For other humans arriving here, taking the original example that opened the issue:

module "eks" {
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

We need to move all auth related things to a new module definition, like

module "eks" {
   source = "terraform-aws-modules/eks/aws"
   cluster_name = "...."
   # All the rest of cluster configuration that was not moved
}

module "aws_auth" {
  source = "terraform-aws-modules/eks/aws//modules/aws-auth"
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

from terraform-aws-eks.

But if this problem is coming from an upgrade, you might find the following links helpful to find out what else is failing and for a little bit of context:

• https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-20.0.md
• https://github.com/clowdhaus/terraform-aws-eks-migrate-v19-to-v20
• aws-ia/terraform-aws-eks-blueprints-addons#389
• https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/a66db17ae26f0683f61314e8142922e6f3c4f124/patterns/karpenter/main.tf#L160

And also:

• https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/

from terraform-aws-eks.

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

from terraform-aws-eks.