Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to attach access policies to access entries of type EC2 #3274

Open
1 task done
theincognitogeek opened this issue Jan 10, 2025 · 0 comments
Open
1 task done

unable to attach access policies to access entries of type EC2 #3274

theincognitogeek opened this issue Jan 10, 2025 · 0 comments

Comments

@theincognitogeek
Copy link

Description

I am trying to creating a automode enabled EKS cluster with custom nodepools and nodeclasses and while trying to provide access entry to the role AmazonEKSAutoNodePolicy, I tried to attachthe accesspolicy AmazonEKSAutoNodePolicy
If your request is for a new feature, please use the Feature request template.

  • ✋ I have searched the open/closed issues and my issue is not listed.

Versions

Module version [Required]: ~> 20.0
Terraform version: 1.9.8
Provider version(s): ~> 5.0

Reproduction Code [Required]

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 20.0"
  cluster_name    = var.cluster_name
  cluster_version = var.cluster_version
  vpc_id          = var.vpc_id
  subnet_ids = var.subnet_ids
  cluster_endpoint_private_access = var.cluster_endpoint_private_access
  cluster_endpoint_public_access  = var.cluster_endpoint_public_access
  create_cloudwatch_log_group     = var.create_cloudwatch_log_group
  cluster_enabled_log_types              = var.cluster_enabled_log_types
  cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
  cluster_compute_config = {
    enabled = true
  }
  cluster_addons = {
    coredns = {}
    kube-proxy = {}
    vpc-cni = {}
    eks-pod-identity-agent = {}
  }
  create_node_security_group    = false
  create_cluster_security_group = false
  authentication_mode                      = var.authentication_mode
  enable_cluster_creator_admin_permissions = false
  access_entries = {
    cluster_node_access_entry = {
      principal_arn = "arn:aws:iam::${aws_account_id}:role/AmazonEKSAutoNodeRole"
      type          = "EC2"

      policy_associations = {
        cluster_admin_access_policy = {
          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAutoNodePolicy"
          access_scope = {
            type = "cluster"
          }
        }
      }
    }

  }

  tags = var.tags
}

Steps to reproduce the behavior:

Expected behavior

I expect that a new access entry with the role AmazonEKSAutoNodeRole of type EC2 is created and the cluster policy AmazonEKSAutoNodePolicy is attached to it.

Actual behavior

I am observing the below error while associating the access policy to the role.


│   on .terraform/modules/eks/main.tf line 284, in resource "aws_eks_access_policy_association" "this":
│  284:     type       = each.value.association_access_scope_type
│     ├────────────────
│     │ each.value is object with 3 attributes
│ 
│ This object does not have an attribute named
│ "association_access_scope_type".
╵
╷
│ Error: Unsupported attribute
│ 
│   on .terraform/modules/eks/main.tf line 289, in resource "aws_eks_access_policy_association" "this":
│  289:   policy_arn    = each.value.association_policy_arn
│     ├────────────────
│     │ each.value is object with 3 attributes
│ 
│ This object does not have an attribute named "association_policy_arn".
╵
@theincognitogeek theincognitogeek changed the title unable to access policies to access entries of type EC2 unable to attach access policies to access entries of type EC2 Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@theincognitogeek