Description
Description
I am upgrading the terraform-aws-eks module from v19.15.4 to v20.31.6 to enable EKS auto mode. However, during the upgrade, I encounter the following error:
Error: creating EKS Cluster (<cluster-name>): operation error EKS: CreateCluster, https response error StatusCode: 409, RequestID: <request-id>, ResourceInUseException: Cluster already exists with name: <cluster-name>
It seems that Terraform is attempting to recreate the existing EKS cluster, even though it already exists.
- ✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]: 20.11.1 & 20.31.6
-
Terraform version: 1.3.2
-
Provider version(s):
registry.terraform.io/hashicorp/aws v5.81.0
registry.terraform.io/hashicorp/cloudinit v2.3.5
registry.terraform.io/hashicorp/google v4.25.0
registry.terraform.io/hashicorp/helm v2.5.1
registry.terraform.io/hashicorp/kubernetes v2.35.0
registry.terraform.io/hashicorp/null v3.2.3
registry.terraform.io/hashicorp/time v0.12.1
registry.terraform.io/hashicorp/tls v4.0.6
Reproduction Code [Required]
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.31.6"
cluster_name = local.cluster_name
cluster_version = "1.29"
cluster_endpoint_private_access = true
cluster_endpoint_public_access = true
enable_cluster_creator_admin_permissions = true
authentication_mode = "API_AND_CONFIG_MAP"
cluster_addons = {
coredns = {
resolve_conflicts_on_update = "OVERWRITE"
}
kube-proxy = {}
vpc-cni = {
resolve_conflicts_on_update = "OVERWRITE"
}
aws-ebs-csi-driver = {
service_account_role_arn = "<service-account-role-arn>"
}
}
...
}
Steps to reproduce the behavior:
- terraform apply
Expected behavior
Terraform should detect the existing cluster and update the resources without attempting to recreate the cluster.
Actual behavior
Terraform attempts to recreate the existing cluster, leading to a ResourceInUseException.
Terminal Output Screenshot(s)
+/- resource "aws_eks_cluster" "this" {
~ arn = "<REDACTED>" -> (known after apply)
~ certificate_authority = [
- {
- data = "<REDACTED>"
},
] -> (known after apply)
+ cluster_id = (known after apply)
~ created_at = "2024-07-10 00:02:13.163 +0000 UTC" -> (known after apply)
~ endpoint = "<REDACTED>" -> (known after apply)
~ id = "<REDACTED>" -> (known after apply)
~ identity = [
- {
- oidc = [
- {
- issuer = "<REDACTED>"
},
]
},
] -> (known after apply)
name = "<REDACTED>"
~ platform_version = "eks.7" -> (known after apply)
~ status = "ACTIVE" -> (known after apply)
~ tags = {
+ "terraform-aws-modules" = "eks"
# (3 unchanged elements hidden)
}
~ tags_all = {
+ "terraform-aws-modules" = "eks"
# (3 unchanged elements hidden)
}
# (3 unchanged attributes hidden)
+ access_config {
+ authentication_mode = "API_AND_CONFIG_MAP"
+ bootstrap_cluster_creator_admin_permissions = false # forces replacement
}
~ kubernetes_network_config {
~ service_ipv4_cidr = "172.20.0.0/16" -> (known after apply)
+ service_ipv6_cidr = (known after apply)
# (1 unchanged attribute hidden)
+ elastic_load_balancing {
+ enabled = (known after apply)
}
}
+ upgrade_policy {
+ support_type = (known after apply)
}
~ vpc_config {
~ cluster_security_group_id = "<REDACTED>" -> (known after apply)
~ vpc_id = "<REDACTED>" -> (known after apply)
# (5 unchanged attributes hidden)
}
# (2 unchanged blocks hidden)
}
Additional context
- Verified the issue was reported and marked as resolved in v20.11.1.
- Tried different values for the enable_cluster_creator_admin_permissions variable (true and false), but the issue persists.