diff --git a/README.md b/README.md
index b272a6475d..5a074b966d 100644
--- a/README.md
+++ b/README.md
@@ -70,7 +70,6 @@ module "eks" {
access_entries = {
# One access entry with a policy associated
example = {
- kubernetes_groups = []
principal_arn = "arn:aws:iam::123456789012:role/something"
policy_associations = {
@@ -175,7 +174,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
| [time](#requirement\_time) | >= 0.9 |
| [tls](#requirement\_tls) | >= 3.0 |
@@ -183,7 +182,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
| [time](#provider\_time) | >= 0.9 |
| [tls](#provider\_tls) | >= 3.0 |
diff --git a/examples/eks-managed-node-group/versions.tf b/examples/eks-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/examples/eks-managed-node-group/versions.tf
+++ b/examples/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index b621a36591..15d51bcdb9 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -89,7 +89,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
| [helm](#requirement\_helm) | >= 2.7 |
| [kubectl](#requirement\_kubectl) | >= 2.0 |
@@ -97,8 +97,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
-| [aws.virginia](#provider\_aws.virginia) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
+| [aws.virginia](#provider\_aws.virginia) | >= 5.75 |
| [helm](#provider\_helm) | >= 2.7 |
| [kubectl](#provider\_kubectl) | >= 2.0 |
diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf
index 0c0cc6c763..5caab8394a 100644
--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
helm = {
source = "hashicorp/helm"
diff --git a/examples/self-managed-node-group/versions.tf b/examples/self-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/examples/self-managed-node-group/versions.tf
+++ b/examples/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/main.tf b/main.tf
index 0b62869c24..037de7b5d8 100644
--- a/main.tf
+++ b/main.tf
@@ -496,8 +496,18 @@ resource "aws_eks_addon" "this" {
cluster_name = aws_eks_cluster.this[0].name
addon_name = try(each.value.name, each.key)
- addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version)
- configuration_values = try(each.value.configuration_values, null)
+ addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version)
+ configuration_values = try(each.value.configuration_values, null)
+
+ dynamic "pod_identity_association" {
+ for_each = try(each.value.pod_identity_association, [])
+
+ content {
+ role_arn = pod_identity_association.value.role_arn
+ service_account = pod_identity_association.value.service_account
+ }
+ }
+
preserve = try(each.value.preserve, true)
resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE")
resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE")
@@ -525,8 +535,18 @@ resource "aws_eks_addon" "before_compute" {
cluster_name = aws_eks_cluster.this[0].name
addon_name = try(each.value.name, each.key)
- addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version)
- configuration_values = try(each.value.configuration_values, null)
+ addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version)
+ configuration_values = try(each.value.configuration_values, null)
+
+ dynamic "pod_identity_association" {
+ for_each = try(each.value.pod_identity_association, [])
+
+ content {
+ role_arn = pod_identity_association.value.role_arn
+ service_account = pod_identity_association.value.service_account
+ }
+ }
+
preserve = try(each.value.preserve, true)
resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE")
resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE")
diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md
index ace9106c3d..23df973444 100644
--- a/modules/eks-managed-node-group/README.md
+++ b/modules/eks-managed-node-group/README.md
@@ -64,13 +64,13 @@ module "eks_managed_node_group" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/modules/eks-managed-node-group/versions.tf
+++ b/modules/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md
index 732cd7b455..a7b12553ff 100644
--- a/modules/fargate-profile/README.md
+++ b/modules/fargate-profile/README.md
@@ -29,13 +29,13 @@ module "fargate_profile" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/modules/fargate-profile/versions.tf
+++ b/modules/fargate-profile/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 2ca911d156..ef2be2099c 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -86,13 +86,13 @@ module "karpenter" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/modules/karpenter/versions.tf
+++ b/modules/karpenter/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md
index d2c53be59a..7c76477049 100644
--- a/modules/self-managed-node-group/README.md
+++ b/modules/self-managed-node-group/README.md
@@ -43,13 +43,13 @@ module "self_managed_node_group" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/modules/self-managed-node-group/versions.tf
+++ b/modules/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/tests/eks-managed-node-group/README.md b/tests/eks-managed-node-group/README.md
index 39af8f08ed..b1f4ab1398 100644
--- a/tests/eks-managed-node-group/README.md
+++ b/tests/eks-managed-node-group/README.md
@@ -18,18 +18,19 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
| Name | Source | Version |
|------|--------|---------|
+| [aws\_vpc\_cni\_ipv6\_pod\_identity](#module\_aws\_vpc\_cni\_ipv6\_pod\_identity) | terraform-aws-modules/eks-pod-identity/aws | ~> 1.6 |
| [disabled\_eks](#module\_disabled\_eks) | ../.. | n/a |
| [disabled\_eks\_managed\_node\_group](#module\_disabled\_eks\_managed\_node\_group) | ../../modules/eks-managed-node-group | n/a |
| [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 2.1 |
diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf
index 7292e765dc..8a4d48c7f0 100644
--- a/tests/eks-managed-node-group/main.tf
+++ b/tests/eks-managed-node-group/main.tf
@@ -45,6 +45,10 @@ module "eks" {
coredns = {
most_recent = true
}
+ eks-pod-identity-agent = {
+ before_compute = true
+ most_recent = true
+ }
kube-proxy = {
most_recent = true
}
@@ -58,6 +62,10 @@ module "eks" {
WARM_PREFIX_TARGET = "1"
}
})
+ pod_identity_association = [{
+ role_arn = module.aws_vpc_cni_ipv6_pod_identity.iam_role_arn
+ service_account = "aws-node"
+ }]
}
}
@@ -366,8 +374,7 @@ module "eks" {
access_entries = {
# One access entry with a policy associated
ex-single = {
- kubernetes_groups = []
- principal_arn = aws_iam_role.this["single"].arn
+ principal_arn = aws_iam_role.this["single"].arn
policy_associations = {
single = {
@@ -382,8 +389,7 @@ module "eks" {
# Example of adding multiple policies to a single access entry
ex-multiple = {
- kubernetes_groups = []
- principal_arn = aws_iam_role.this["multiple"].arn
+ principal_arn = aws_iam_role.this["multiple"].arn
policy_associations = {
ex-one = {
@@ -489,6 +495,18 @@ module "vpc" {
tags = local.tags
}
+module "aws_vpc_cni_ipv6_pod_identity" {
+ source = "terraform-aws-modules/eks-pod-identity/aws"
+ version = "~> 1.6"
+
+ name = "aws-vpc-cni-ipv6"
+
+ attach_aws_vpc_cni_policy = true
+ aws_vpc_cni_enable_ipv6 = true
+
+ tags = local.tags
+}
+
module "ebs_kms_key" {
source = "terraform-aws-modules/kms/aws"
version = "~> 2.1"
diff --git a/tests/eks-managed-node-group/versions.tf b/tests/eks-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/tests/eks-managed-node-group/versions.tf
+++ b/tests/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/tests/fargate-profile/README.md b/tests/fargate-profile/README.md
index a7af7cd080..a50029c722 100644
--- a/tests/fargate-profile/README.md
+++ b/tests/fargate-profile/README.md
@@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
diff --git a/tests/fargate-profile/versions.tf b/tests/fargate-profile/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/tests/fargate-profile/versions.tf
+++ b/tests/fargate-profile/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/tests/self-managed-node-group/README.md b/tests/self-managed-node-group/README.md
index 0691b7aa0b..1587f7c177 100644
--- a/tests/self-managed-node-group/README.md
+++ b/tests/self-managed-node-group/README.md
@@ -18,18 +18,19 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [aws](#requirement\_aws) | >= 5.74 |
+| [aws](#requirement\_aws) | >= 5.75 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.74 |
+| [aws](#provider\_aws) | >= 5.75 |
## Modules
| Name | Source | Version |
|------|--------|---------|
+| [aws\_vpc\_cni\_ipv4\_pod\_identity](#module\_aws\_vpc\_cni\_ipv4\_pod\_identity) | terraform-aws-modules/eks-pod-identity/aws | ~> 1.6 |
| [disabled\_self\_managed\_node\_group](#module\_disabled\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a |
| [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 2.0 |
| [eks](#module\_eks) | ../.. | n/a |
diff --git a/tests/self-managed-node-group/main.tf b/tests/self-managed-node-group/main.tf
index dee3274dc4..afe7aac9a1 100644
--- a/tests/self-managed-node-group/main.tf
+++ b/tests/self-managed-node-group/main.tf
@@ -41,11 +41,18 @@ module "eks" {
coredns = {
most_recent = true
}
+ eks-pod-identity-agent = {
+ most_recent = true
+ }
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
+ pod_identity_association = [{
+ role_arn = module.aws_vpc_cni_ipv4_pod_identity.iam_role_arn
+ service_account = "aws-node"
+ }]
}
}
@@ -388,6 +395,18 @@ module "vpc" {
tags = local.tags
}
+module "aws_vpc_cni_ipv4_pod_identity" {
+ source = "terraform-aws-modules/eks-pod-identity/aws"
+ version = "~> 1.6"
+
+ name = "aws-vpc-cni-ipv4"
+
+ attach_aws_vpc_cni_policy = true
+ aws_vpc_cni_enable_ipv4 = true
+
+ tags = local.tags
+}
+
data "aws_ami" "eks_default" {
most_recent = true
owners = ["amazon"]
diff --git a/tests/self-managed-node-group/versions.tf b/tests/self-managed-node-group/versions.tf
index 3cc97fa038..0099e6baaf 100644
--- a/tests/self-managed-node-group/versions.tf
+++ b/tests/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
}
}
diff --git a/versions.tf b/versions.tf
index 090ca7b00b..fc9dadd253 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.74"
+ version = ">= 5.75"
}
tls = {
source = "hashicorp/tls"