From 34d3d2a530366d2e69914f25d3415057ac4ea61d Mon Sep 17 00:00:00 2001
From: Vibham Sharma <45285855+vibhamsharma@users.noreply.github.com>
Date: Mon, 20 Jan 2025 15:58:10 +1000
Subject: [PATCH] Removed EC2 type from condition so policy attachement for
 access entry can be done for EC2 type for creating access entry for Node
 role.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While Creating Access entry for Self managed node role, we were getting below error as it seems EC2 type is included in exception for policy attachment. Once I removed EC2 from exception condition, it started picking up Policy attachment and Access Entry got created.

│ Error: Unsupported attribute
│
│   on .terraform/modules/eks/main.tf line 289, in resource "aws_eks_access_policy_association" "this":
│  289:   policy_arn    = each.value.association_policy_arn
│     ├────────────────
│     │ each.value is object with 3 attributes
│
│ This object does not have an attribute named "association_policy_arn".
---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 3c955d54d0..18933422f5 100644
--- a/main.tf
+++ b/main.tf
@@ -258,7 +258,7 @@ locals {
           association_policy_arn              = pol_val.policy_arn
           association_access_scope_type       = pol_val.access_scope.type
           association_access_scope_namespaces = lookup(pol_val.access_scope, "namespaces", [])
-        } : k => v if !contains(["EC2", "EC2_LINUX", "EC2_WINDOWS", "FARGATE_LINUX", "HYBRID_LINUX"], lookup(entry_val, "type", "STANDARD")) },
+        } : k => v if !contains(["EC2_LINUX", "EC2_WINDOWS", "FARGATE_LINUX", "HYBRID_LINUX"], lookup(entry_val, "type", "STANDARD")) },
       )
     ]
   ])