diff --git a/README.md b/README.md
index fec86afc14..2b19625ef5 100644
--- a/README.md
+++ b/README.md
@@ -381,7 +381,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | map(object({
# Access entry
kubernetes_groups = optional(list(string))
principal_arn = string
type = optional(string, "STANDARD")
user_name = optional(string)
tags = optional(map(string), {})
# Access policy association
policy_associations = optional(map(object({
policy_arn = string
access_scope = object({
namespaces = optional(list(string))
type = string
})
})))
})) | `{}` | no |
+| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | map(object({
# Access entry
kubernetes_groups = optional(list(string))
principal_arn = string
type = optional(string, "STANDARD")
user_name = optional(string)
tags = optional(map(string), {})
# Access policy association
policy_associations = optional(map(object({
policy_arn = string
access_scope = object({
namespaces = optional(list(string))
type = string
})
})), {})
})) | `{}` | no |
| [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |
| [addons](#input\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | map(object({
name = optional(string) # will fall back to map key
before_compute = optional(bool, false)
most_recent = optional(bool, true)
addon_version = optional(string)
configuration_values = optional(string)
pod_identity_association = optional(list(object({
role_arn = string
service_account = string
})))
preserve = optional(bool, true)
resolve_conflicts_on_create = optional(string, "NONE")
resolve_conflicts_on_update = optional(string, "OVERWRITE")
service_account_role_arn = optional(string)
timeouts = optional(object({
create = optional(string)
update = optional(string)
delete = optional(string)
}))
tags = optional(map(string), {})
})) | `null` | no |
| [addons\_timeouts](#input\_addons\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | object({
create = optional(string)
update = optional(string)
delete = optional(string)
}) | `null` | no |
diff --git a/main.tf b/main.tf
index 48207dc238..fb443ddd3d 100644
--- a/main.tf
+++ b/main.tf
@@ -269,7 +269,7 @@ locals {
# associations within a single entry
flattened_access_entries = flatten([
for entry_key, entry_val in local.merged_access_entries : [
- for pol_key, pol_val in try(entry_val.policy_associations, {}) :
+ for pol_key, pol_val in entry_val.policy_associations :
merge(
{
principal_arn = entry_val.principal_arn
diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf
index 7d8adc08e3..27098981c4 100644
--- a/tests/eks-managed-node-group/main.tf
+++ b/tests/eks-managed-node-group/main.tf
@@ -408,6 +408,12 @@ module "eks" {
}
}
}
+
+ no-policy = {
+ kubernetes_groups = ["something"]
+ principal_arn = data.aws_caller_identity.current.arn
+ user_name = "someone"
+ }
}
tags = local.tags
diff --git a/variables.tf b/variables.tf
index 5e23df6c98..930a86e287 100644
--- a/variables.tf
+++ b/variables.tf
@@ -218,7 +218,7 @@ variable "access_entries" {
namespaces = optional(list(string))
type = string
})
- })))
+ })), {})
}))
default = {}
}