Skip to content

fix: Incorporate AWS provider v6.15 corrections for EKS Auto Mode to support enabling/disabling EKS Auto Mode without affecting non-Auto Mode users #3526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 6, 2025
Merged

fix: Incorporate AWS provider v6.15 corrections for EKS Auto Mode to support enabling/disabling EKS Auto Mode without affecting non-Auto Mode users #3526

merged 4 commits into from
Oct 6, 2025
+66 −49

Conversation

bryantbiggs
Copy link
Member

@bryantbiggs bryantbiggs commented Sep 24, 2025
edited
Loading

Description

  • Raise min supported version of AWS provider for EKS Auto Mode corrections added in fix: Allow EKS Auto Mode settings to be enabled, disabled, and removed from the configuration hashicorp/terraform-provider-aws#44334
  • With the changes added upstream, the implementation to always enforce a value for enabled fields of EKS Auto Mode configurations has been removed in this change. There is further work required on the EKS API to supply these values by default instead of empty fields/nil/null. With this change, the majority of users encountering issues where the diff shows changes for EKS Auto Mode when they are not using Auto Mode is resolved. There is still one edge case where users MUST set compute_config.enabled = false if they wish to disable Auto Mode (after enabling and provisioning) otherwise these changes will not be detected and Auto Mode will not be disabled as intended. Once users have applied the changes with compute_config.enabled = false, they can proceed to remove the compute_config block from their configurations. Again, this edge case should be resolved once the EKS API provides a default value for the other two fields (storage_config and elastic_load_balancing) required by EKS Auto Mode. A warning note has been added to the documentation for this edge case
  • Add clarification note on v21 upgrade guide around how to disable custom KMS encryption on cluster secrets
  • Correct documented examples for using custom node pools only with EKS Auto Mode

Motivation and Context

Breaking Changes

  • No

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

Test Procedure

  1. Deploy a control plane with the following configurations (truncated for brevity) as the "starting point" prior to recent changes related to EKS Auto Mode (mimicking the path users would take and experience issues):
module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "21.2.0"

  name                   = local.name
  kubernetes_version     = local.kubernetes_version
  endpoint_public_access = true

  enable_cluster_creator_admin_permissions = true

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  tags = local.tags
}

terraform {
  required_version = ">= 1.5.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.13"
    }
  }
}
  1. Once provisioned, change to the following configuration. The source of the module is pointed to the changes contained in this PR. No changes are observed within the Terraform plan diff as expected:
module "eks" {
  source = "../.." # <= modification

  name                   = local.name
  kubernetes_version     = local.kubernetes_version
  endpoint_public_access = true

  enable_cluster_creator_admin_permissions = true

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  tags = local.tags
}

terraform {
  required_version = ">= 1.5.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.15" # <= modification
    }
  }
}
  1. Enable EKS Auto Mode and apply. Auto Mode is enabled as expected and updated in-place:
module "eks" {
  source = "../.."

  name                   = local.name
  kubernetes_version     = local.kubernetes_version
  endpoint_public_access = true

  enable_cluster_creator_admin_permissions = true

  compute_config = { 				 # <= modification
    enabled    = true 				 # <= modification
    node_pools = ["general-purpose"] # <= modification
  } 								 # <= modification

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  tags = local.tags
}

terraform {
  required_version = ">= 1.5.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.15"
    }
  }
}
  1. Disable EKS Auto Mode and apply. Note: this requires explicitly setting compute_config.enabled = false and applying that change. See note above and within the README about trying to disable by simply removing the compute_config block from the configuration failing to correctly disable EKS Auto Mode due to the EKS API current limiations:
module "eks" {
  source = "../.."

  name                   = local.name
  kubernetes_version     = local.kubernetes_version
  endpoint_public_access = true

  enable_cluster_creator_admin_permissions = true

  compute_config = { # <= modification
    enabled = false  # <= modification
  } 				 # <= modification

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  tags = local.tags
}

terraform {
  required_version = ">= 1.5.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.15"
    }
  }
}
  1. Verify that the compute_config block can be removed and there are no changes detected on the Terraform plan diff:
module "eks" {
  source = "../.."

  name                   = local.name
  kubernetes_version     = local.kubernetes_version
  endpoint_public_access = true

  enable_cluster_creator_admin_permissions = true

  # <= modification

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  tags = local.tags
}

terraform {
  required_version = ">= 1.5.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.15"
    }
  }
}

@ss-rishang
Copy link

+1

@bryantbiggs bryantbiggs marked this pull request as ready for review October 2, 2025 20:15
@ss-rishang
Copy link

Please merge this if everything is find I am waiting for this patch

@bryantbiggs bryantbiggs changed the title fix: Raise min supported version of AWS provider for EKS Auto Mode corrections fix: Incorporate AWS provider v6.15 corrections for EKS Auto Mode to support enabling/disabling EKS Auto Mode without affecting non-Auto Mode users Oct 6, 2025
@bryantbiggs bryantbiggs merged commit f5f6dae into terraform-aws-modules:master Oct 6, 2025
23 checks passed
@bryantbiggs bryantbiggs deleted the fix/auto-mode branch October 6, 2025 16:49
antonbabenko pushed a commit that referenced this pull request Oct 6, 2025
@semantic-release-bot
chore(release): version 21.3.2 [skip ci]
74824da 
## [21.3.2](v21.3.1...v21.3.2) (2025-10-06)

### Bug Fixes

* Incorporate AWS provider `v6.15` corrections for EKS Auto Mode to support enabling/disabling EKS Auto Mode without affecting non-Auto Mode users ([#3526](#3526)) ([f5f6dae](f5f6dae))
@antonbabenko
Copy link
Member

This PR is included in version 21.3.2 🎉

@bryantbiggs bryantbiggs mentioned this pull request Oct 6, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonbabenko antonbabenko antonbabenko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@bryantbiggs @ss-rishang @antonbabenko