terraform-aws-eks/UPGRADE-19.0/index.html


<!doctype html>
<html lang="en" class="no-js">
  <head>

      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">


        <link rel="canonical" href="https://terraform-aws-modules/terraform-aws-eks/UPGRADE-19.0/">


        <link rel="prev" href="../UPGRADE-18.0/">


        <link rel="next" href="../UPGRADE-20.0/">


      <link rel="icon" href="../assets/logo.png">
      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.26">


        <title>Upgrade from v18.x to v19.x - Terraform AWS EKS</title>


      <link rel="stylesheet" href="../assets/stylesheets/main.6543a935.min.css">


        <link rel="stylesheet" href="../assets/stylesheets/palette.06af60db.min.css">


  <style>:root{--md-admonition-icon--note:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M1 7.775V2.75C1 1.784 1.784 1 2.75 1h5.025c.464 0 .91.184 1.238.513l6.25 6.25a1.75 1.75 0 0 1 0 2.474l-5.026 5.026a1.75 1.75 0 0 1-2.474 0l-6.25-6.25A1.752 1.752 0 0 1 1 7.775Zm1.5 0c0 .066.026.13.073.177l6.25 6.25a.25.25 0 0 0 .354 0l5.025-5.025a.25.25 0 0 0 0-.354l-6.25-6.25a.25.25 0 0 0-.177-.073H2.75a.25.25 0 0 0-.25.25ZM6 5a1 1 0 1 1 0 2 1 1 0 0 1 0-2Z"/></svg>');--md-admonition-icon--abstract:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M2.5 1.75v11.5c0 .138.112.25.25.25h3.17a.75.75 0 0 1 0 1.5H2.75A1.75 1.75 0 0 1 1 13.25V1.75C1 .784 1.784 0 2.75 0h8.5C12.216 0 13 .784 13 1.75v7.736a.75.75 0 0 1-1.5 0V1.75a.25.25 0 0 0-.25-.25h-8.5a.25.25 0 0 0-.25.25Zm13.274 9.537v-.001l-4.557 4.45a.75.75 0 0 1-1.055-.008l-1.943-1.95a.75.75 0 0 1 1.062-1.058l1.419 1.425 4.026-3.932a.75.75 0 1 1 1.048 1.074ZM4.75 4h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM4 7.75A.75.75 0 0 1 4.75 7h2a.75.75 0 0 1 0 1.5h-2A.75.75 0 0 1 4 7.75Z"/></svg>');--md-admonition-icon--info:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"/></svg>');--md-admonition-icon--tip:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M3.499.75a.75.75 0 0 1 1.5 0v.996C5.9 2.903 6.793 3.65 7.662 4.376l.24.202c-.036-.694.055-1.422.426-2.163C9.1.873 10.794-.045 12.622.26 14.408.558 16 1.94 16 4.25c0 1.278-.954 2.575-2.44 2.734l.146.508.065.22c.203.701.412 1.455.476 2.226.142 1.707-.4 3.03-1.487 3.898C11.714 14.671 10.27 15 8.75 15h-6a.75.75 0 0 1 0-1.5h1.376a4.484 4.484 0 0 1-.563-1.191 3.835 3.835 0 0 1-.05-2.063 4.647 4.647 0 0 1-2.025-.293.75.75 0 0 1 .525-1.406c1.357.507 2.376-.006 2.698-.318l.009-.01a.747.747 0 0 1 1.06 0 .748.748 0 0 1-.012 1.074c-.912.92-.992 1.835-.768 2.586.221.74.745 1.337 1.196 1.621H8.75c1.343 0 2.398-.296 3.074-.836.635-.507 1.036-1.31.928-2.602-.05-.603-.216-1.224-.422-1.93l-.064-.221c-.12-.407-.246-.84-.353-1.29a2.425 2.425 0 0 1-.507-.441 3.075 3.075 0 0 1-.633-1.248.75.75 0 0 1 1.455-.364c.046.185.144.436.31.627.146.168.353.305.712.305.738 0 1.25-.615 1.25-1.25 0-1.47-.95-2.315-2.123-2.51-1.172-.196-2.227.387-2.706 1.345-.46.92-.27 1.774.019 3.062l.042.19a.884.884 0 0 1 .01.05c.348.443.666.949.94 1.553a.75.75 0 1 1-1.365.62c-.553-1.217-1.32-1.94-2.3-2.768L6.7 5.527c-.814-.68-1.75-1.462-2.692-2.619a3.737 3.737 0 0 0-1.023.88c-.406.495-.663 1.036-.722 1.508.116.122.306.21.591.239.388.038.797-.06 1.032-.19a.75.75 0 0 1 .728 1.31c-.515.287-1.23.439-1.906.373-.682-.067-1.473-.38-1.879-1.193L.75 5.677V5.5c0-.984.48-1.94 1.077-2.664.46-.559 1.05-1.055 1.673-1.353V.75Z"/></svg>');--md-admonition-icon--success:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M13.78 4.22a.75.75 0 0 1 0 1.06l-7.25 7.25a.75.75 0 0 1-1.06 0L2.22 9.28a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018L6 10.94l6.72-6.72a.75.75 0 0 1 1.06 0Z"/></svg>');--md-admonition-icon--question:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.92 6.085h.001a.749.749 0 1 1-1.342-.67c.169-.339.436-.701.849-.977C6.845 4.16 7.369 4 8 4a2.756 2.756 0 0 1 1.637.525c.503.377.863.965.863 1.725 0 .448-.115.83-.329 1.15-.205.307-.47.513-.692.662-.109.072-.22.138-.313.195l-.006.004a6.24 6.24 0 0 0-.26.16.952.952 0 0 0-.276.245.75.75 0 0 1-1.248-.832c.184-.264.42-.489.692-.661.103-.067.207-.132.313-.195l.007-.004c.1-.061.182-.11.258-.161a.969.969 0 0 0 .277-.245C8.96 6.514 9 6.427 9 6.25a.612.612 0 0 0-.262-.525A1.27 1.27 0 0 0 8 5.5c-.369 0-.595.09-.74.187a1.01 1.01 0 0 0-.34.398ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"/></svg>');--md-admonition-icon--warning:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0L1.698 13.132a.25.25 0 0 0 .22.368h12.164a.25.25 0 0 0 .22-.368Zm.53 3.996v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"/></svg>');--md-admonition-icon--failure:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M2.344 2.343h-.001a8 8 0 0 1 11.314 11.314A8.002 8.002 0 0 1 .234 10.089a8 8 0 0 1 2.11-7.746Zm1.06 10.253a6.5 6.5 0 1 0 9.108-9.275 6.5 6.5 0 0 0-9.108 9.275ZM6.03 4.97 8 6.94l1.97-1.97a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L9.06 8l1.97 1.97a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L8 9.06l-1.97 1.97a.749.749 0 0 1-1.275-.326.749.749 0 0 1 .215-.734L6.94 8 4.97 6.03a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018Z"/></svg>');--md-admonition-icon--danger:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M9.504.43a1.516 1.516 0 0 1 2.437 1.713L10.415 5.5h2.123c1.57 0 2.346 1.909 1.22 3.004l-7.34 7.142a1.249 1.249 0 0 1-.871.354h-.302a1.25 1.25 0 0 1-1.157-1.723L5.633 10.5H3.462c-1.57 0-2.346-1.909-1.22-3.004L9.503.429Zm1.047 1.074L3.286 8.571A.25.25 0 0 0 3.462 9H6.75a.75.75 0 0 1 .694 1.034l-1.713 4.188 6.982-6.793A.25.25 0 0 0 12.538 7H9.25a.75.75 0 0 1-.683-1.06l2.008-4.418.003-.006a.036.036 0 0 0-.004-.009l-.006-.006-.008-.001c-.003 0-.006.002-.009.004Z"/></svg>');--md-admonition-icon--bug:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M4.72.22a.75.75 0 0 1 1.06 0l1 .999a3.488 3.488 0 0 1 2.441 0l.999-1a.748.748 0 0 1 1.265.332.75.75 0 0 1-.205.729l-.775.776c.616.63.995 1.493.995 2.444v.327c0 .1-.009.197-.025.292.408.14.764.392 1.029.722l1.968-.787a.75.75 0 0 1 .556 1.392L13 7.258V9h2.25a.75.75 0 0 1 0 1.5H13v.5c0 .409-.049.806-.141 1.186l2.17.868a.75.75 0 0 1-.557 1.392l-2.184-.873A4.997 4.997 0 0 1 8 16a4.997 4.997 0 0 1-4.288-2.427l-2.183.873a.75.75 0 0 1-.558-1.392l2.17-.868A5.036 5.036 0 0 1 3 11v-.5H.75a.75.75 0 0 1 0-1.5H3V7.258L.971 6.446a.75.75 0 0 1 .558-1.392l1.967.787c.265-.33.62-.583 1.03-.722a1.677 1.677 0 0 1-.026-.292V4.5c0-.951.38-1.814.995-2.444L4.72 1.28a.75.75 0 0 1 0-1.06Zm.53 6.28a.75.75 0 0 0-.75.75V11a3.5 3.5 0 1 0 7 0V7.25a.75.75 0 0 0-.75-.75ZM6.173 5h3.654A.172.172 0 0 0 10 4.827V4.5a2 2 0 1 0-4 0v.327c0 .096.077.173.173.173Z"/></svg>');--md-admonition-icon--example:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M5 5.782V2.5h-.25a.75.75 0 0 1 0-1.5h6.5a.75.75 0 0 1 0 1.5H11v3.282l3.666 5.76C15.619 13.04 14.543 15 12.767 15H3.233c-1.776 0-2.852-1.96-1.899-3.458Zm-2.4 6.565a.75.75 0 0 0 .633 1.153h9.534a.75.75 0 0 0 .633-1.153L12.225 10.5h-8.45ZM9.5 2.5h-3V6c0 .143-.04.283-.117.403L4.73 9h6.54L9.617 6.403A.746.746 0 0 1 9.5 6Z"/></svg>');--md-admonition-icon--quote:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M1.75 2.5h10.5a.75.75 0 0 1 0 1.5H1.75a.75.75 0 0 1 0-1.5Zm4 5h8.5a.75.75 0 0 1 0 1.5h-8.5a.75.75 0 0 1 0-1.5Zm0 5h8.5a.75.75 0 0 1 0 1.5h-8.5a.75.75 0 0 1 0-1.5ZM2.5 7.75v6a.75.75 0 0 1-1.5 0v-6a.75.75 0 0 1 1.5 0Z"/></svg>');}</style>


        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=ember:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"ember";--md-code-font:"Roboto Mono"}</style>


    <script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>


  </head>


    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="deep-purple" data-md-color-accent="indgo">


    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">


        <a href="#upgrade-from-v18x-to-v19x" class="md-skip">
          Skip to content
        </a>

    </div>
    <div data-md-component="announce">

    </div>

      <div data-md-color-scheme="default" data-md-component="outdated" hidden>

      </div>


<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href=".." title="Terraform AWS EKS" class="md-header__button md-logo" aria-label="Terraform AWS EKS" data-md-component="logo">

  <img src="../assets/terraform-aws.png" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">

      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            Terraform AWS EKS
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">

              Upgrade from v18.x to v19.x

          </span>
        </div>
      </div>
    </div>


      <label class="md-header__button md-icon" for="__search">

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="Search">

        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">

          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
        </button>
      </nav>

    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
</div>


      <div class="md-header__source">
        <a href="https://github.com/terraform-aws-modules/terraform-aws-eks" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">

    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
  </div>
  <div class="md-source__repository">
    terraform-aws-eks
  </div>
</a>
      </div>

  </nav>


</header>

    <div class="md-container" data-md-component="container">


      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">


              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">


<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href=".." title="Terraform AWS EKS" class="md-nav__button md-logo" aria-label="Terraform AWS EKS" data-md-component="logo">

  <img src="../assets/terraform-aws.png" alt="logo">

    </a>
    Terraform AWS EKS
  </label>

    <div class="md-nav__source">
      <a href="https://github.com/terraform-aws-modules/terraform-aws-eks" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">

    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
  </div>
  <div class="md-source__repository">
    terraform-aws-eks
  </div>
</a>
    </div>

  <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href=".." class="md-nav__link">


  <span class="md-ellipsis">
    Overview
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../local/" class="md-nav__link">


  <span class="md-ellipsis">
    Local Develpment
  </span>


      </a>
    </li>


  </ul>
</nav>
                  </div>
                </div>
              </div>


              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">


<nav class="md-nav md-nav--secondary" aria-label="Table of contents">


    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>

        <li class="md-nav__item">
  <a href="#list-of-backwards-incompatible-changes" class="md-nav__link">
    <span class="md-ellipsis">
      List of backwards incompatible changes
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#additional-changes" class="md-nav__link">
    <span class="md-ellipsis">
      Additional changes
    </span>
  </a>

    <nav class="md-nav" aria-label="Additional changes">
      <ul class="md-nav__list">

          <li class="md-nav__item">
  <a href="#added" class="md-nav__link">
    <span class="md-ellipsis">
      Added
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#modified" class="md-nav__link">
    <span class="md-ellipsis">
      Modified
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#removed" class="md-nav__link">
    <span class="md-ellipsis">
      Removed
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#variable-and-output-changes" class="md-nav__link">
    <span class="md-ellipsis">
      Variable and output changes
    </span>
  </a>

</li>

      </ul>
    </nav>

</li>

        <li class="md-nav__item">
  <a href="#upgrade-migrations" class="md-nav__link">
    <span class="md-ellipsis">
      Upgrade Migrations
    </span>
  </a>

    <nav class="md-nav" aria-label="Upgrade Migrations">
      <ul class="md-nav__list">

          <li class="md-nav__item">
  <a href="#self-managed-node-groups" class="md-nav__link">
    <span class="md-ellipsis">
      Self-Managed Node Groups
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#eks-managed-node-groups" class="md-nav__link">
    <span class="md-ellipsis">
      EKS Managed Node Groups
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#diff-of-before-v18x-vs-after-v19x" class="md-nav__link">
    <span class="md-ellipsis">
      Diff of Before (v18.x) vs After (v19.x)
    </span>
  </a>

</li>

      </ul>
    </nav>

</li>

        <li class="md-nav__item">
  <a href="#terraform-state-moves" class="md-nav__link">
    <span class="md-ellipsis">
      Terraform State Moves
    </span>
  </a>

    <nav class="md-nav" aria-label="Terraform State Moves">
      <ul class="md-nav__list">

          <li class="md-nav__item">
  <a href="#cluster-iam-role" class="md-nav__link">
    <span class="md-ellipsis">
      Cluster IAM Role
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#eks-managed-node-group-iam-role" class="md-nav__link">
    <span class="md-ellipsis">
      EKS Managed Node Group IAM Role
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#self-managed-node-group-iam-role" class="md-nav__link">
    <span class="md-ellipsis">
      Self-Managed Node Group IAM Role
    </span>
  </a>

</li>

          <li class="md-nav__item">
  <a href="#fargate-profile-iam-role" class="md-nav__link">
    <span class="md-ellipsis">
      Fargate Profile IAM Role
    </span>
  </a>

</li>

      </ul>
    </nav>

</li>

    </ul>

</nav>
                  </div>
                </div>
              </div>


            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">


<h1 id="upgrade-from-v18x-to-v19x">Upgrade from v18.x to v19.x<a class="headerlink" href="#upgrade-from-v18x-to-v19x" title="Permanent link">&para;</a></h1>
<p>Please consult the <code>examples</code> directory for reference example configurations. If you find a bug, please open an issue with supporting configuration to reproduce.</p>
<h2 id="list-of-backwards-incompatible-changes">List of backwards incompatible changes<a class="headerlink" href="#list-of-backwards-incompatible-changes" title="Permanent link">&para;</a></h2>
<ul>
<li>The <code>cluster_id</code> output used to output the name of the cluster. This is due to the fact that the cluster name is a unique constraint and therefore its set as the unique identifier within Terraform's state map. However, starting with local EKS clusters created on Outposts, there is now an attribute returned from the <code>aws eks create-cluster</code> API named <code>id</code>. The <code>cluster_id</code> has been updated to return this value which means that for current, standard EKS clusters created in the AWS cloud, no value will be returned (at the time of this writing) for <code>cluster_id</code> and only local EKS clusters on Outposts will return a value that looks like a UUID/GUID. Users should switch all instances of <code>cluster_id</code> to use <code>cluster_name</code> before upgrading to v19. <a href="https://github.com/hashicorp/terraform-provider-aws/issues/27560">Reference</a></li>
<li>Minimum supported version of Terraform AWS provider updated to v4.45 to support the latest features provided via the resources utilized.</li>
<li>Minimum supported version of Terraform updated to v1.0</li>
<li>Individual security group created per EKS managed node group or self-managed node group has been removed. This configuration went mostly unused and would often cause confusion ("Why is there an empty security group attached to my nodes?"). This functionality can easily be replicated by user's providing one or more externally created security groups to attach to nodes launched from the node group.</li>
<li>Previously, <code>var.iam_role_additional_policies</code> (one for each of the following: cluster IAM role, EKS managed node group IAM role, self-managed node group IAM role, and Fargate Profile IAM role) accepted a list of strings. This worked well for policies that already existed but failed for policies being created at the same time as the cluster due to the well-known issue of unknown values used in a <code>for_each</code> loop. To rectify this issue in <code>v19.x</code>, two changes were made:</li>
<li><code>var.iam_role_additional_policies</code> was changed from type <code>list(string)</code> to type <code>map(string)</code> -&gt; this is a breaking change. More information on managing this change can be found below, under <code>Terraform State Moves</code></li>
<li>The logic used in the root module for this variable was changed to replace the use of <code>try()</code> with <code>lookup()</code>. More details on why can be found <a href="https://github.com/clowdhaus/terraform-for-each-unknown">here</a></li>
<li>The cluster name has been removed from the Karpenter module event rule names. Due to the use of long cluster names appending to the provided naming scheme, the cluster name has moved to a <code>ClusterName</code> tag and the event rule name is now a prefix. This guarantees that users can have multiple instances of Karpenter with their respective event rules/SQS queue without name collisions, while also still being able to identify which queues and event rules belong to which cluster.</li>
<li>The new variable <code>node_security_group_enable_recommended_rules</code> is set to true by default and may conflict with any custom ingress/egress rules. Please ensure that any duplicates from the <code>node_security_group_additional_rules</code> are removed before upgrading, or set <code>node_security_group_enable_recommended_rules</code> to false. <a href="https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-19.0.md#added">Reference</a></li>
</ul>
<h2 id="additional-changes">Additional changes<a class="headerlink" href="#additional-changes" title="Permanent link">&para;</a></h2>
<h3 id="added">Added<a class="headerlink" href="#added" title="Permanent link">&para;</a></h3>
<ul>
<li>Support for setting <code>preserve</code> as well as <code>most_recent</code> on addons.</li>
<li><code>preserve</code> indicates if you want to preserve the created resources when deleting the EKS add-on</li>
<li><code>most_recent</code> indicates if you want to use the most recent revision of the add-on or the default version (default)</li>
<li>Support for setting default node security group rules for common access patterns required:</li>
<li>Egress all for <code>0.0.0.0/0</code>/<code>::/0</code></li>
<li>Ingress from cluster security group for 8443/TCP and 9443/TCP for common applications such as ALB Ingress Controller, Karpenter, OPA Gatekeeper, etc. These are commonly used as webhook ports for validating and mutating webhooks</li>
</ul>
<h3 id="modified">Modified<a class="headerlink" href="#modified" title="Permanent link">&para;</a></h3>
<ul>
<li><code>cluster_security_group_additional_rules</code> and <code>node_security_group_additional_rules</code> have been modified to use <code>lookup()</code> instead of <code>try()</code> to avoid the well-known issue of <a href="https://github.com/hashicorp/terraform/issues/4149">unknown values within a <code>for_each</code> loop</a></li>
<li>Default cluster security group rules have removed egress rules for TCP/443 and TCP/10250 to node groups since the cluster primary security group includes a default rule for ALL to <code>0.0.0.0/0</code>/<code>::/0</code></li>
<li>Default node security group rules have removed egress rules have been removed since the default security group settings have egress rule for ALL to <code>0.0.0.0/0</code>/<code>::/0</code></li>
<li><code>block_device_mappings</code> previously required a map of maps but has since changed to an array of maps. Users can remove the outer key for each block device mapping and replace the outermost map <code>{}</code> with an array <code>[]</code>. There are no state changes required for this change.</li>
<li><code>create_kms_key</code> previously defaulted to <code>false</code> and now defaults to <code>true</code>. Clusters created with this module now default to enabling secret encryption by default with a customer-managed KMS key created by this module</li>
<li><code>cluster_encryption_config</code> previously used a type of <code>list(any)</code> and now uses a type of <code>any</code> -&gt; users can simply remove the outer <code>[</code>...<code>]</code> brackets on <code>v19.x</code></li>
<li><code>cluster_encryption_config</code> previously defaulted to <code>[]</code> and now defaults to <code>{resources = ["secrets"]}</code> to encrypt secrets by default</li>
<li><code>cluster_endpoint_public_access</code> previously defaulted to <code>true</code> and now defaults to <code>false</code>. Clusters created with this module now default to private-only access to the cluster endpoint</li>
<li><code>cluster_endpoint_private_access</code> previously defaulted to <code>false</code> and now defaults to <code>true</code></li>
<li>The addon configuration now sets <code>"OVERWRITE"</code> as the default value for <code>resolve_conflicts</code> to ease add-on upgrade management. Users can opt out of this by instead setting <code>"NONE"</code> as the value for <code>resolve_conflicts</code></li>
<li>The <code>kms</code> module used has been updated from <code>v1.0.2</code> to <code>v1.1.0</code> - no material changes other than updated to latest</li>
<li>The default value for EKS managed node group <code>update_config</code> has been updated to the recommended <code>{ max_unavailable_percentage = 33 }</code></li>
<li>The default value for the self-managed node group <code>instance_refresh</code> has been updated to the recommended:
    <div class="language-hcl highlight"><pre><span></span><code><span id="__span-0-1"><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="p">{</span>
</span><span id="__span-0-2"><a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="w">  </span><span class="na">strategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;Rolling&quot;</span>
</span><span id="__span-0-3"><a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a><span class="w">  </span><span class="nb">preferences</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-0-4"><a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a><span class="w">    </span><span class="na">min_healthy_percentage</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="m">66</span>
</span><span id="__span-0-5"><a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a><span class="w">  </span><span class="p">}</span>
</span><span id="__span-0-6"><a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a><span class="p">}</span>
</span></code></pre></div></li>
</ul>
<h3 id="removed">Removed<a class="headerlink" href="#removed" title="Permanent link">&para;</a></h3>
<ul>
<li>Remove all references of <code>aws_default_tags</code> to avoid update conflicts; this is the responsibility of the provider and should be handled at the provider level</li>
<li>https://github.com/terraform-aws-modules/terraform-aws-eks/issues?q=is%3Aissue+default_tags+is%3Aclosed</li>
<li>https://github.com/terraform-aws-modules/terraform-aws-eks/pulls?q=is%3Apr+default_tags+is%3Aclosed</li>
</ul>
<h3 id="variable-and-output-changes">Variable and output changes<a class="headerlink" href="#variable-and-output-changes" title="Permanent link">&para;</a></h3>
<ol>
<li>
<p>Removed variables:</p>
</li>
<li>
<p><code>node_security_group_ntp_ipv4_cidr_block</code> - default security group settings have an egress rule for ALL to <code>0.0.0.0/0</code>/<code>::/0</code></p>
</li>
<li><code>node_security_group_ntp_ipv6_cidr_block</code> - default security group settings have an egress rule for ALL to <code>0.0.0.0/0</code>/<code>::/0</code></li>
<li>Self-managed node groups:<ul>
<li><code>create_security_group</code></li>
<li><code>security_group_name</code></li>
<li><code>security_group_use_name_prefix</code></li>
<li><code>security_group_description</code></li>
<li><code>security_group_rules</code></li>
<li><code>security_group_tags</code></li>
<li><code>cluster_security_group_id</code></li>
<li><code>vpc_id</code></li>
</ul>
</li>
<li>
<p>EKS managed node groups:</p>
<ul>
<li><code>create_security_group</code></li>
<li><code>security_group_name</code></li>
<li><code>security_group_use_name_prefix</code></li>
<li><code>security_group_description</code></li>
<li><code>security_group_rules</code></li>
<li><code>security_group_tags</code></li>
<li><code>cluster_security_group_id</code></li>
<li><code>vpc_id</code></li>
</ul>
</li>
<li>
<p>Renamed variables:</p>
</li>
<li>
<p>N/A</p>
</li>
<li>
<p>Added variables:</p>
</li>
<li>
<p><code>provision_on_outpost</code>for Outposts support</p>
</li>
<li><code>outpost_config</code> for Outposts support</li>
<li><code>cluster_addons_timeouts</code> for setting a common set of timeouts for all addons (unless a specific value is provided within the addon configuration)</li>
<li><code>service_ipv6_cidr</code> for setting the IPv6 CIDR block for the Kubernetes service addresses</li>
<li>
<p><code>node_security_group_enable_recommended_rules</code> for enabling recommended node security group rules for common access patterns</p>
</li>
<li>
<p>Self-managed node groups:</p>
<ul>
<li><code>launch_template_id</code> for use when using an existing/externally created launch template (Ref: https://github.com/terraform-aws-modules/terraform-aws-autoscaling/pull/204)</li>
<li><code>maintenance_options</code></li>
<li><code>private_dns_name_options</code></li>
<li><code>instance_requirements</code></li>
<li><code>context</code></li>
<li><code>default_instance_warmup</code></li>
<li><code>force_delete_warm_pool</code></li>
</ul>
</li>
<li>EKS managed node groups:<ul>
<li><code>use_custom_launch_template</code> was added to better clarify how users can switch between a custom launch template or the default launch template provided by the EKS managed node group. Previously, to achieve this same functionality of using the default launch template, users needed to set <code>create_launch_template = false</code> and <code>launch_template_name = ""</code> which is not very intuitive.</li>
<li><code>launch_template_id</code> for use when using an existing/externally created launch template (Ref: https://github.com/terraform-aws-modules/terraform-aws-autoscaling/pull/204)</li>
<li><code>maintenance_options</code></li>
<li><code>private_dns_name_options</code>
 -</li>
</ul>
</li>
<li>
<p>Removed outputs:</p>
</li>
<li>
<p>Self-managed node groups:</p>
<ul>
<li><code>security_group_arn</code></li>
<li><code>security_group_id</code></li>
</ul>
</li>
<li>
<p>EKS managed node groups:</p>
<ul>
<li><code>security_group_arn</code></li>
<li><code>security_group_id</code></li>
</ul>
</li>
<li>
<p>Renamed outputs:</p>
</li>
<li>
<p><code>cluster_id</code> is not renamed but the value it returns is now different. For standard EKS clusters created in the AWS cloud, the value returned at the time of this writing is <code>null</code>/empty. For local EKS clusters created on Outposts, the value returned will look like a UUID/GUID. Users should switch all instances of <code>cluster_id</code> to use <code>cluster_name</code> before upgrading to v19. <a href="https://github.com/hashicorp/terraform-provider-aws/issues/27560">Reference</a></p>
</li>
<li>
<p>Added outputs:</p>
</li>
<li>
<p><code>cluster_name</code> - The <code>cluster_id</code> currently set by the AWS provider is actually the cluster name, but in the future, this will change and there will be a distinction between the <code>cluster_name</code> and <code>cluster_id</code>. <a href="https://github.com/hashicorp/terraform-provider-aws/issues/27560">Reference</a></p>
</li>
</ol>
<h2 id="upgrade-migrations">Upgrade Migrations<a class="headerlink" href="#upgrade-migrations" title="Permanent link">&para;</a></h2>
<ol>
<li>Before upgrading your module definition to <code>v19.x</code>, please see below for both EKS managed node group(s) and self-managed node groups and remove the node group(s) security group prior to upgrading.</li>
</ol>
<h3 id="self-managed-node-groups">Self-Managed Node Groups<a class="headerlink" href="#self-managed-node-groups" title="Permanent link">&para;</a></h3>
<p>Self-managed node groups on <code>v18.x</code> by default create a security group that does not specify any rules. In <code>v19.x</code>, this security group has been removed due to the predominant lack of usage (most users rely on the shared node security group). While still using version <code>v18.x</code> of your module definition, remove this security group from your node groups by setting <code>create_security_group = false</code>.</p>
<ul>
<li>If you are currently utilizing this security group, it is recommended to create an additional security group that matches the rules/settings of the security group created by the node group, and specify that security group ID in <code>vpc_security_group_ids</code>. Once this is in place, you can proceed with the original security group removal.</li>
<li>For most users, the security group is not used and can be safely removed. However, deployed instances will have the security group attached to nodes and require the security group to be disassociated before the security group can be deleted. Because instances are deployed via autoscaling groups, we cannot simply remove the security group from the code and have those changes reflected on the instances. Instead, we have to update the code and then trigger the autoscaling groups to cycle the instances deployed so that new instances are provisioned without the security group attached. You can utilize the <code>instance_refresh</code> parameter of Autoscaling groups to force nodes to re-deploy when removing the security group since changes to launch templates automatically trigger an instance refresh. An example configuration is provided below.</li>
<li>Add the following to either/or <code>self_managed_node_group_defaults</code> or the individual self-managed node group definitions:
    <div class="language-hcl highlight"><pre><span></span><code><span id="__span-1-1"><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="na">create_security_group</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">false</span>
</span><span id="__span-1-2"><a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="nb">instance_refresh</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-1-3"><a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a><span class="w">  </span><span class="na">strategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;Rolling&quot;</span>
</span><span id="__span-1-4"><a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="w">  </span><span class="nb">preferences</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-1-5"><a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a><span class="w">    </span><span class="na">min_healthy_percentage</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="m">66</span>
</span><span id="__span-1-6"><a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a><span class="w">  </span><span class="p">}</span>
</span><span id="__span-1-7"><a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a><span class="p">}</span>
</span></code></pre></div></li>
<li>It is recommended to use the <code>aws-node-termination-handler</code> while performing this update. Please refer to the <a href="https://github.com/terraform-aws-modules/terraform-aws-eks/blob/20af82846b4a1f23f3787a8c455f39c0b6164d80/examples/irsa_autoscale_refresh/charts.tf#L86"><code>irsa-autoscale-refresh</code> example</a> for usage. This will ensure that pods are safely evicted in a controlled manner to avoid service disruptions.</li>
<li>Once the necessary configurations are in place, you can apply the changes which will:</li>
<li>Create a new launch template (version) without the self-managed node group security group</li>
<li>Replace instances based on the <code>instance_refresh</code> configuration settings</li>
<li>New instances will launch without the self-managed node group security group, and prior instances will be terminated</li>
<li>Once the self-managed node group has cycled, the security group will be deleted</li>
</ul>
<h3 id="eks-managed-node-groups">EKS Managed Node Groups<a class="headerlink" href="#eks-managed-node-groups" title="Permanent link">&para;</a></h3>
<p>EKS managed node groups on <code>v18.x</code> by default create a security group that does not specify any rules. In <code>v19.x</code>, this security group has been removed due to the predominant lack of usage (most users rely on the shared node security group). While still using version <code>v18.x</code> of your module definition, remove this security group from your node groups by setting <code>create_security_group = false</code>.</p>
<ul>
<li>If you are currently utilizing this security group, it is recommended to create an additional security group that matches the rules/settings of the security group created by the node group, and specify that security group ID in <code>vpc_security_group_ids</code>. Once this is in place, you can proceed with the original security group removal.</li>
<li>EKS managed node groups rollout changes using a <a href="https://docs.aws.amazon.com/eks/latest/userguide/managed-node-update-behavior.html">rolling update strategy</a> that can be influenced through <code>update_config</code>. No additional changes are required for removing the security group created by node groups (unlike self-managed node groups which should utilize the <code>instance_refresh</code> setting of Autoscaling groups).</li>
<li>Once <code>create_security_group = false</code> has been set, you can apply the changes which will:</li>
<li>Create a new launch template (version) without the EKS managed node group security group</li>
<li>Replace instances based on the <code>update_config</code> configuration settings</li>
<li>New instances will launch without the EKS managed node group security group, and prior instances will be terminated</li>
<li>
<p>Once the EKS managed node group has cycled, the security group will be deleted</p>
</li>
<li>
<p>Once the node group security group(s) have been removed, you can update your module definition to specify the <code>v19.x</code> version of the module</p>
</li>
<li>Run <code>terraform init -upgrade=true</code> to update your configuration and pull in the v19 changes</li>
<li>Using the documentation provided above, update your module definition to reflect the changes in the module from <code>v18.x</code> to <code>v19.x</code>. You can utilize <code>terraform plan</code> as you go to help highlight any changes that you wish to make. See below for <code>terraform state mv ...</code> commands related to the use of <code>iam_role_additional_policies</code>. If you are not providing any values to these variables, you can skip this section.</li>
<li>Once you are satisfied with the changes and the <code>terraform plan</code> output, you can apply the changes to sync your infrastructure with the updated module definition (or vice versa).</li>
</ul>
<h3 id="diff-of-before-v18x-vs-after-v19x">Diff of Before (v18.x) vs After (v19.x)<a class="headerlink" href="#diff-of-before-v18x-vs-after-v19x" title="Permanent link">&para;</a></h3>
<div class="language-diff highlight"><pre><span></span><code><span id="__span-2-1"><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="w"> </span>module &quot;eks&quot; {
</span><span id="__span-2-2"><a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="w"> </span>  source  = &quot;terraform-aws-modules/eks/aws&quot;
</span><span id="__span-2-3"><a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a><span class="gd">-  version = &quot;~&gt; 18.0&quot;</span>
</span><span id="__span-2-4"><a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a><span class="gi">+  version = &quot;~&gt; 19.0&quot;</span>
</span><span id="__span-2-5"><a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a>
</span><span id="__span-2-6"><a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a><span class="w"> </span> cluster_name                    = local.name
</span><span id="__span-2-7"><a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a><span class="gi">+ cluster_endpoint_public_access  = true</span>
</span><span id="__span-2-8"><a id="__codelineno-2-8" name="__codelineno-2-8" href="#__codelineno-2-8"></a><span class="gd">- cluster_endpoint_private_access = true # now the default</span>
</span><span id="__span-2-9"><a id="__codelineno-2-9" name="__codelineno-2-9" href="#__codelineno-2-9"></a>
</span><span id="__span-2-10"><a id="__codelineno-2-10" name="__codelineno-2-10" href="#__codelineno-2-10"></a><span class="w"> </span> cluster_addons = {
</span><span id="__span-2-11"><a id="__codelineno-2-11" name="__codelineno-2-11" href="#__codelineno-2-11"></a><span class="gd">-   resolve_conflicts = &quot;OVERWRITE&quot; # now the default</span>
</span><span id="__span-2-12"><a id="__codelineno-2-12" name="__codelineno-2-12" href="#__codelineno-2-12"></a><span class="gi">+   preserve          = true</span>
</span><span id="__span-2-13"><a id="__codelineno-2-13" name="__codelineno-2-13" href="#__codelineno-2-13"></a><span class="gi">+   most_recent       = true</span>
</span><span id="__span-2-14"><a id="__codelineno-2-14" name="__codelineno-2-14" href="#__codelineno-2-14"></a>
</span><span id="__span-2-15"><a id="__codelineno-2-15" name="__codelineno-2-15" href="#__codelineno-2-15"></a><span class="gi">+   timeouts = {</span>
</span><span id="__span-2-16"><a id="__codelineno-2-16" name="__codelineno-2-16" href="#__codelineno-2-16"></a><span class="gi">+     create = &quot;25m&quot;</span>
</span><span id="__span-2-17"><a id="__codelineno-2-17" name="__codelineno-2-17" href="#__codelineno-2-17"></a><span class="gi">+     delete = &quot;10m&quot;</span>
</span><span id="__span-2-18"><a id="__codelineno-2-18" name="__codelineno-2-18" href="#__codelineno-2-18"></a><span class="w"> </span>   }
</span><span id="__span-2-19"><a id="__codelineno-2-19" name="__codelineno-2-19" href="#__codelineno-2-19"></a><span class="w"> </span>   kube-proxy = {}
</span><span id="__span-2-20"><a id="__codelineno-2-20" name="__codelineno-2-20" href="#__codelineno-2-20"></a><span class="w"> </span>   vpc-cni = {
</span><span id="__span-2-21"><a id="__codelineno-2-21" name="__codelineno-2-21" href="#__codelineno-2-21"></a><span class="gd">-     resolve_conflicts = &quot;OVERWRITE&quot; # now the default</span>
</span><span id="__span-2-22"><a id="__codelineno-2-22" name="__codelineno-2-22" href="#__codelineno-2-22"></a><span class="w"> </span>   }
</span><span id="__span-2-23"><a id="__codelineno-2-23" name="__codelineno-2-23" href="#__codelineno-2-23"></a><span class="w"> </span> }
</span><span id="__span-2-24"><a id="__codelineno-2-24" name="__codelineno-2-24" href="#__codelineno-2-24"></a>
</span><span id="__span-2-25"><a id="__codelineno-2-25" name="__codelineno-2-25" href="#__codelineno-2-25"></a><span class="w"> </span> # Encryption key
</span><span id="__span-2-26"><a id="__codelineno-2-26" name="__codelineno-2-26" href="#__codelineno-2-26"></a><span class="w"> </span> create_kms_key = true
</span><span id="__span-2-27"><a id="__codelineno-2-27" name="__codelineno-2-27" href="#__codelineno-2-27"></a><span class="gd">- cluster_encryption_config = [{</span>
</span><span id="__span-2-28"><a id="__codelineno-2-28" name="__codelineno-2-28" href="#__codelineno-2-28"></a><span class="gd">-   resources = [&quot;secrets&quot;]</span>
</span><span id="__span-2-29"><a id="__codelineno-2-29" name="__codelineno-2-29" href="#__codelineno-2-29"></a><span class="gd">- }]</span>
</span><span id="__span-2-30"><a id="__codelineno-2-30" name="__codelineno-2-30" href="#__codelineno-2-30"></a><span class="gi">+ cluster_encryption_config = {</span>
</span><span id="__span-2-31"><a id="__codelineno-2-31" name="__codelineno-2-31" href="#__codelineno-2-31"></a><span class="gi">+   resources = [&quot;secrets&quot;]</span>
</span><span id="__span-2-32"><a id="__codelineno-2-32" name="__codelineno-2-32" href="#__codelineno-2-32"></a><span class="gi">+ }</span>
</span><span id="__span-2-33"><a id="__codelineno-2-33" name="__codelineno-2-33" href="#__codelineno-2-33"></a><span class="w"> </span> kms_key_deletion_window_in_days = 7
</span><span id="__span-2-34"><a id="__codelineno-2-34" name="__codelineno-2-34" href="#__codelineno-2-34"></a><span class="w"> </span> enable_kms_key_rotation         = true
</span><span id="__span-2-35"><a id="__codelineno-2-35" name="__codelineno-2-35" href="#__codelineno-2-35"></a>
</span><span id="__span-2-36"><a id="__codelineno-2-36" name="__codelineno-2-36" href="#__codelineno-2-36"></a><span class="gd">- iam_role_additional_policies = [aws_iam_policy.additional.arn]</span>
</span><span id="__span-2-37"><a id="__codelineno-2-37" name="__codelineno-2-37" href="#__codelineno-2-37"></a><span class="gi">+ iam_role_additional_policies = {</span>
</span><span id="__span-2-38"><a id="__codelineno-2-38" name="__codelineno-2-38" href="#__codelineno-2-38"></a><span class="gi">+   additional = aws_iam_policy.additional.arn</span>
</span><span id="__span-2-39"><a id="__codelineno-2-39" name="__codelineno-2-39" href="#__codelineno-2-39"></a><span class="gi">+ }</span>
</span><span id="__span-2-40"><a id="__codelineno-2-40" name="__codelineno-2-40" href="#__codelineno-2-40"></a>
</span><span id="__span-2-41"><a id="__codelineno-2-41" name="__codelineno-2-41" href="#__codelineno-2-41"></a><span class="w"> </span> vpc_id                   = module.vpc.vpc_id
</span><span id="__span-2-42"><a id="__codelineno-2-42" name="__codelineno-2-42" href="#__codelineno-2-42"></a><span class="w"> </span> subnet_ids               = module.vpc.private_subnets
</span><span id="__span-2-43"><a id="__codelineno-2-43" name="__codelineno-2-43" href="#__codelineno-2-43"></a><span class="w"> </span> control_plane_subnet_ids = module.vpc.intra_subnets
</span><span id="__span-2-44"><a id="__codelineno-2-44" name="__codelineno-2-44" href="#__codelineno-2-44"></a>
</span><span id="__span-2-45"><a id="__codelineno-2-45" name="__codelineno-2-45" href="#__codelineno-2-45"></a><span class="w"> </span> # Extend node-to-node security group rules
</span><span id="__span-2-46"><a id="__codelineno-2-46" name="__codelineno-2-46" href="#__codelineno-2-46"></a><span class="gd">- node_security_group_ntp_ipv4_cidr_block = [&quot;169.254.169.123/32&quot;] # now the default</span>
</span><span id="__span-2-47"><a id="__codelineno-2-47" name="__codelineno-2-47" href="#__codelineno-2-47"></a><span class="w"> </span> node_security_group_additional_rules = {
</span><span id="__span-2-48"><a id="__codelineno-2-48" name="__codelineno-2-48" href="#__codelineno-2-48"></a><span class="gd">-    ingress_self_ephemeral = {</span>
</span><span id="__span-2-49"><a id="__codelineno-2-49" name="__codelineno-2-49" href="#__codelineno-2-49"></a><span class="gd">-      description = &quot;Node to node ephemeral ports&quot;</span>
</span><span id="__span-2-50"><a id="__codelineno-2-50" name="__codelineno-2-50" href="#__codelineno-2-50"></a><span class="gd">-      protocol    = &quot;tcp&quot;</span>
</span><span id="__span-2-51"><a id="__codelineno-2-51" name="__codelineno-2-51" href="#__codelineno-2-51"></a><span class="gd">-      from_port   = 0</span>
</span><span id="__span-2-52"><a id="__codelineno-2-52" name="__codelineno-2-52" href="#__codelineno-2-52"></a><span class="gd">-      to_port     = 0</span>
</span><span id="__span-2-53"><a id="__codelineno-2-53" name="__codelineno-2-53" href="#__codelineno-2-53"></a><span class="gd">-      type        = &quot;ingress&quot;</span>
</span><span id="__span-2-54"><a id="__codelineno-2-54" name="__codelineno-2-54" href="#__codelineno-2-54"></a><span class="gd">-      self        = true</span>
</span><span id="__span-2-55"><a id="__codelineno-2-55" name="__codelineno-2-55" href="#__codelineno-2-55"></a><span class="gd">-    }</span>
</span><span id="__span-2-56"><a id="__codelineno-2-56" name="__codelineno-2-56" href="#__codelineno-2-56"></a><span class="gd">-    egress_all = {</span>
</span><span id="__span-2-57"><a id="__codelineno-2-57" name="__codelineno-2-57" href="#__codelineno-2-57"></a><span class="gd">-      description      = &quot;Node all egress&quot;</span>
</span><span id="__span-2-58"><a id="__codelineno-2-58" name="__codelineno-2-58" href="#__codelineno-2-58"></a><span class="gd">-      protocol         = &quot;-1&quot;</span>
</span><span id="__span-2-59"><a id="__codelineno-2-59" name="__codelineno-2-59" href="#__codelineno-2-59"></a><span class="gd">-      from_port        = 0</span>
</span><span id="__span-2-60"><a id="__codelineno-2-60" name="__codelineno-2-60" href="#__codelineno-2-60"></a><span class="gd">-      to_port          = 0</span>
</span><span id="__span-2-61"><a id="__codelineno-2-61" name="__codelineno-2-61" href="#__codelineno-2-61"></a><span class="gd">-      type             = &quot;egress&quot;</span>
</span><span id="__span-2-62"><a id="__codelineno-2-62" name="__codelineno-2-62" href="#__codelineno-2-62"></a><span class="gd">-      cidr_blocks      = [&quot;0.0.0.0/0&quot;]</span>
</span><span id="__span-2-63"><a id="__codelineno-2-63" name="__codelineno-2-63" href="#__codelineno-2-63"></a><span class="gd">-      ipv6_cidr_blocks = [&quot;::/0&quot;]</span>
</span><span id="__span-2-64"><a id="__codelineno-2-64" name="__codelineno-2-64" href="#__codelineno-2-64"></a><span class="gd">-    }</span>
</span><span id="__span-2-65"><a id="__codelineno-2-65" name="__codelineno-2-65" href="#__codelineno-2-65"></a><span class="w"> </span> }
</span><span id="__span-2-66"><a id="__codelineno-2-66" name="__codelineno-2-66" href="#__codelineno-2-66"></a>
</span><span id="__span-2-67"><a id="__codelineno-2-67" name="__codelineno-2-67" href="#__codelineno-2-67"></a><span class="w"> </span> # Self-Managed Node Group(s)
</span><span id="__span-2-68"><a id="__codelineno-2-68" name="__codelineno-2-68" href="#__codelineno-2-68"></a><span class="w"> </span> self_managed_node_group_defaults = {
</span><span id="__span-2-69"><a id="__codelineno-2-69" name="__codelineno-2-69" href="#__codelineno-2-69"></a><span class="w"> </span>   vpc_security_group_ids = [aws_security_group.additional.id]
</span><span id="__span-2-70"><a id="__codelineno-2-70" name="__codelineno-2-70" href="#__codelineno-2-70"></a><span class="gd">-   iam_role_additional_policies = [aws_iam_policy.additional.arn]</span>
</span><span id="__span-2-71"><a id="__codelineno-2-71" name="__codelineno-2-71" href="#__codelineno-2-71"></a><span class="gi">+   iam_role_additional_policies = {</span>
</span><span id="__span-2-72"><a id="__codelineno-2-72" name="__codelineno-2-72" href="#__codelineno-2-72"></a><span class="gi">+     additional = aws_iam_policy.additional.arn</span>
</span><span id="__span-2-73"><a id="__codelineno-2-73" name="__codelineno-2-73" href="#__codelineno-2-73"></a><span class="gi">+   }</span>
</span><span id="__span-2-74"><a id="__codelineno-2-74" name="__codelineno-2-74" href="#__codelineno-2-74"></a><span class="w"> </span> }
</span><span id="__span-2-75"><a id="__codelineno-2-75" name="__codelineno-2-75" href="#__codelineno-2-75"></a>
</span><span id="__span-2-76"><a id="__codelineno-2-76" name="__codelineno-2-76" href="#__codelineno-2-76"></a><span class="w"> </span> self_managed_node_groups = {
</span><span id="__span-2-77"><a id="__codelineno-2-77" name="__codelineno-2-77" href="#__codelineno-2-77"></a><span class="w"> </span>   spot = {
</span><span id="__span-2-78"><a id="__codelineno-2-78" name="__codelineno-2-78" href="#__codelineno-2-78"></a><span class="w"> </span>     instance_type = &quot;m5.large&quot;
</span><span id="__span-2-79"><a id="__codelineno-2-79" name="__codelineno-2-79" href="#__codelineno-2-79"></a><span class="w"> </span>     instance_market_options = {
</span><span id="__span-2-80"><a id="__codelineno-2-80" name="__codelineno-2-80" href="#__codelineno-2-80"></a><span class="w"> </span>       market_type = &quot;spot&quot;
</span><span id="__span-2-81"><a id="__codelineno-2-81" name="__codelineno-2-81" href="#__codelineno-2-81"></a><span class="w"> </span>     }
</span><span id="__span-2-82"><a id="__codelineno-2-82" name="__codelineno-2-82" href="#__codelineno-2-82"></a>
</span><span id="__span-2-83"><a id="__codelineno-2-83" name="__codelineno-2-83" href="#__codelineno-2-83"></a><span class="w"> </span>     pre_bootstrap_user_data = &lt;&lt;-EOT
</span><span id="__span-2-84"><a id="__codelineno-2-84" name="__codelineno-2-84" href="#__codelineno-2-84"></a><span class="w"> </span>       echo &quot;foo&quot;
</span><span id="__span-2-85"><a id="__codelineno-2-85" name="__codelineno-2-85" href="#__codelineno-2-85"></a><span class="w"> </span>       export FOO=bar
</span><span id="__span-2-86"><a id="__codelineno-2-86" name="__codelineno-2-86" href="#__codelineno-2-86"></a><span class="w"> </span>     EOT
</span><span id="__span-2-87"><a id="__codelineno-2-87" name="__codelineno-2-87" href="#__codelineno-2-87"></a>
</span><span id="__span-2-88"><a id="__codelineno-2-88" name="__codelineno-2-88" href="#__codelineno-2-88"></a><span class="w"> </span>     bootstrap_extra_args = &quot;--kubelet-extra-args &#39;--node-labels=node.kubernetes.io/lifecycle=spot&#39;&quot;
</span><span id="__span-2-89"><a id="__codelineno-2-89" name="__codelineno-2-89" href="#__codelineno-2-89"></a>
</span><span id="__span-2-90"><a id="__codelineno-2-90" name="__codelineno-2-90" href="#__codelineno-2-90"></a><span class="w"> </span>     post_bootstrap_user_data = &lt;&lt;-EOT
</span><span id="__span-2-91"><a id="__codelineno-2-91" name="__codelineno-2-91" href="#__codelineno-2-91"></a><span class="w"> </span>       cd /tmp
</span><span id="__span-2-92"><a id="__codelineno-2-92" name="__codelineno-2-92" href="#__codelineno-2-92"></a><span class="w"> </span>       sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
</span><span id="__span-2-93"><a id="__codelineno-2-93" name="__codelineno-2-93" href="#__codelineno-2-93"></a><span class="w"> </span>       sudo systemctl enable amazon-ssm-agent
</span><span id="__span-2-94"><a id="__codelineno-2-94" name="__codelineno-2-94" href="#__codelineno-2-94"></a><span class="w"> </span>       sudo systemctl start amazon-ssm-agent
</span><span id="__span-2-95"><a id="__codelineno-2-95" name="__codelineno-2-95" href="#__codelineno-2-95"></a><span class="w"> </span>     EOT
</span><span id="__span-2-96"><a id="__codelineno-2-96" name="__codelineno-2-96" href="#__codelineno-2-96"></a>
</span><span id="__span-2-97"><a id="__codelineno-2-97" name="__codelineno-2-97" href="#__codelineno-2-97"></a><span class="gd">-     create_security_group          = true</span>
</span><span id="__span-2-98"><a id="__codelineno-2-98" name="__codelineno-2-98" href="#__codelineno-2-98"></a><span class="gd">-     security_group_name            = &quot;eks-managed-node-group-complete-example&quot;</span>
</span><span id="__span-2-99"><a id="__codelineno-2-99" name="__codelineno-2-99" href="#__codelineno-2-99"></a><span class="gd">-     security_group_use_name_prefix = false</span>
</span><span id="__span-2-100"><a id="__codelineno-2-100" name="__codelineno-2-100" href="#__codelineno-2-100"></a><span class="gd">-     security_group_description     = &quot;EKS managed node group complete example security group&quot;</span>
</span><span id="__span-2-101"><a id="__codelineno-2-101" name="__codelineno-2-101" href="#__codelineno-2-101"></a><span class="gd">-     security_group_rules = {}</span>
</span><span id="__span-2-102"><a id="__codelineno-2-102" name="__codelineno-2-102" href="#__codelineno-2-102"></a><span class="gd">-     security_group_tags = {}</span>
</span><span id="__span-2-103"><a id="__codelineno-2-103" name="__codelineno-2-103" href="#__codelineno-2-103"></a><span class="w"> </span>   }
</span><span id="__span-2-104"><a id="__codelineno-2-104" name="__codelineno-2-104" href="#__codelineno-2-104"></a><span class="w"> </span> }
</span><span id="__span-2-105"><a id="__codelineno-2-105" name="__codelineno-2-105" href="#__codelineno-2-105"></a>
</span><span id="__span-2-106"><a id="__codelineno-2-106" name="__codelineno-2-106" href="#__codelineno-2-106"></a><span class="w"> </span> # EKS Managed Node Group(s)
</span><span id="__span-2-107"><a id="__codelineno-2-107" name="__codelineno-2-107" href="#__codelineno-2-107"></a><span class="w"> </span> eks_managed_node_group_defaults = {
</span><span id="__span-2-108"><a id="__codelineno-2-108" name="__codelineno-2-108" href="#__codelineno-2-108"></a><span class="w"> </span>   ami_type       = &quot;AL2_x86_64&quot;
</span><span id="__span-2-109"><a id="__codelineno-2-109" name="__codelineno-2-109" href="#__codelineno-2-109"></a><span class="w"> </span>   instance_types = [&quot;m6i.large&quot;, &quot;m5.large&quot;, &quot;m5n.large&quot;, &quot;m5zn.large&quot;]
</span><span id="__span-2-110"><a id="__codelineno-2-110" name="__codelineno-2-110" href="#__codelineno-2-110"></a>
</span><span id="__span-2-111"><a id="__codelineno-2-111" name="__codelineno-2-111" href="#__codelineno-2-111"></a><span class="w"> </span>   attach_cluster_primary_security_group = true
</span><span id="__span-2-112"><a id="__codelineno-2-112" name="__codelineno-2-112" href="#__codelineno-2-112"></a><span class="w"> </span>   vpc_security_group_ids                = [aws_security_group.additional.id]
</span><span id="__span-2-113"><a id="__codelineno-2-113" name="__codelineno-2-113" href="#__codelineno-2-113"></a><span class="gd">-   iam_role_additional_policies = [aws_iam_policy.additional.arn]</span>
</span><span id="__span-2-114"><a id="__codelineno-2-114" name="__codelineno-2-114" href="#__codelineno-2-114"></a><span class="gi">+   iam_role_additional_policies = {</span>
</span><span id="__span-2-115"><a id="__codelineno-2-115" name="__codelineno-2-115" href="#__codelineno-2-115"></a><span class="gi">+     additional = aws_iam_policy.additional.arn</span>
</span><span id="__span-2-116"><a id="__codelineno-2-116" name="__codelineno-2-116" href="#__codelineno-2-116"></a><span class="gi">+   }</span>
</span><span id="__span-2-117"><a id="__codelineno-2-117" name="__codelineno-2-117" href="#__codelineno-2-117"></a><span class="w"> </span> }
</span><span id="__span-2-118"><a id="__codelineno-2-118" name="__codelineno-2-118" href="#__codelineno-2-118"></a>
</span><span id="__span-2-119"><a id="__codelineno-2-119" name="__codelineno-2-119" href="#__codelineno-2-119"></a><span class="w"> </span> eks_managed_node_groups = {
</span><span id="__span-2-120"><a id="__codelineno-2-120" name="__codelineno-2-120" href="#__codelineno-2-120"></a><span class="w"> </span>   blue = {}
</span><span id="__span-2-121"><a id="__codelineno-2-121" name="__codelineno-2-121" href="#__codelineno-2-121"></a><span class="w"> </span>   green = {
</span><span id="__span-2-122"><a id="__codelineno-2-122" name="__codelineno-2-122" href="#__codelineno-2-122"></a><span class="w"> </span>     min_size     = 1
</span><span id="__span-2-123"><a id="__codelineno-2-123" name="__codelineno-2-123" href="#__codelineno-2-123"></a><span class="w"> </span>     max_size     = 10
</span><span id="__span-2-124"><a id="__codelineno-2-124" name="__codelineno-2-124" href="#__codelineno-2-124"></a><span class="w"> </span>     desired_size = 1
</span><span id="__span-2-125"><a id="__codelineno-2-125" name="__codelineno-2-125" href="#__codelineno-2-125"></a>
</span><span id="__span-2-126"><a id="__codelineno-2-126" name="__codelineno-2-126" href="#__codelineno-2-126"></a><span class="w"> </span>     instance_types = [&quot;t3.large&quot;]
</span><span id="__span-2-127"><a id="__codelineno-2-127" name="__codelineno-2-127" href="#__codelineno-2-127"></a><span class="w"> </span>     capacity_type  = &quot;SPOT&quot;
</span><span id="__span-2-128"><a id="__codelineno-2-128" name="__codelineno-2-128" href="#__codelineno-2-128"></a><span class="w"> </span>     labels = {
</span><span id="__span-2-129"><a id="__codelineno-2-129" name="__codelineno-2-129" href="#__codelineno-2-129"></a><span class="w"> </span>       Environment = &quot;test&quot;
</span><span id="__span-2-130"><a id="__codelineno-2-130" name="__codelineno-2-130" href="#__codelineno-2-130"></a><span class="w"> </span>       GithubRepo  = &quot;terraform-aws-eks&quot;
</span><span id="__span-2-131"><a id="__codelineno-2-131" name="__codelineno-2-131" href="#__codelineno-2-131"></a><span class="w"> </span>       GithubOrg   = &quot;terraform-aws-modules&quot;
</span><span id="__span-2-132"><a id="__codelineno-2-132" name="__codelineno-2-132" href="#__codelineno-2-132"></a><span class="w"> </span>     }
</span><span id="__span-2-133"><a id="__codelineno-2-133" name="__codelineno-2-133" href="#__codelineno-2-133"></a>
</span><span id="__span-2-134"><a id="__codelineno-2-134" name="__codelineno-2-134" href="#__codelineno-2-134"></a><span class="w"> </span>     taints = {
</span><span id="__span-2-135"><a id="__codelineno-2-135" name="__codelineno-2-135" href="#__codelineno-2-135"></a><span class="w"> </span>       dedicated = {
</span><span id="__span-2-136"><a id="__codelineno-2-136" name="__codelineno-2-136" href="#__codelineno-2-136"></a><span class="w"> </span>         key    = &quot;dedicated&quot;
</span><span id="__span-2-137"><a id="__codelineno-2-137" name="__codelineno-2-137" href="#__codelineno-2-137"></a><span class="w"> </span>         value  = &quot;gpuGroup&quot;
</span><span id="__span-2-138"><a id="__codelineno-2-138" name="__codelineno-2-138" href="#__codelineno-2-138"></a><span class="w"> </span>         effect = &quot;NO_SCHEDULE&quot;
</span><span id="__span-2-139"><a id="__codelineno-2-139" name="__codelineno-2-139" href="#__codelineno-2-139"></a><span class="w"> </span>       }
</span><span id="__span-2-140"><a id="__codelineno-2-140" name="__codelineno-2-140" href="#__codelineno-2-140"></a><span class="w"> </span>     }
</span><span id="__span-2-141"><a id="__codelineno-2-141" name="__codelineno-2-141" href="#__codelineno-2-141"></a>
</span><span id="__span-2-142"><a id="__codelineno-2-142" name="__codelineno-2-142" href="#__codelineno-2-142"></a><span class="w"> </span>     update_config = {
</span><span id="__span-2-143"><a id="__codelineno-2-143" name="__codelineno-2-143" href="#__codelineno-2-143"></a><span class="w"> </span>       max_unavailable_percentage = 33 # or set `max_unavailable`
</span><span id="__span-2-144"><a id="__codelineno-2-144" name="__codelineno-2-144" href="#__codelineno-2-144"></a><span class="w"> </span>     }
</span><span id="__span-2-145"><a id="__codelineno-2-145" name="__codelineno-2-145" href="#__codelineno-2-145"></a>
</span><span id="__span-2-146"><a id="__codelineno-2-146" name="__codelineno-2-146" href="#__codelineno-2-146"></a><span class="gd">-     create_security_group          = true</span>
</span><span id="__span-2-147"><a id="__codelineno-2-147" name="__codelineno-2-147" href="#__codelineno-2-147"></a><span class="gd">-     security_group_name            = &quot;eks-managed-node-group-complete-example&quot;</span>
</span><span id="__span-2-148"><a id="__codelineno-2-148" name="__codelineno-2-148" href="#__codelineno-2-148"></a><span class="gd">-     security_group_use_name_prefix = false</span>
</span><span id="__span-2-149"><a id="__codelineno-2-149" name="__codelineno-2-149" href="#__codelineno-2-149"></a><span class="gd">-     security_group_description     = &quot;EKS managed node group complete example security group&quot;</span>
</span><span id="__span-2-150"><a id="__codelineno-2-150" name="__codelineno-2-150" href="#__codelineno-2-150"></a><span class="gd">-     security_group_rules = {}</span>
</span><span id="__span-2-151"><a id="__codelineno-2-151" name="__codelineno-2-151" href="#__codelineno-2-151"></a><span class="gd">-     security_group_tags = {}</span>
</span><span id="__span-2-152"><a id="__codelineno-2-152" name="__codelineno-2-152" href="#__codelineno-2-152"></a>
</span><span id="__span-2-153"><a id="__codelineno-2-153" name="__codelineno-2-153" href="#__codelineno-2-153"></a><span class="w"> </span>     tags = {
</span><span id="__span-2-154"><a id="__codelineno-2-154" name="__codelineno-2-154" href="#__codelineno-2-154"></a><span class="w"> </span>       ExtraTag = &quot;example&quot;
</span><span id="__span-2-155"><a id="__codelineno-2-155" name="__codelineno-2-155" href="#__codelineno-2-155"></a><span class="w"> </span>     }
</span><span id="__span-2-156"><a id="__codelineno-2-156" name="__codelineno-2-156" href="#__codelineno-2-156"></a><span class="w"> </span>   }
</span><span id="__span-2-157"><a id="__codelineno-2-157" name="__codelineno-2-157" href="#__codelineno-2-157"></a><span class="w"> </span> }
</span><span id="__span-2-158"><a id="__codelineno-2-158" name="__codelineno-2-158" href="#__codelineno-2-158"></a>
</span><span id="__span-2-159"><a id="__codelineno-2-159" name="__codelineno-2-159" href="#__codelineno-2-159"></a><span class="w"> </span> # Fargate Profile(s)
</span><span id="__span-2-160"><a id="__codelineno-2-160" name="__codelineno-2-160" href="#__codelineno-2-160"></a><span class="w"> </span> fargate_profile_defaults = {
</span><span id="__span-2-161"><a id="__codelineno-2-161" name="__codelineno-2-161" href="#__codelineno-2-161"></a><span class="gd">-   iam_role_additional_policies = [aws_iam_policy.additional.arn]</span>
</span><span id="__span-2-162"><a id="__codelineno-2-162" name="__codelineno-2-162" href="#__codelineno-2-162"></a><span class="gi">+   iam_role_additional_policies = {</span>
</span><span id="__span-2-163"><a id="__codelineno-2-163" name="__codelineno-2-163" href="#__codelineno-2-163"></a><span class="gi">+     additional = aws_iam_policy.additional.arn</span>
</span><span id="__span-2-164"><a id="__codelineno-2-164" name="__codelineno-2-164" href="#__codelineno-2-164"></a><span class="gi">+   }</span>
</span><span id="__span-2-165"><a id="__codelineno-2-165" name="__codelineno-2-165" href="#__codelineno-2-165"></a><span class="w"> </span> }
</span><span id="__span-2-166"><a id="__codelineno-2-166" name="__codelineno-2-166" href="#__codelineno-2-166"></a>
</span><span id="__span-2-167"><a id="__codelineno-2-167" name="__codelineno-2-167" href="#__codelineno-2-167"></a><span class="w"> </span> fargate_profiles = {
</span><span id="__span-2-168"><a id="__codelineno-2-168" name="__codelineno-2-168" href="#__codelineno-2-168"></a><span class="w"> </span>   default = {
</span><span id="__span-2-169"><a id="__codelineno-2-169" name="__codelineno-2-169" href="#__codelineno-2-169"></a><span class="w"> </span>     name = &quot;default&quot;
</span><span id="__span-2-170"><a id="__codelineno-2-170" name="__codelineno-2-170" href="#__codelineno-2-170"></a><span class="w"> </span>     selectors = [
</span><span id="__span-2-171"><a id="__codelineno-2-171" name="__codelineno-2-171" href="#__codelineno-2-171"></a><span class="w"> </span>       {
</span><span id="__span-2-172"><a id="__codelineno-2-172" name="__codelineno-2-172" href="#__codelineno-2-172"></a><span class="w"> </span>         namespace = &quot;kube-system&quot;
</span><span id="__span-2-173"><a id="__codelineno-2-173" name="__codelineno-2-173" href="#__codelineno-2-173"></a><span class="w"> </span>         labels = {
</span><span id="__span-2-174"><a id="__codelineno-2-174" name="__codelineno-2-174" href="#__codelineno-2-174"></a><span class="w"> </span>           k8s-app = &quot;kube-dns&quot;
</span><span id="__span-2-175"><a id="__codelineno-2-175" name="__codelineno-2-175" href="#__codelineno-2-175"></a><span class="w"> </span>         }
</span><span id="__span-2-176"><a id="__codelineno-2-176" name="__codelineno-2-176" href="#__codelineno-2-176"></a><span class="w"> </span>       },
</span><span id="__span-2-177"><a id="__codelineno-2-177" name="__codelineno-2-177" href="#__codelineno-2-177"></a><span class="w"> </span>       {
</span><span id="__span-2-178"><a id="__codelineno-2-178" name="__codelineno-2-178" href="#__codelineno-2-178"></a><span class="w"> </span>         namespace = &quot;default&quot;
</span><span id="__span-2-179"><a id="__codelineno-2-179" name="__codelineno-2-179" href="#__codelineno-2-179"></a><span class="w"> </span>       }
</span><span id="__span-2-180"><a id="__codelineno-2-180" name="__codelineno-2-180" href="#__codelineno-2-180"></a><span class="w"> </span>     ]
</span><span id="__span-2-181"><a id="__codelineno-2-181" name="__codelineno-2-181" href="#__codelineno-2-181"></a>
</span><span id="__span-2-182"><a id="__codelineno-2-182" name="__codelineno-2-182" href="#__codelineno-2-182"></a><span class="w"> </span>     tags = {
</span><span id="__span-2-183"><a id="__codelineno-2-183" name="__codelineno-2-183" href="#__codelineno-2-183"></a><span class="w"> </span>       Owner = &quot;test&quot;
</span><span id="__span-2-184"><a id="__codelineno-2-184" name="__codelineno-2-184" href="#__codelineno-2-184"></a><span class="w"> </span>     }
</span><span id="__span-2-185"><a id="__codelineno-2-185" name="__codelineno-2-185" href="#__codelineno-2-185"></a>
</span><span id="__span-2-186"><a id="__codelineno-2-186" name="__codelineno-2-186" href="#__codelineno-2-186"></a><span class="w"> </span>     timeouts = {
</span><span id="__span-2-187"><a id="__codelineno-2-187" name="__codelineno-2-187" href="#__codelineno-2-187"></a><span class="w"> </span>       create = &quot;20m&quot;
</span><span id="__span-2-188"><a id="__codelineno-2-188" name="__codelineno-2-188" href="#__codelineno-2-188"></a><span class="w"> </span>       delete = &quot;20m&quot;
</span><span id="__span-2-189"><a id="__codelineno-2-189" name="__codelineno-2-189" href="#__codelineno-2-189"></a><span class="w"> </span>     }
</span><span id="__span-2-190"><a id="__codelineno-2-190" name="__codelineno-2-190" href="#__codelineno-2-190"></a><span class="w"> </span>   }
</span><span id="__span-2-191"><a id="__codelineno-2-191" name="__codelineno-2-191" href="#__codelineno-2-191"></a><span class="w"> </span> }
</span><span id="__span-2-192"><a id="__codelineno-2-192" name="__codelineno-2-192" href="#__codelineno-2-192"></a>
</span><span id="__span-2-193"><a id="__codelineno-2-193" name="__codelineno-2-193" href="#__codelineno-2-193"></a><span class="w"> </span> # OIDC Identity provider
</span><span id="__span-2-194"><a id="__codelineno-2-194" name="__codelineno-2-194" href="#__codelineno-2-194"></a><span class="w"> </span> cluster_identity_providers = {
</span><span id="__span-2-195"><a id="__codelineno-2-195" name="__codelineno-2-195" href="#__codelineno-2-195"></a><span class="w"> </span>   cognito = {
</span><span id="__span-2-196"><a id="__codelineno-2-196" name="__codelineno-2-196" href="#__codelineno-2-196"></a><span class="w"> </span>     client_id      = &quot;702vqsrjicklgb7c5b7b50i1gc&quot;
</span><span id="__span-2-197"><a id="__codelineno-2-197" name="__codelineno-2-197" href="#__codelineno-2-197"></a><span class="w"> </span>     issuer_url     = &quot;https://cognito-idp.us-west-2.amazonaws.com/us-west-2_re1u6bpRA&quot;
</span><span id="__span-2-198"><a id="__codelineno-2-198" name="__codelineno-2-198" href="#__codelineno-2-198"></a><span class="w"> </span>     username_claim = &quot;email&quot;
</span><span id="__span-2-199"><a id="__codelineno-2-199" name="__codelineno-2-199" href="#__codelineno-2-199"></a><span class="w"> </span>     groups_claim   = &quot;cognito:groups&quot;
</span><span id="__span-2-200"><a id="__codelineno-2-200" name="__codelineno-2-200" href="#__codelineno-2-200"></a><span class="w"> </span>     groups_prefix  = &quot;gid:&quot;
</span><span id="__span-2-201"><a id="__codelineno-2-201" name="__codelineno-2-201" href="#__codelineno-2-201"></a><span class="w"> </span>   }
</span><span id="__span-2-202"><a id="__codelineno-2-202" name="__codelineno-2-202" href="#__codelineno-2-202"></a><span class="w"> </span> }
</span><span id="__span-2-203"><a id="__codelineno-2-203" name="__codelineno-2-203" href="#__codelineno-2-203"></a>
</span><span id="__span-2-204"><a id="__codelineno-2-204" name="__codelineno-2-204" href="#__codelineno-2-204"></a><span class="w"> </span> # aws-auth configmap
</span><span id="__span-2-205"><a id="__codelineno-2-205" name="__codelineno-2-205" href="#__codelineno-2-205"></a><span class="w"> </span> manage_aws_auth_configmap = true
</span><span id="__span-2-206"><a id="__codelineno-2-206" name="__codelineno-2-206" href="#__codelineno-2-206"></a>
</span><span id="__span-2-207"><a id="__codelineno-2-207" name="__codelineno-2-207" href="#__codelineno-2-207"></a><span class="w"> </span> aws_auth_node_iam_role_arns_non_windows = [
</span><span id="__span-2-208"><a id="__codelineno-2-208" name="__codelineno-2-208" href="#__codelineno-2-208"></a><span class="w"> </span>   module.eks_managed_node_group.iam_role_arn,
</span><span id="__span-2-209"><a id="__codelineno-2-209" name="__codelineno-2-209" href="#__codelineno-2-209"></a><span class="w"> </span>   module.self_managed_node_group.iam_role_arn,
</span><span id="__span-2-210"><a id="__codelineno-2-210" name="__codelineno-2-210" href="#__codelineno-2-210"></a><span class="w"> </span> ]
</span><span id="__span-2-211"><a id="__codelineno-2-211" name="__codelineno-2-211" href="#__codelineno-2-211"></a><span class="w"> </span> aws_auth_fargate_profile_pod_execution_role_arns = [
</span><span id="__span-2-212"><a id="__codelineno-2-212" name="__codelineno-2-212" href="#__codelineno-2-212"></a><span class="w"> </span>   module.fargate_profile.fargate_profile_pod_execution_role_arn
</span><span id="__span-2-213"><a id="__codelineno-2-213" name="__codelineno-2-213" href="#__codelineno-2-213"></a><span class="w"> </span> ]
</span><span id="__span-2-214"><a id="__codelineno-2-214" name="__codelineno-2-214" href="#__codelineno-2-214"></a>
</span><span id="__span-2-215"><a id="__codelineno-2-215" name="__codelineno-2-215" href="#__codelineno-2-215"></a><span class="w"> </span> aws_auth_roles = [
</span><span id="__span-2-216"><a id="__codelineno-2-216" name="__codelineno-2-216" href="#__codelineno-2-216"></a><span class="w"> </span>   {
</span><span id="__span-2-217"><a id="__codelineno-2-217" name="__codelineno-2-217" href="#__codelineno-2-217"></a><span class="w"> </span>     rolearn  = &quot;arn:aws:iam::66666666666:role/role1&quot;
</span><span id="__span-2-218"><a id="__codelineno-2-218" name="__codelineno-2-218" href="#__codelineno-2-218"></a><span class="w"> </span>     username = &quot;role1&quot;
</span><span id="__span-2-219"><a id="__codelineno-2-219" name="__codelineno-2-219" href="#__codelineno-2-219"></a><span class="w"> </span>     groups   = [&quot;system:masters&quot;]
</span><span id="__span-2-220"><a id="__codelineno-2-220" name="__codelineno-2-220" href="#__codelineno-2-220"></a><span class="w"> </span>   },
</span><span id="__span-2-221"><a id="__codelineno-2-221" name="__codelineno-2-221" href="#__codelineno-2-221"></a><span class="w"> </span> ]
</span><span id="__span-2-222"><a id="__codelineno-2-222" name="__codelineno-2-222" href="#__codelineno-2-222"></a>
</span><span id="__span-2-223"><a id="__codelineno-2-223" name="__codelineno-2-223" href="#__codelineno-2-223"></a><span class="w"> </span> aws_auth_users = [
</span><span id="__span-2-224"><a id="__codelineno-2-224" name="__codelineno-2-224" href="#__codelineno-2-224"></a><span class="w"> </span>   {
</span><span id="__span-2-225"><a id="__codelineno-2-225" name="__codelineno-2-225" href="#__codelineno-2-225"></a><span class="w"> </span>     userarn  = &quot;arn:aws:iam::66666666666:user/user1&quot;
</span><span id="__span-2-226"><a id="__codelineno-2-226" name="__codelineno-2-226" href="#__codelineno-2-226"></a><span class="w"> </span>     username = &quot;user1&quot;
</span><span id="__span-2-227"><a id="__codelineno-2-227" name="__codelineno-2-227" href="#__codelineno-2-227"></a><span class="w"> </span>     groups   = [&quot;system:masters&quot;]
</span><span id="__span-2-228"><a id="__codelineno-2-228" name="__codelineno-2-228" href="#__codelineno-2-228"></a><span class="w"> </span>   },
</span><span id="__span-2-229"><a id="__codelineno-2-229" name="__codelineno-2-229" href="#__codelineno-2-229"></a><span class="w"> </span>   {
</span><span id="__span-2-230"><a id="__codelineno-2-230" name="__codelineno-2-230" href="#__codelineno-2-230"></a><span class="w"> </span>     userarn  = &quot;arn:aws:iam::66666666666:user/user2&quot;
</span><span id="__span-2-231"><a id="__codelineno-2-231" name="__codelineno-2-231" href="#__codelineno-2-231"></a><span class="w"> </span>     username = &quot;user2&quot;
</span><span id="__span-2-232"><a id="__codelineno-2-232" name="__codelineno-2-232" href="#__codelineno-2-232"></a><span class="w"> </span>     groups   = [&quot;system:masters&quot;]
</span><span id="__span-2-233"><a id="__codelineno-2-233" name="__codelineno-2-233" href="#__codelineno-2-233"></a><span class="w"> </span>   },
</span><span id="__span-2-234"><a id="__codelineno-2-234" name="__codelineno-2-234" href="#__codelineno-2-234"></a><span class="w"> </span> ]
</span><span id="__span-2-235"><a id="__codelineno-2-235" name="__codelineno-2-235" href="#__codelineno-2-235"></a>
</span><span id="__span-2-236"><a id="__codelineno-2-236" name="__codelineno-2-236" href="#__codelineno-2-236"></a><span class="w"> </span> aws_auth_accounts = [
</span><span id="__span-2-237"><a id="__codelineno-2-237" name="__codelineno-2-237" href="#__codelineno-2-237"></a><span class="w"> </span>   &quot;777777777777&quot;,
</span><span id="__span-2-238"><a id="__codelineno-2-238" name="__codelineno-2-238" href="#__codelineno-2-238"></a><span class="w"> </span>   &quot;888888888888&quot;,
</span><span id="__span-2-239"><a id="__codelineno-2-239" name="__codelineno-2-239" href="#__codelineno-2-239"></a><span class="w"> </span> ]
</span><span id="__span-2-240"><a id="__codelineno-2-240" name="__codelineno-2-240" href="#__codelineno-2-240"></a>
</span><span id="__span-2-241"><a id="__codelineno-2-241" name="__codelineno-2-241" href="#__codelineno-2-241"></a><span class="w"> </span> tags = local.tags
</span><span id="__span-2-242"><a id="__codelineno-2-242" name="__codelineno-2-242" href="#__codelineno-2-242"></a>}
</span></code></pre></div>
<h2 id="terraform-state-moves">Terraform State Moves<a class="headerlink" href="#terraform-state-moves" title="Permanent link">&para;</a></h2>
<p>The following Terraform state move commands are optional but recommended if you are providing additional IAM policies that are to be attached to IAM roles created by this module (cluster IAM role, node group IAM role, Fargate profile IAM role). Because the resources affected are <code>aws_iam_role_policy_attachment</code>, in theory, you could get away with simply applying the configuration and letting Terraform detach and re-attach the policies. However, during this brief period of update, you could experience permission failures as the policy is detached and re-attached, and therefore the state move route is recommended.</p>
<p>Where <code>"&lt;POLICY_ARN&gt;"</code> is specified, this should be replaced with the full ARN of the policy, and <code>"&lt;POLICY_MAP_KEY&gt;"</code> should be replaced with the key used in the <code>iam_role_additional_policies</code> map for the associated policy. For example, if you have the following<code>v19.x</code> configuration:</p>
<div class="language-hcl highlight"><pre><span></span><code><span id="__span-3-1"><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="w">  </span><span class="p">...</span>
</span><span id="__span-3-2"><a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="c1">  # This is demonstrating the cluster IAM role additional policies</span>
</span><span id="__span-3-3"><a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="w">  </span><span class="nb">iam_role_additional_policies</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-3-4"><a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a><span class="w">    </span><span class="na">additional</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_iam_policy.additional.arn</span>
</span><span id="__span-3-5"><a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a><span class="w">  </span><span class="p">}</span>
</span><span id="__span-3-6"><a id="__codelineno-3-6" name="__codelineno-3-6" href="#__codelineno-3-6"></a><span class="w">  </span><span class="p">...</span>
</span></code></pre></div>
<p>The associated state move command would look similar to (albeit with your correct policy ARN):</p>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-4-1"><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>mv<span class="w"> </span><span class="s1">&#39;module.eks.aws_iam_role_policy_attachment.this[&quot;arn:aws:iam::111111111111:policy/ex-complete-additional&quot;]&#39;</span><span class="w"> </span><span class="s1">&#39;module.eks.aws_iam_role_policy_attachment.additional[&quot;additional&quot;]&#39;</span>
</span></code></pre></div>
<p>If you are not providing any additional IAM policies, no actions are required.</p>
<h3 id="cluster-iam-role">Cluster IAM Role<a class="headerlink" href="#cluster-iam-role" title="Permanent link">&para;</a></h3>
<p>Repeat for each policy provided in <code>iam_role_additional_policies</code>:</p>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-5-1"><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>mv<span class="w"> </span><span class="s1">&#39;module.eks.aws_iam_role_policy_attachment.this[&quot;&lt;POLICY_ARN&gt;&quot;]&#39;</span><span class="w"> </span><span class="s1">&#39;module.eks.aws_iam_role_policy_attachment.additional[&quot;&lt;POLICY_MAP_KEY&gt;&quot;]&#39;</span>
</span></code></pre></div>
<h3 id="eks-managed-node-group-iam-role">EKS Managed Node Group IAM Role<a class="headerlink" href="#eks-managed-node-group-iam-role" title="Permanent link">&para;</a></h3>
<p>Where <code>"&lt;NODE_GROUP_KEY&gt;"</code> is the key used in the <code>eks_managed_node_groups</code> map for the associated node group. Repeat for each policy provided in <code>iam_role_additional_policies</code> in either/or <code>eks_managed_node_group_defaults</code> or the individual node group definitions:</p>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-6-1"><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>mv<span class="w"> </span><span class="s1">&#39;module.eks.module.eks_managed_node_group[&quot;&lt;NODE_GROUP_KEY&gt;&quot;].aws_iam_role_policy_attachment.this[&quot;&lt;POLICY_ARN&gt;&quot;]&#39;</span><span class="w"> </span><span class="s1">&#39;module.eks.module.eks_managed_node_group[&quot;&lt;NODE_GROUP_KEY&gt;&quot;].aws_iam_role_policy_attachment.additional[&quot;&lt;POLICY_MAP_KEY&gt;&quot;]&#39;</span>
</span></code></pre></div>
<h3 id="self-managed-node-group-iam-role">Self-Managed Node Group IAM Role<a class="headerlink" href="#self-managed-node-group-iam-role" title="Permanent link">&para;</a></h3>
<p>Where <code>"&lt;NODE_GROUP_KEY&gt;"</code> is the key used in the <code>self_managed_node_groups</code> map for the associated node group. Repeat for each policy provided in <code>iam_role_additional_policies</code> in either/or <code>self_managed_node_group_defaults</code> or the individual node group definitions:</p>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-7-1"><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>mv<span class="w"> </span><span class="s1">&#39;module.eks.module.self_managed_node_group[&quot;&lt;NODE_GROUP_KEY&gt;&quot;].aws_iam_role_policy_attachment.this[&quot;&lt;POLICY_ARN&gt;&quot;]&#39;</span><span class="w"> </span><span class="s1">&#39;module.eks.module.self_managed_node_group[&quot;&lt;NODE_GROUP_KEY&gt;&quot;].aws_iam_role_policy_attachment.additional[&quot;&lt;POLICY_MAP_KEY&gt;&quot;]&#39;</span>
</span></code></pre></div>
<h3 id="fargate-profile-iam-role">Fargate Profile IAM Role<a class="headerlink" href="#fargate-profile-iam-role" title="Permanent link">&para;</a></h3>
<p>Where <code>"&lt;FARGATE_PROFILE_KEY&gt;"</code> is the key used in the <code>fargate_profiles</code> map for the associated profile. Repeat for each policy provided in <code>iam_role_additional_policies</code> in either/or <code>fargate_profile_defaults</code> or the individual profile definitions:</p>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-8-1"><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>mv<span class="w"> </span><span class="s1">&#39;module.eks.module.fargate_profile[&quot;&lt;FARGATE_PROFILE_KEY&gt;&quot;].aws_iam_role_policy_attachment.this[&quot;&lt;POLICY_ARN&gt;&quot;]&#39;</span><span class="w"> </span><span class="s1">&#39;module.eks.module.fargate_profile[&quot;&lt;FARGATE_PROFILE_KEY&gt;&quot;].aws_iam_role_policy_attachment.additional[&quot;&lt;POLICY_MAP_KEY&gt;&quot;]&#39;</span>
</span></code></pre></div>


              </article>
            </div>


<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>

      </main>

        <footer class="md-footer">

  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">


    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>

</div>

    </div>
  </div>
</footer>

    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>


    <script id="__config" type="application/json">{"base": "..", "features": ["navigation.tabs.sticky"], "search": "../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>


      <script src="../assets/javascripts/bundle.ad660dcc.min.js"></script>


  </body>
</html>