From 998636f079f433099f955b8fc0f357d2295bf80e5e641328d27921531dff678c Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Thu, 2 Apr 2026 17:31:33 +0800
Subject: [PATCH] feat: added preserve=false to eks addons. which is crutial to
 prevent residual resources

---
 EksIp6Nginxpod/main.tf                                   | 2 ++
 modules/security_identity_compliance/iam-role-v2/main.tf | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/EksIp6Nginxpod/main.tf b/EksIp6Nginxpod/main.tf
index 0f947b6..71238ff 100644
--- a/EksIp6Nginxpod/main.tf
+++ b/EksIp6Nginxpod/main.tf
@@ -184,10 +184,12 @@ module "eks" {
   addons = {
     coredns = {}
     eks-pod-identity-agent = {
+      preserve       = false
       before_compute = true
     }
     kube-proxy = {}
     aws-ebs-csi-driver = {
+      preserve = false
       pod_identity_association = [{
         role_arn        = module.CsiPodIdentity.role-arn
         service_account = "ebs-csi-controller-sa"
diff --git a/modules/security_identity_compliance/iam-role-v2/main.tf b/modules/security_identity_compliance/iam-role-v2/main.tf
index 3a3fac2..ade58ab 100644
--- a/modules/security_identity_compliance/iam-role-v2/main.tf
+++ b/modules/security_identity_compliance/iam-role-v2/main.tf
@@ -49,7 +49,7 @@ resource "aws_iam_role_policy_attachment" "pa" {
   policy_arn = each.value.arn
 }
 
-resource "aws_iam_role_policy_attachment" "CsiPodIdentity" {
+resource "aws_iam_role_policy_attachment" "mp-attachments" {
   for_each   = toset(var.attach-managed-policies)
   role       = aws_iam_role.r.name
   policy_arn = each.value