diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e8b806..38f7186 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - Fix deprecated interpolation-only expression (by @angelabad)
 - Updated required version of AWS Provider to >= v2.38.0 for Managed Node Groups (by @wmorgan6796)
 - Updated minimum version of Terraform to avoid a bug (by @dpiddockcmp)
+- Fix idempotency issues for node groups with no remote_access configuration (by @jeffmhastings)
 
 #### Important notes
 
diff --git a/examples/managed_node_groups/main.tf b/examples/managed_node_groups/main.tf
index 00b93aa..4dd84e7 100644
--- a/examples/managed_node_groups/main.tf
+++ b/examples/managed_node_groups/main.tf
@@ -23,6 +23,22 @@ provider "template" {
   version = "~> 2.1"
 }
 
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+  load_config_file       = false
+  version                = "~> 1.10"
+}
+
 data "aws_availability_zones" "available" {
 }
 
diff --git a/node_groups.tf b/node_groups.tf
index c604da6..eb2f4c3 100644
--- a/node_groups.tf
+++ b/node_groups.tf
@@ -87,10 +87,19 @@ resource "aws_eks_node_group" "workers" {
   labels          = lookup(each.value, "node_group_k8s_labels", null)
   release_version = lookup(each.value, "ami_release_version", null)
 
-  # This sometimes breaks idempotency as described in https://github.com/terraform-providers/terraform-provider-aws/issues/11063
-  remote_access {
-    ec2_ssh_key               = lookup(each.value, "key_name", "") != "" ? each.value["key_name"] : null
-    source_security_group_ids = lookup(each.value, "key_name", "") != "" ? lookup(each.value, "source_security_group_ids", []) : null
+  dynamic "remote_access" {
+    for_each = [
+      for node_group in [each.value] : {
+        ec2_ssh_key               = node_group["key_name"]
+        source_security_group_ids = lookup(node_group, "source_security_group_ids", [])
+      }
+      if lookup(node_group, "key_name", "") != ""
+    ]
+
+    content {
+      ec2_ssh_key               = remote_access.value["ec2_ssh_key"]
+      source_security_group_ids = remote_access.value["source_security_group_ids"]
+    }
   }
 
   version = aws_eks_cluster.this[0].version