Fix idempotency with node group remote_access block (#625)

* add kubernetes provider configuration for managed_node_groups example * use dynamic block for remote_access * update changelog
2026-03-11 21:11:32 +01:00 · 2019-12-11 11:50:09 -05:00
parent 7824e8b263
commit 11d8ee8631
3 changed files with 30 additions and 4 deletions
--- a/node_groups.tf
+++ b/node_groups.tf
@@ -87,10 +87,19 @@ resource "aws_eks_node_group" "workers" {
  labels          = lookup(each.value, "node_group_k8s_labels", null)
  release_version = lookup(each.value, "ami_release_version", null)

-  # This sometimes breaks idempotency as described in https://github.com/terraform-providers/terraform-provider-aws/issues/11063
-  remote_access {
-    ec2_ssh_key               = lookup(each.value, "key_name", "") != "" ? each.value["key_name"] : null
-    source_security_group_ids = lookup(each.value, "key_name", "") != "" ? lookup(each.value, "source_security_group_ids", []) : null
+  dynamic "remote_access" {
+    for_each = [
+      for node_group in [each.value] : {
+        ec2_ssh_key               = node_group["key_name"]
+        source_security_group_ids = lookup(node_group, "source_security_group_ids", [])
+      }
+      if lookup(node_group, "key_name", "") != ""
+    ]
+
+    content {
+      ec2_ssh_key               = remote_access.value["ec2_ssh_key"]
+      source_security_group_ids = remote_access.value["source_security_group_ids"]
+    }
  }

  version = aws_eks_cluster.this[0].version