fix: Update AWS provider version to support AL2023_* AMI types; ensure AL2023 user data receives cluster service CIDR (#2960)

* fix: Update AWS provider version to support `AL2023_*` AMI types

* fix: Ensure the cluster service CIDR is passed to the AL2023 user data where its required

modules/self-managed-node-group/README.md

@@ -43,13 +43,13 @@ module "self_managed_node_group" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.38 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.40 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.38 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.40 |
 
 ## Modules
 
@@ -94,6 +94,7 @@ module "self_managed_node_group" {
 | <a name="input_cluster_ip_family"></a> [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `null` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of associated EKS cluster | `string` | `""` | no |
 | <a name="input_cluster_primary_security_group_id"></a> [cluster\_primary\_security\_group\_id](#input\_cluster\_primary\_security\_group\_id) | The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service | `string` | `null` | no |
+| <a name="input_cluster_service_cidr"></a> [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes cluster version - used to lookup default AMI ID if one is not provided | `string` | `null` | no |
 | <a name="input_context"></a> [context](#input\_context) | Reserved | `string` | `null` | no |
 | <a name="input_cpu_options"></a> [cpu\_options](#input\_cpu\_options) | The CPU options for the instance | `map(string)` | `{}` | no |

modules/self-managed-node-group/main.tf

@@ -24,9 +24,10 @@ module "user_data" {
   platform                  = var.platform
   is_eks_managed_node_group = false
 
-  cluster_name        = var.cluster_name
-  cluster_endpoint    = var.cluster_endpoint
-  cluster_auth_base64 = var.cluster_auth_base64
+  cluster_name         = var.cluster_name
+  cluster_endpoint     = var.cluster_endpoint
+  cluster_auth_base64  = var.cluster_auth_base64
+  cluster_service_cidr = var.cluster_service_cidr
 
   enable_bootstrap_user_data = true
   pre_bootstrap_user_data    = var.pre_bootstrap_user_data

modules/self-managed-node-group/variables.tf

@@ -38,6 +38,13 @@ variable "cluster_auth_base64" {
   default     = ""
 }
 
+# Currently only used by AL2023 since it can be IPv4 or IPv6
+variable "cluster_service_cidr" {
+  description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
+  type        = string
+  default     = ""
+}
+
 variable "pre_bootstrap_user_data" {
   description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
   type        = string

modules/self-managed-node-group/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.38"
+      version = ">= 5.40"
     }
   }
 }