From e24ad1b63c42911be55e77ee863b31429c832a83 Mon Sep 17 00:00:00 2001 From: Gerrit Renker Date: Tue, 25 Nov 2025 16:18:18 -0500 Subject: [PATCH] Now using master --- modules/eks-managed-node-group/main.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf index aa9bd93d03..821d130fef 100644 --- a/modules/eks-managed-node-group/main.tf +++ b/modules/eks-managed-node-group/main.tf @@ -569,12 +569,8 @@ locals { iam_role_name = coalesce(var.iam_role_name, "${var.name}-eks-node-group") iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy" - ipv4_cni_policy = { for k, v in { - AmazonEKS_CNI_Policy = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy" - } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" } - ipv6_cni_policy = { for k, v in { - AmazonEKS_CNI_IPv6_Policy = "arn:${local.partition}:iam::${local.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" - } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" } + base_cni_policy = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy" + ipv6_cni_policy = "arn:${local.partition}:iam::${local.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" } data "aws_iam_policy_document" "assume_role_policy" { @@ -613,8 +609,12 @@ resource "aws_iam_role_policy_attachment" "this" { AmazonEKSWorkerNodePolicy = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy" AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly" }, - local.ipv4_cni_policy, - local.ipv6_cni_policy + var.iam_role_attach_cni_policy ? { + AmazonEKS_CNI_Policy = local.base_cni_policy, + } : {}, + (var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6") ? { + AmazonEKS_CNI_IPv6_Policy = local.ipv6_cni_policy, + } : {}, ) : k => v if local.create_iam_role } policy_arn = each.value