From 3e2ea83267d7532cb66fa4de7f0d2a944b43c3d5 Mon Sep 17 00:00:00 2001
From: Vibham Sharma <45285855+vibhamsharma@users.noreply.github.com>
Date: Wed, 22 Jan 2025 10:58:18 +1000
Subject: [PATCH] fix: Allow `"EC2"` access entry type for EKS Auto Mode custom
 node pools (#3281)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removed EC2 type from condition so policy attachement for access entry can be done for EC2 type for creating access entry for Node role.

While Creating Access entry for Self managed node role, we were getting below error as it seems EC2 type is included in exception for policy attachment. Once I removed EC2 from exception condition, it started picking up Policy attachment and Access Entry got created.

│ Error: Unsupported attribute
│
│   on .terraform/modules/eks/main.tf line 289, in resource "aws_eks_access_policy_association" "this":
│  289:   policy_arn    = each.value.association_policy_arn
│     ├────────────────
│     │ each.value is object with 3 attributes
│
│ This object does not have an attribute named "association_policy_arn".
---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 3c955d54d0..18933422f5 100644
--- a/main.tf
+++ b/main.tf
@@ -258,7 +258,7 @@ locals {
           association_policy_arn              = pol_val.policy_arn
           association_access_scope_type       = pol_val.access_scope.type
           association_access_scope_namespaces = lookup(pol_val.access_scope, "namespaces", [])
-        } : k => v if !contains(["EC2", "EC2_LINUX", "EC2_WINDOWS", "FARGATE_LINUX", "HYBRID_LINUX"], lookup(entry_val, "type", "STANDARD")) },
+        } : k => v if !contains(["EC2_LINUX", "EC2_WINDOWS", "FARGATE_LINUX", "HYBRID_LINUX"], lookup(entry_val, "type", "STANDARD")) },
       )
     ]
   ])