Auto Mode custom tags policy is attached to cluster role when Auto Mode disabled

[kian]

Description

Auto Mode custom tags policy is attached to cluster role even when auto mode is disabled. I believe this is the result of #3242

The variable defaults to true which explains why these are created. Should there be an additional check for example that disables creation unless auto-mode itself is enabled?

https://github.com/terraform-aws-modules/terraform-aws-eks/pull/3242/files#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbbR567

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 20.31.4
• Terraform version: 1.9.8
• Provider version(s): 5.81.0

Expected behavior

auto-mode custom tags are ignored when auto-mode is disabled

Actual behavior

custom IAM policy/attachment with enable_auto_mode_custom_tags permissions is created

[kian]

Closing this because I think it's expected; auto-mode is default for the module and it's up to users to disable the variable if not using auto mode.

[Pionerd]

Respectfully disagree with this outcome. Currently the local auto_mode_enabled (basically leveraging the content of var.cluster_compute_config) is used in several places for auto mode config.

Since that variable is empty by default, I don't really consider auto mode the default for this module.
I don't see why disabling these tags should the be done separately.

It looks pretty ugly in our current config where setting enable_auto_mode_custom_tags = false is the only specific mention of (a disabled) auto mode.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.