Unable to deploy a fresh cluster (v18+)

[ulm0]

Description

I'm trying to create a brand new cluster from the new module version, but i get a for_each error which is not described in the readme.

Users may encounter an error such as Error: Invalid for_each argument - The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply ...

From what i understand is the aforementioned error happens when attaching additional policies, right? and that i'm not doing, though i get the following error:

Error: Invalid for_each argument

  on .terraform/modules/eks_cluster/main.tf line 208, in resource "aws_iam_role_policy_attachment" "this":
 208:   for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
 209:     "${local.policy_arn_prefix}/AmazonEKSClusterPolicy",
 210:     "${local.policy_arn_prefix}/AmazonEKSVPCResourceController",
 211:   ], var.iam_role_additional_policies)))) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

am i missing something?

Versions

• Terraform: v0.14.11

• Provider(s):
  • provider registry.terraform.io/hashicorp/aws v3.72.0
  • provider registry.terraform.io/hashicorp/cloudinit v2.2.0
  • provider registry.terraform.io/hashicorp/helm v2.4.1
  • provider registry.terraform.io/hashicorp/kubernetes v2.8.0
  • provider registry.terraform.io/hashicorp/random v3.1.0
  • provider registry.terraform.io/hashicorp/tls v3.1.0

• Module: v18.7.2

Reproduction

Steps to reproduce the behavior:

• Use the new module to create a cluster

Code Snippet to Reproduce

module "eks_cluster" {
  source                          = "terraform-aws-modules/eks/aws"
  version                         = "18.7.2"
  cluster_name                    = local.eks_cluster_name
  cluster_version                 = "1.21"
  cluster_endpoint_private_access = true
  cluster_endpoint_public_access  = true
  vpc_id                          = "vpc-12345678"
  subnet_ids                      = ["subnet-1234678"]
  cluster_enabled_log_types       = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
  cluster_encryption_config = [{
    provider_key_arn = aws_kms_key.eks_cluster.arn
    resources        = ["secrets"]
  }]

  eks_managed_node_group_defaults = {
    iam_role_attach_cni_policy = true
  }

  eks_managed_node_groups = {
    default = {}
  }
  fargate_profiles = {
    subnet_ids = ["subnet-1234678"]
    platform = {
      name = format("%s-platform", local.eks_cluster_name)
      selectors = [
        {
          namespace = "kube-system"
        },
        {
          namespace = "karpenter"
        },
      ]
      tags = local.my_tags
      timeouts = {
        create = "20m"
        delete = "20m"
      }
    }
  }

  tags = merge(
    { "karpenter.sh/discovery" = local.eks_cluster_name },
  local.my_tags)
}

Expected behavior

Being able to create an eks cluster

Actual behavior

Error due to not-yet-known resources

Terminal Output Screenshot(s)

Error: Invalid for_each argument

  on .terraform/modules/eks_cluster/main.tf line 208, in resource "aws_iam_role_policy_attachment" "this":
 208:   for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
 209:     "${local.policy_arn_prefix}/AmazonEKSClusterPolicy",
 210:     "${local.policy_arn_prefix}/AmazonEKSVPCResourceController",
 211:   ], var.iam_role_additional_policies)))) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.


Error: Invalid for_each argument

  on .terraform/modules/eks_cluster/modules/fargate-profile/main.tf line 47, in resource "aws_iam_role_policy_attachment" "this":
  47:   for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
  48:     "${local.iam_role_policy_prefix}/AmazonEKSFargatePodExecutionRolePolicy",
  49:     var.iam_role_attach_cni_policy ? local.cni_policy : "",
  50:   ], var.iam_role_additional_policies)))) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.


Error: Invalid for_each argument

  on .terraform/modules/eks_cluster/modules/fargate-profile/main.tf line 47, in resource "aws_iam_role_policy_attachment" "this":
  47:   for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
  48:     "${local.iam_role_policy_prefix}/AmazonEKSFargatePodExecutionRolePolicy",
  49:     var.iam_role_attach_cni_policy ? local.cni_policy : "",
  50:   ], var.iam_role_additional_policies)))) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

[ulm0]

welp, seems like my issue is duplicated of #1753 #1782

[Sumathi-Baskar]

The issue stated above persists. However, I went ahead and commented the resource "aws_iam_role_policy_attachment" but seeing other errors with respect to subnet_ids and desired size not enough .

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.