Skip to content

v0.43.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 06 Nov 00:05
0.43.3
5439d06
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Note: This release introduced a bug in setting the IAM policy for the service role. Update to 0.44.0 or roll back to 0.43.2.

🚀 Enhancements

Prevent creating log group by the iam role @nitrocode (#132)

what

  • Prevent creating log group by the iam role

why

See: hashicorp/terraform#14750, terraform-aws-modules/terraform-aws-eks#920

This is happening because EKS Cluster gets destroyed after Terraform delete the Cloudwatch Log Group. The AmazonEKSServicePolicy IAM policy (that is assigned to EKS Cluster role by default within this module) has permissions to CreateLogGroup and anything else needed to continue to logging correctly. When the Terraform destroys the Cloudwatch Log Group, the EKS Cluster that is running create it again. Then, when you run Terraform Apply again, the Cloudwatch Log Group doesn't exist in your state anymore (because the Terraform actually destroyed it) and the Terraform doesn't know this resource created outside him. terraform-aws-modules/terraform-aws-eks/issues/920

references

Contributors

Nuru, nitrocode, and haarchri
Assets 2
Loading