Skip to content

Cant reconcile after importing existing eks_cluster and security_group due to vpc_configs #3343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
miguelzenteno opened this issue Apr 16, 2025 · 0 comments
Open
1 task done

Cant reconcile after importing existing eks_cluster and security_group due to vpc_configs #3343

miguelzenteno opened this issue Apr 16, 2025 · 0 comments
Labels
question

Comments

@miguelzenteno
Copy link

miguelzenteno commented Apr 16, 2025
edited
Loading

Description

Trying to import an cluster, but it fails while trying to add the already existing cluster security group.

So this line of code:

  vpc_config {
    security_group_ids      = compact(distinct(concat(var.cluster_additional_security_group_ids, [local.cluster_security_group_id])))

The issue comes with the fact that I'm trying to adopt this module and I'm importing resources created previously, including the cluster and the cluster security group.

while running a plan I get something like this:

      ~ vpc_config {
          ~ security_group_ids        = [
              + "sg-0f6f860f5357a8177",
                # (1 unchanged element hidden)
            ]
            # (6 unchanged attributes hidden)
        }

considering that I only have 1 additional security group, it seems like it's trying to add the cluster SG again, but if I take a look at the state file (after importing the cluster) I have this:

    vpc_config {
        cluster_security_group_id = "sg-0f6f860f5357a8177"
        endpoint_private_access   = true
        endpoint_public_access    = false
        public_access_cidrs       = []
        security_group_ids        = [
            "sg-0882dfbd2e7ba9a28", <-- additional security group
            "sg-0f6f860f5357a8177", <-- cluster security group, as seen above
        ]

So I'm not sure if this is an issue with the module or with the aws provider itself.

  • ✋ I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]: 20.35.0

  • Terraform version: Terraform v1.11.3

  • Provider version(s): 5.94.1

Reproduction Code [Required]

Steps to reproduce the behavior:

  1. Import existing eks_cluster and existing cluster security group
  2. Terraform plan should show that it will try to add the sg id that already exists.
    I'm not using workspaces and I have cleared my local cache

Expected behavior

Terraform tries to add an existing sg to a state file that already has the sg

Actual behavior

Clean plan without the addition of the sg that already exists on the state file

Terminal Output Screenshot(s)

Image Image

Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bryantbiggs @miguelzenteno