EKS Add-ons v1.18 seems to not like my default tags

[mmoreno43]

Description

Hello, the latest release (1.18.0) has broke my terraform. It seems as though it does not like the tags I have in place in my default tags.

• [x ] ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 1.18.0

• Terraform version: 1.6.4

• Provider version(s): aws v5.73.0 null v3.2.3 external v2.3.4 local v2.5.2 time v0.12.1 kubernetes v2.33.0 helm v2.16.1 tls v4.0.6 cloudinit v2.3.5

Reproduction Code [Required]

main.tf

module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"

  cluster_name      = module.eks_dev.cluster_name #update eks module
  cluster_endpoint  = module.eks_dev.cluster_endpoint #update eks module
  cluster_version   = module.eks_dev.cluster_version #update eks module
  oidc_provider_arn = module.eks_dev.oidc_provider_arn #update eks module

  enable_cluster_autoscaler = true
  cluster_autoscaler = {
    values = [
    "${file("${path.module}/helm-charts/cluster-autoscaler.yaml")}"
    ]

    set = [{
        name = "fullnameOverride"
        value = "cluster-autoscaler"
    }] 
  }

  enable_external_dns = true
  external_dns = {
    values = [
    "${file("${path.module}/helm-charts/external-dns.yaml")}"
    ]
  }
  external_dns_route53_zone_arns = [
    "arn:aws:route53:::hostedzone/xxxxxxxxx", #update hosted zone ID
  ]

  enable_ingress_nginx = true
  ingress_nginx = {
    values = [
    "${file("${path.module}/helm-charts/ingress-nginx.yaml")}"
    ]

    set = [{
        name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-subnets" 
        value = "${data.terraform_remote_state.all.outputs.module_paas_subnet_01_id}\\,${data.terraform_remote_state.all.outputs.module_paas_subnet_02_id}\\,${data.terraform_remote_state.all.outputs.module_paas_subnet_03_id}\\,${data.terraform_remote_state.all.outputs.module_paas_subnet_04_id}"
        #update values to VPC ids
    }]
  }

  enable_aws_efs_csi_driver = true
  aws_efs_csi_driver = {
    set = [{
        name  = "useFips"   
        value = "true"
    }]

    set = [{
        name  = "controller.serviceAccount.create"  
        value = "true"
    }]

    set = [{
        name  = "controller.serviceAccount.name"    
        value = "efs-csi-controller-sa"
    }]

  }

  tags = {
  }

  enable_metrics_server = true
  metrics_server = {
    values = [
      "${file("${path.module}/helm-charts/metrics-server.yaml")}"      
    ]
    set = [
      {
        name  = "forceInstall" #make sure it is installed, even when terraform states marks as no change
        value = "true"
      },
      {
        name  = "apiService.create"
        value = "true"
      }
    ]
  }

}

providers.tf

provider "aws" {
    region  = "us-west-2"
    assume_role {
        role_arn = "arn:aws:iam::ENV_AWS_ACCOUNT_NUMBER:role/xxxx"
    }
    default_tags {
        tags = {
            "Business Unit"              = var.Business_Unit
            "Cost Center"                = var.Cost_Center
            "Technology Business Unit"   = var.Technology_Business_Unit
            "IT Owner"                   = var.IT_Owner
            "Ops Team"                   = var.Ops_Team
            "Product App Name"           = var.Product_App_Name
            "IT Support Team"            = var.IT_Support_Team
            "SNOW Asset ID"              = var.SNOW_Asset_ID
            "App Type"                   = var.App_Type
            "Platform Name"              = var.Platform_Name
            "Jenkins Org Pipeline"       = var.Jenkins_Org_Pipeline
            "CI Code Repository"         = var.CI_Code_Repository
            "CD Code Repository"         = var.CD_Code_Repository
            "Environment"                = "${var.Environment}"
            "Business Department"        = var.Business_Department
            "Secrets PF"                 = var.Secrets_PF
            "Break Glass PF"             = var.Break_Glass_PF
            "Logs PF"                    = "${var.Logs_PF}"
            "Security Scans"             = "${var.Security_Scans}"
            "Xmatters"                   = var.Xmatters
            "Documentation URL"          = var.Documentation_URL

      }
    }
}

terraform.tfvars

Business_Unit               = "TECH"
Cost_Center                 = "kjds98C-IT-djd-jsdls"
Technology_Business_Unit    = "Tech Tesh"
IT_Owner                    = "John Apple"
Ops_Team                    = "Test Tech"
Product_App_Name            = "TEST"
IT_Support_Team             = "TEST"
SNOW_Asset_ID               = ""
App_Type                    = ""
Platform_Name               = "TEST"
Jenkins_Org_Pipeline        = "https://jenkins.com"
CI_Code_Repository          = "https://github.com"
CD_Code_Repository          = "https://github.com"
Artifact_Package            = ""
Environment                 = "ENV_ENVIRONMENT_NAME"
Business_Department         = "TECH"
Secrets_PF                  = "Vault"
Break_Glass_PF              = "CyberArk"
Logs_PF                     = "Cloud Watch/Cloud Trail"
Security_Scans              = "Laceworks"
Xmatters                    = ""
Documentation_URL           = "https://confluence.com/wiki/spaces/TEST"

Steps to reproduce the behavior:

terraform init terraform plan terraform apply

Expected behavior

I expect that Terraform will successfully apply "module.eks_blueprints_addons.aws_cloudformation_stack.usage_telemetry[0]."

Actual behavior

Terraform fails during apply

Terminal Output Screenshot(s)

Additional context

We have been using this module on in our environment for a while across multiple clusters. Would it be possible to have a flag so that we can disable this if we don't want it so that we aren't pinned to version 1.17.0 and can receive future updates?

[bryantbiggs]

we can probably add something to paper over this but it looks like the issue is that you are providing tags without values

SNOW_Asset_ID               = ""
App_Type                    = ""

[bryantbiggs]

actually, I take that back - we could do something if these values were passed directly to the module, but these are provided via the default_tags on the provider which we don't have access to those. you'll need to ensure you provide values for the associated keys supplied with tags

[mmoreno43]

Could we make this a true/false input to deploy this or not? We create other AWS resources that are not affected by this but CloudFormation.

[WarpRat]

Or at least include a random string after the stack name. We invoke this module multiple times in our EKS module to time different groups of addons that need to be deployed to a cluster in a specific order, v1.18.0 breaks that for us with no way to override the stack name from matching the cluster name. We don't mind sharing telemetery but I don't think users only invoking this module once per cluster name is a safe assumption.

edit: Sorry, I guess I didn't read the initial issue closely enough. We're having a similar problem but with a name conflict on the telemetry cloudformation stack name. I'm happy to open a separate issue for that if it would be helpful.