[Bug]: bootstrap_self_managed_addons causes aws_eks_cluster imports to recreate the cluster

[miguelhar]

Terraform Core Version

1.9.3

AWS Provider Version

5.64.0

Affected Resource(s)

aws_eks_cluster

Expected Behavior

import {
  to = aws_eks_cluster.test
   id = "test-cluster"
 }

The import should not cause the cluster to be recreated.

Actual Behavior

1. Create an eks cluster.
2. Remove it from the state
3. Import the cluster
4. Cluster is destroyed

   # aws_eks_cluster.test must be replaced
   # (imported from "test-cluster")
   # Warning: this will destroy the imported resource
   -/+ resource "aws_eks_cluster" "test" {
     ~ bootstrap_self_managed_addons = false -> true # forces replacement

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
}

resource "aws_eks_cluster" "test" {
  name     = "test-cluster"
  role_arn = aws_iam_role.eks_role.arn

  vpc_config {
    subnet_ids = [aws_subnet.suba.id, aws_subnet.subb.id]
  }
}

resource "aws_iam_role" "eks_role" {
  name = "eks_cluster_role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = "eks.amazonaws.com"
      }
    }]
  })
}

resource "aws_iam_role_policy_attachment" "eks_role_attachment" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = aws_iam_role.eks_role.name
}

resource "aws_vpc" "test" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "suba" {
  vpc_id            = aws_vpc.test.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-west-2a"
}

moved {
  from = aws_subnet.sub2
  to   = aws_subnet.subb
}

resource "aws_subnet" "subb" {
  vpc_id            = aws_vpc.test.id
  cidr_block        = "10.0.2.0/24"
  availability_zone = "us-west-2b"
}

Steps to Reproduce

1. Create an eks cluster using the minimal configuration provided.

$ terraform state list

aws_eks_cluster.test
aws_iam_role.eks_role
aws_iam_role_policy_attachment.eks_role_attachment
aws_subnet.suba
aws_subnet.subb
aws_vpc.test

2. Remove cluster from the state

   $ terraform state rm aws_eks_cluster.test
   Removed aws_eks_cluster.test
   Successfully removed 1 resource instance(s).

3. Import it by adding the following to the configuration.

   import {
   to = aws_eks_cluster.test
   id = "test-cluster"
   }

4. Run terraform plan

5. Plan shows the cluster being recreated.

   # aws_eks_cluster.test must be replaced
   # (imported from "test-cluster")
   # Warning: this will destroy the imported resource
   -/+ resource "aws_eks_cluster" "test" {
     ~ bootstrap_self_managed_addons = false -> true # forces replacement

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[ewbankkit]

@miguelhar Thanks for raising this issue. It has already been noticed in #38950. I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue. Please add any additional comments there.

[github-actions[bot]]

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.