On each terraform apply, the provider compares the current aws-auth configmap against the desired configmap contents, and run eksctl create iamidentitymapping to create additional mappings and eksctl delete iamidentitymapping to delete redundant mappings.
I've noticed this doesn't track any remote CM modifications and leads to drift without ever modifying TF's state. eg:
terraform apply a cluster config using this module.
modify aws-auth on the cluster via kubectl
terraform plan - modifications to the remote aws-auth cm aren't noticed, and no changes to apply are reported by this provider.
the readme states:
I've noticed this doesn't track any remote CM modifications and leads to drift without ever modifying TF's state. eg:
terraform apply
a cluster config using this module.terraform plan
- modifications to the remoteaws-auth
cm aren't noticed, and no changes to apply are reported by this provider.