The aws-auth submodule for the aws/eks module no longer validates

[zenbones]

In the terraform-aws-modules/eks/aws module version 19.17.2 this worked...

module "eks" {
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

But with version 20.14.0 I get...

 Error: Unsupported argument
│
│   on eks-cluster.tf line 90, in module "eks":
│   90:   manage_aws_auth_configmap = true
│
│ An argument named "manage_aws_auth_configmap" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on eks-cluster.tf line 91, in module "eks":
│   91:   aws_auth_roles = [
│
│ An argument named "aws_auth_roles" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on eks-cluster.tf line 98, in module "eks":
│   98:   aws_auth_users = var.eks_additional_users
│
│ An argument named "aws_auth_users" is not expected here.

But checking the docs for aws-auth, the example seems to show that this should still work.

[bryantbiggs]

that is not true - its no longer in the root module, you need to define a new sub-module definition to use that

[zenbones]

First, thank you for the response. The docs should probably be updated... And not to be too dense, but by submodule definition, I should insert something like...

module "eks" {
  aws_auth = {
    manage_aws_auth_configmap = true
    aws_auth_roles = [
      {
        rolearn  = data.aws_iam_role.karpenter_instance.arn
        username = "system:node:{{EC2PrivateDNSName}}"
        groups   = ["system:bootstrappers", "system:nodes"]
      },
    ]
    aws_auth_users = var.eks_additional_users
  }
}

...because I make my way through these things by documentation as opposed to actually knowing what I'm doing.

[zenbones]

I figured out the module declaration. Thnks.