enabling bootstrap_cluster_creator_admin_permissions isn't working

[elchananmizrachi]

Description

Hi,

I'm trying to enable bootstrap_cluster_creator_admin_permissions as described here: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L39 But it's not working.

I don't understand why it's hardcoded instead of variable with default value.

Versions

• Module version [Required]: I'm using the latest, "20.24.0"

• Terraform version: Terraform v1.6.3

• Provider version(s): on darwin_arm64

• provider registry.terraform.io/hashicorp/aws v5.65.0

• provider registry.terraform.io/hashicorp/cloudinit v2.3.4

• provider registry.terraform.io/hashicorp/kubernetes v2.32.0

• provider registry.terraform.io/hashicorp/null v3.2.2

• provider registry.terraform.io/hashicorp/time v0.12.0

• provider registry.terraform.io/hashicorp/tls v4.0.4

Reproduction Code [Required]

Run terraform apply

Steps to reproduce the behavior:

No Yes ## Expected behavior This value to be true: `bootstrap_cluster_creator_admin_permissions = ture ` ``` # module.eks.aws_eks_cluster.this[0] will be created + resource "aws_eks_cluster" "this" { + arn = (known after apply) + bootstrap_self_managed_addons = true + certificate_authority = (known after apply) + cluster_id = (known after apply) + created_at = (known after apply) + enabled_cluster_log_types = [ + "api", + "audit", + "authenticator", ] + endpoint = (known after apply) + id = (known after apply) + identity = (known after apply) + name = "prod" + platform_version = (known after apply) + role_arn = (known after apply) + status = (known after apply) + tags = { + "Environment" = "prod" + "Terraform" = "true" + "karpenter.sh/discovery" = "prod" + "terraform-aws-modules" = "eks" } + tags_all = { + "Environment" = "prod" + "Terraform" = "true" + "karpenter.sh/discovery" = "prod" + "terraform-aws-modules" = "eks" } + version = "1.28" + access_config { + authentication_mode = "CONFIG_MAP" + bootstrap_cluster_creator_admin_permissions = **true** } ``` ## Actual behavior See output ### Terminal Output Screenshot(s) + access_config { + authentication_mode = "CONFIG_MAP" + bootstrap_cluster_creator_admin_permissions = **false** } ## Additional context Terraform: ``` module "eks" { source = "terraform-aws-modules/eks/aws" version = "20.24.0" cluster_name = var.name cluster_version = var.cluster_version authentication_mode = var.authentication_mode enable_cluster_creator_admin_permissions = true cluster_endpoint_private_access = var.cluster_endpoint_private_access cluster_additional_security_group_ids = [aws_security_group.eks_app_connector_security_group.id] cluster_addons = var.cluster_addons kms_key_administrators = ["arn:aws:iam::${var.aws_account_id}:root"] vpc_id = var.vpc_id subnet_ids = var.subnet_ids enable_irsa = var.enable_irsa eks_managed_node_groups = var.eks_managed_node_groups tags = merge(var.tags, { "karpenter.sh/discovery" = var.name }) } ``` In version 19.20.0 the default value is ConfigMap. as it should.  

[bryantbiggs]

I don't understand why it's hardcoded instead of variable with default value.

You linked to where we provided information as to why its hardcoded to this value - because its a one time operation and instead we can achieve similar functionality using the EKS API which can later be disabled through code if desired

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.