feat: Apply distinct() on role arns to ensure no duplicated roles in aws-auth configmap (terraform-aws-modules#2097)

Author: chrissng

main.tf

@@ -356,21 +356,33 @@ resource "aws_eks_identity_provider_config" "this" {
 ################################################################################
 
 locals {
-  node_iam_role_arns_non_windows = compact(concat(
-    [for group in module.eks_managed_node_group : group.iam_role_arn],
-    [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
-    var.aws_auth_node_iam_role_arns_non_windows,
-  ))
-
-  node_iam_role_arns_windows = compact(concat(
-    [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
-    var.aws_auth_node_iam_role_arns_windows,
-  ))
-
-  fargate_profile_pod_execution_role_arns = compact(concat(
-    [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
-    var.aws_auth_fargate_profile_pod_execution_role_arns,
-  ))
+  node_iam_role_arns_non_windows = distinct(
+    compact(
+      concat(
+        [for group in module.eks_managed_node_group : group.iam_role_arn],
+        [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
+        var.aws_auth_node_iam_role_arns_non_windows,
+      )
+    )
+  )
+
+  node_iam_role_arns_windows = distinct(
+    compact(
+      concat(
+        [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
+        var.aws_auth_node_iam_role_arns_windows,
+      )
+    )
+  )
+
+  fargate_profile_pod_execution_role_arns = distinct(
+    compact(
+      concat(
+        [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
+        var.aws_auth_fargate_profile_pod_execution_role_arns,
+      )
+    )
+  )
 
   aws_auth_configmap_data = {
     mapRoles = yamlencode(concat(

outputs.tf

@@ -185,10 +185,10 @@ output "aws_auth_configmap_yaml" {
   description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
   value = templatefile("${path.module}/templates/aws_auth_cm.tpl",
     {
-      eks_managed_role_arns                   = compact([for group in module.eks_managed_node_group : group.iam_role_arn])
-      self_managed_role_arns                  = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"])
-      win32_self_managed_role_arns            = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"])
-      fargate_profile_pod_execution_role_arns = compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn])
+      eks_managed_role_arns                   = distinct(compact([for group in module.eks_managed_node_group : group.iam_role_arn]))
+      self_managed_role_arns                  = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]))
+      win32_self_managed_role_arns            = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]))
+      fargate_profile_pod_execution_role_arns = distinct(compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]))
     }
   )
 }