Fargate Profile Creation Can Only Occur on Private Subnets But Allows Input From Both Public & Private Subnets

[Mouftizo]

I have issues

I am currently creating an EKS cluster, and enabling the creation of a Fargate profile as well (like create_fargate_pod_execution_role = true). I am deploying EKS on both public and private subnets. It looks to me that all the subnets get passed on to the fargate module, while (to my understanding) fargate can only be deployed on private subnets (documented here).

I'm submitting a...

• bug report
• feature request
• support request - read the FAQ first!
• kudos, thank you, warm fuzzy

What is the current behavior?

I am currently deploying eks like:

# Create EKS Cluster
module "eks_cluster" {
  source                            = "terraform-aws-modules/eks/aws"
  version                           = "13.2.1"
  cluster_name                      = "${var.project_name}-${var.env_name}"
  cluster_version                   = var.cluster_version
  vpc_id                            = var.vpc_id
  cluster_enabled_log_types         = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
  enable_irsa                       = true
  subnets                           = concat(var.private_subnet_ids, var.public_subnet_ids)
  create_fargate_pod_execution_role = true
  fargate_profiles                  = {
    # Specifying Fargate profile (name will be generated in form: [cluster_name]-fargate-[fargate_profile_map_key]
    "${var.project_name}-${var.env_name}" = {
      # Specifying namespace for Fargate
      namespace = kubernetes_namespace.namespace.id
      # Specifying tags for Fargate
      tags      = {
        Terraform   = "true"
        Project     = var.project_name
        Environment = var.env_name
      }
    }
  }

Note that I included both public and private subnets. Upon trying to create the cluster, I get the error:

Error: error creating EKS Fargate Profile (foo-dev:foo-dev-fargate-foo-dev): InvalidParameterException: Subnet subnet-<redacted> provided in Fargate Profile is not a private subnet
{
  RespMetadata: {
    StatusCode: 400,
    RequestID: "<redacted>"
  },
  Message_: "Subnet subnet-<redacted> provided in Fargate Profile is not a private subnet"
}

If this is a bug, how to reproduce? Please include a code sample if relevant.

To reproduce the bug just try to create a fargate profile with public and private subnets

What's the expected behavior?

I would have expected that we can input public and private subnets separately into the module and only pass the private ones on to fargate

Are you able to fix this problem and submit a PR? Link here if you have already.

I am not 100% sure if that is a bug or there is something I am doing wrong.In the case this is a bug I am happy to work on a fix myself.

Environment details

• Affected module version: 13.2.1
• OS: OSX
• Terraform version: 0.13.5

Any other relevant info

UPDATE:
I believe this is covered by the following PR. Closing.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.