Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security group tags created by EKS could be overridden #2006

Closed
pcheung-sfdc opened this issue Apr 11, 2022 · 5 comments · Fixed by #2010
Closed

Security group tags created by EKS could be overridden #2006

pcheung-sfdc opened this issue Apr 11, 2022 · 5 comments · Fixed by #2010

Comments

@pcheung-sfdc
Copy link

Description

Starting with 18.14.0, this introduced a resource to override tags of the cluster primary SG. This could be used to override a tag used by EKS to delete the SG when destroying the cluster, leaving the SG lingering and unmanaged, which can prevent destroying the VPC it's in.

  • [ X] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: 18.14.0 and above

  • Terraform version: v1.1.7

  • Provider version(s): ~v4.0

Reproduction Code [Required]

Steps to reproduce the behavior:
Pass in a "Name" tag to the module like for example:

module "eks" {
...
  tags = {
    Name = "foo"
  }
}

Expected behavior

The cluster primary SG is automatically generated when creating an EKS cluster is also automatically removed when destroying the cluster.

Actual behavior

The cluster primary SG is not being destroyed if its tags are overridden.

Terminal Output Screenshot(s)

Additional context
@bryantbiggs
Copy link
Member

you should be able to re-override using cluster_tags

@pcheung-sfdc
Copy link
Author

Any good reason not to set the cluster_tags?
If not, I can create a PR to specify the cluster_tags

@bryantbiggs
Copy link
Member

No - we try to provide an "additional" tag for select resources where users might want to provide tags specific to that resource. var.tags is generic across all resources and var.cluster_tags is applied to just the cluster (i.e. - control plane)

@pcheung-sfdc pcheung-sfdc mentioned this issue Apr 11, 2022
Closed
@bryantbiggs bryantbiggs mentioned this issue Apr 12, 2022
Merged
3 tasks
@antonbabenko
Copy link
Member

This issue has been resolved in version 18.20.2 🎉

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 12, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@antonbabenko @bryantbiggs @pcheung-sfdc