eks-managed-node-group requires cluster_service_cidr when use_custom_launch_template = false

[cpboyd]

Description

eks-managed-node-group module still requires the variable cluster_service_cidr when use_custom_launch_template = false is specified, because of the underlying lifecycle precondition check in user_data: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/modules/_user_data/main.tf#L5-L14

This is, sadly, a limitation of Terraform in that anytime the module is defined, all checks must pass.

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 20.10.0

• Terraform version:

OpenTofu v1.7.1
on darwin_arm64
+ provider registry.opentofu.org/hashicorp/aws v5.48.0
+ provider registry.opentofu.org/hashicorp/cloudinit v2.3.4
+ provider registry.opentofu.org/hashicorp/null v3.2.2

• Provider version(s):

OpenTofu v1.7.1
on darwin_arm64
+ provider registry.opentofu.org/hashicorp/aws v5.48.0
+ provider registry.opentofu.org/hashicorp/cloudinit v2.3.4
+ provider registry.opentofu.org/hashicorp/null v3.2.2

Reproduction Code [Required]

module "eks_managed_node_group" {
  source = "terraform-aws-modules/eks/aws//modules/eks-managed-node-group"

  name            = "separate-eks-mng"
  cluster_name    = "my-cluster"
  cluster_version = "1.27"

  subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]

  // Note: `disk_size`, and `remote_access` can only be set when using the EKS managed node group default launch template
  // This module defaults to providing a custom launch template to allow for custom security groups, tag propagation, etc.
  use_custom_launch_template = false
  disk_size                  = 100

  min_size     = 1
  max_size     = 10
  desired_size = 1

  instance_types = ["t3.large"]

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Steps to reproduce the behavior:

1. apply above code

Expected behavior

user_data checks are unnecessary when use_custom_launch_template = false

Actual behavior

Must still define cluster_service_cidr

Terminal Output Screenshot(s)

│ Error: Resource precondition failed
│ 
│   on ../_user_data/main.tf line 10, in resource "null_resource" "validate_cluster_service_cidr":
│   10:       condition     = var.create ? length(local.cluster_service_cidr) > 6 : true
│     ├────────────────
│     │ local.cluster_service_cidr is ""
│     │ var.create is true
│ 
│ `cluster_service_cidr` is required when `create = true`.

Additional context

[cpboyd]

Potential fix:

module "user_data" {
  source = "../_user_data"

  create   = var.create && var.create_launch_template && var.use_custom_launch_template
...
}