From 6575c456372097c9864d38d29704df52ffe8f7be Mon Sep 17 00:00:00 2001 From: Piotr Roszatycki Date: Sun, 10 Mar 2024 23:00:29 +0100 Subject: [PATCH] Do not attach policy if role is not created --- modules/karpenter/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf index 719ceacc6e..6ce53f968b 100644 --- a/modules/karpenter/main.tf +++ b/modules/karpenter/main.tf @@ -570,7 +570,7 @@ resource "aws_iam_role_policy_attachment" "node" { AmazonEC2ContainerRegistryReadOnly = "${local.node_iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly" AmazonEKS_CNI_IPv6_Policy = var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" ? local.cni_policy : "" AmazonEKS_CNI_Policy = var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" ? local.cni_policy : "" - } : k => v if var.create && var.create_iam_role && v != "" } + } : k => v if local.create_node_iam_role && v != "" } policy_arn = each.value role = aws_iam_role.node[0].name