Add support for instance_metadata_tags in the metadata_options (aws provider v3.72.0)

[romogo17]

Is your request related to a problem? Please describe.

On Jan 13, 2022, a new version of the terraform aws provider was released (v3.72.0)

This release add support for instance_metadata_tags to the metadata_options

resource/aws_launch_template: Add the instance_metadata_tags argument to the metadata_options configuration block (#22463)

The default for instance_metadata_tags is "disabled"

After updating the provider, I got the following diff in one of my managed node groups, stating instance_metadata_tags was going to be setup as disabled

  ~ resource "aws_launch_template" "this" {
      ~ default_version                      = 1 -> (known after apply)
        id                                   = "lt-0000022222222"
      ~ latest_version                       = 1 -> (known after apply)
        name                                 = "XXXXYYYYYZZZZZZ"
        # (16 unchanged attributes hidden)

      ~ metadata_options {
          + instance_metadata_tags      = "disabled"
            # (4 unchanged attributes hidden)
        }

        # (4 unchanged blocks hidden)
    }

This option is not available in the eks-managed-node-group module.

terraform-aws-eks/modules/eks-managed-node-group/main.tf

Lines 177 to 185 in cf985c2

	dynamic "metadata_options" {
	for_each = var.metadata_options != null ? [var.metadata_options] : []
	content {
	http_endpoint = lookup(metadata_options.value, "http_endpoint", null)
	http_tokens = lookup(metadata_options.value, "http_tokens", null)
	http_put_response_hop_limit = lookup(metadata_options.value, "http_put_response_hop_limit", null)
	http_protocol_ipv6 = lookup(metadata_options.value, "http_protocol_ipv6", null)
	}
	}

Describe the solution you've considered

• Add instance_metadata_tags to the metadata_options in the eks-managed-node-group module.
  

  terraform-aws-eks/modules/eks-managed-node-group/main.tf

  Lines 177 to 185 in cf985c2

  	dynamic "metadata_options" {
  	for_each = var.metadata_options != null ? [var.metadata_options] : []
  	content {
  	http_endpoint = lookup(metadata_options.value, "http_endpoint", null)
  	http_tokens = lookup(metadata_options.value, "http_tokens", null)
  	http_put_response_hop_limit = lookup(metadata_options.value, "http_put_response_hop_limit", null)
  	http_protocol_ipv6 = lookup(metadata_options.value, "http_protocol_ipv6", null)
  	}
  	}

• Also, add a default for it in the metadata_options variable
  

  terraform-aws-eks/modules/eks-managed-node-group/variables.tf

  Lines 213 to 221 in cf985c2

  	variable "metadata_options" {
  	description = "Customize the metadata options for the instance"
  	type = map(string)
  	default = {
  	http_endpoint = "enabled"
  	http_tokens = "required"
  	http_put_response_hop_limit = 2
  	}
  	}

• Although, if I'm not wrong this would also require bumping up the provider version to >= v3.72.0
  

  terraform-aws-eks/versions.tf

  Lines 4 to 8 in cf985c2

  	required_providers {
  	aws = {
  	source = "hashicorp/aws"
  	version = ">= 3.64"
  	}

Describe alternatives you've considered.

• Add a version constraint to the aws provider so that v3.72.0 is not picked

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.64, < 3.72.0"
    }
  }

[antonbabenko]

This issue has been resolved in version 18.2.0 🎉

[romogo17]

Wow, that was fast! 🚀
Thank you very much, @bryantbiggs & @antonbabenko !

[antonbabenko]

35 seconds to be precise :)

[syabruk]

@antonbabenko
Module v18 has a lot of breaking changes that prevent me from upgrading the module, but the issue appears even in v17 with aws provider v3.72.0. Do you plan to backport the fix to v17?

[antonbabenko]

We have no plans to backport this to v17.

There is a detailed upgrade guide explaining all the changes in v18. If you have questions, you can search for existing issues or ask a question.

[ivankovnatsky]

@antonbabenko Module v18 has a lot of breaking changes that prevent me from upgrading the module, but the issue appears even in v17 with aws provider v3.72.0. Do you plan to backport the fix to v17?

You can use a separate module for self/eks/fargate modules under https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/. and point to 18.x.x tag.

I myself will be upgrading node groups, then eks module.

[syabruk]

@ivankovnatsky, thanks for the idea, I'll take it into account

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.