devopsmakers · romga · Feb 6, 2022 · May 10, 2022 · May 11, 2022 · May 11, 2022
diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ No provider.
 | worker\_ami\_name\_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
 | worker\_ami\_name\_filter\_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
 | worker\_ami\_owner\_id | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"602401143452"` | no |
-| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"801119661308"` | no |
+| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"402743460324"` | no |
 | worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no |
 | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no |
 | worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers\_group\_defaults for valid keys. | `any` | `[]` | no |

diff --git a/modules/control_plane/outputs.tf b/modules/control_plane/outputs.tf
@@ -1,26 +1,26 @@
 output "cluster_id" {
   description = "The name/id of the EKS cluster."
-  value       = element(concat(aws_eks_cluster.this.*.id, list("")), 0)
+  value       = element(concat(aws_eks_cluster.this.*.id, tolist([""])), 0)
 }
 
 output "cluster_arn" {
   description = "The Amazon Resource Name (ARN) of the cluster."
-  value       = element(concat(aws_eks_cluster.this.*.arn, list("")), 0)
+  value       = element(concat(aws_eks_cluster.this.*.arn, tolist([""])), 0)
 }
 
 output "cluster_certificate_authority_data" {
   description = "Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster."
-  value       = element(concat(aws_eks_cluster.this[*].certificate_authority[0].data, list("")), 0)
+  value       = element(concat(aws_eks_cluster.this[*].certificate_authority[0].data, tolist([""])), 0)
 }
 
 output "cluster_endpoint" {
   description = "The endpoint for your EKS Kubernetes API."
-  value       = element(concat(aws_eks_cluster.this.*.endpoint, list("")), 0)
+  value       = element(concat(aws_eks_cluster.this.*.endpoint, tolist([""])), 0)
 }
 
 output "cluster_version" {
   description = "The Kubernetes server version for the EKS cluster."
-  value       = element(concat(aws_eks_cluster.this[*].version, list("")), 0)
+  value       = element(concat(aws_eks_cluster.this[*].version, tolist([""])), 0)
 }
 
 output "cluster_security_group_id" {
@@ -35,7 +35,7 @@ output "cluster_iam_role_arn" {
 
 output "cluster_oidc_issuer_url" {
   description = "The URL on the EKS cluster OIDC Issuer"
-  value       = var.enable_irsa ? flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0] : null
+  value       = var.enable_irsa ? flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, tolist([""])))[0] : null
 }
 
 output "cloudwatch_log_group_name" {
@@ -45,15 +45,15 @@ output "cloudwatch_log_group_name" {
 
 output "kubeconfig" {
   description = "kubectl config file contents for this EKS cluster."
-  value       = concat(data.template_file.kubeconfig[*].rendered, [""])[0]
+  value       = concat(data.template_file.kubeconfig[*].rendered, tolist([""]))[0]
 }
 
 output "kubeconfig_filename" {
   description = "The filename of the generated kubectl config."
-  value       = concat(local_file.kubeconfig.*.filename, [""])[0]
+  value       = concat(local_file.kubeconfig.*.filename, tolist([""]))[0]
 }
 
 output "oidc_provider_arn" {
   description = "The ARN of the OIDC Provider if `enable_irsa = true`."
-  value       = var.enable_irsa ? concat(aws_iam_openid_connect_provider.oidc_provider[*].arn, [""])[0] : null
+  value       = var.enable_irsa ? concat(aws_iam_openid_connect_provider.oidc_provider[*].arn, tolist([""]))[0] : null
 }
diff --git a/modules/worker_groups/README.md b/modules/worker_groups/README.md
@@ -33,7 +33,7 @@ This submodule is designed for use by both the parent `eks` module and by the us
 | worker\_ami\_name\_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
 | worker\_ami\_name\_filter\_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
 | worker\_ami\_owner\_id | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"602401143452"` | no |
-| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"801119661308"` | no |
+| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"402743460324"` | no |
 | worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no |
 | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no |
 | worker\_groups | Map of map of worker groups to create. See documentation above for more details. | `any` | `{}` | no |

diff --git a/modules/worker_groups/locals.tf b/modules/worker_groups/locals.tf
@@ -73,6 +73,10 @@ locals {
     spot_allocation_strategy                 = "lowest-price" # Valid options are 'lowest-price' and 'capacity-optimized'. If 'lowest-price', the Auto Scaling group launches instances using the Spot pools with the lowest price, and evenly allocates your instances across the number of Spot pools. If 'capacity-optimized', the Auto Scaling group launches instances using Spot pools that are optimally chosen based on the available Spot capacity.
     spot_instance_pools                      = 10             # "Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify."
     spot_max_price                           = ""             # Maximum price per unit hour that the user is willing to pay for the Spot instances. Default is the on-demand price
+    http_endpoint               = "disabled" # Whether the metadata service is available
+    http_tokens                 = "optional" # Whether or not the metadata service requires session tokens
+    http_put_response_hop_limit = 1 # The desired HTTP PUT response hop limit for instance metadata requests
+    instance_metadata_tags = "disabled" # Enables or disables access to instance tags from the instance metadata service
   }
 
   # Merge defaults and per-group values to make code cleaner

diff --git a/modules/worker_groups/variables.tf b/modules/worker_groups/variables.tf
@@ -88,7 +88,7 @@ variable "worker_ami_owner_id" {
 variable "worker_ami_owner_id_windows" {
   description = "The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
   type        = string
-  default     = "801119661308" // The ID of the owner of the official AWS EKS Windows AMIs.
+  default     = "402743460324" // The ID of the owner of the official AWS EKS Windows AMIs.
 }
 
 variable "manage_worker_iam_resources" {

diff --git a/modules/worker_groups/worker_groups.tf b/modules/worker_groups/worker_groups.tf
@@ -32,7 +32,7 @@ resource "aws_autoscaling_group" "worker_groups" {
 
   dynamic "mixed_instances_policy" {
     iterator = item
-    for_each = (lookup(each.value, "override_instance_types", null) != null) || (lookup(each.value, "on_demand_allocation_strategy", null) != null) ? list(each.value) : []
+    for_each = (lookup(each.value, "override_instance_types", null) != null) || (lookup(each.value, "on_demand_allocation_strategy", null) != null) ? tolist([each.value]) : []
 
     content {
       instances_distribution {
@@ -66,7 +66,7 @@ resource "aws_autoscaling_group" "worker_groups" {
 
   dynamic "launch_template" {
     iterator = item
-    for_each = (lookup(each.value, "override_instance_types", null) != null) || (lookup(each.value, "on_demand_allocation_strategy", null) != null) ? [] : list(each.value)
+    for_each = (lookup(each.value, "override_instance_types", null) != null) || (lookup(each.value, "on_demand_allocation_strategy", null) != null) ? [] : tolist([each.value])
 
     content {
       id      = aws_launch_template.worker_groups[each.key].id
@@ -206,6 +206,12 @@ resource "aws_launch_template" "worker_groups" {
     }
   }
 
+  metadata_options {
+    http_endpoint               = each.value["http_endpoint"]
+    http_tokens                 = each.value["http_tokens"]
+    http_put_response_hop_limit = each.value["http_put_response_hop_limit"]
+    instance_metadata_tags      = each.value["instance_metadata_tags"]
+  }
   tags = var.tags
 
   lifecycle {

diff --git a/variables.tf b/variables.tf
@@ -135,7 +135,7 @@ variable "worker_ami_owner_id" {
 variable "worker_ami_owner_id_windows" {
   description = "The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
   type        = string
-  default     = "801119661308" // The ID of the owner of the official AWS EKS Windows AMIs.
+  default     = "402743460324" // The ID of the owner of the official AWS EKS Windows AMIs.
 }
 
 variable "worker_additional_security_group_ids" {