From 1f8b0533adcaa1e8cd56da51a7d17a8ae572bf87 Mon Sep 17 00:00:00 2001
From: Stavros Foteinopoulos <stafot@gmail.com>
Date: Wed, 15 Jan 2025 14:52:44 +0200
Subject: [PATCH] Fixes to module to support AL2023 (#801)

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
---
 aws/cluster/README.md                               |  2 +-
 aws/cluster/worker_asg.tf                           |  2 +-
 aws/cluster/worker_iam.tf                           |  5 ++++-
 aws/eks-managed-node-groups/README.md               |  1 +
 aws/eks-managed-node-groups/graviton_node_groups.tf | 10 +++++++---
 aws/eks-managed-node-groups/node_groups.tf          | 10 +++++++---
 aws/eks-managed-node-groups/providers.tf            |  2 ++
 7 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/aws/cluster/README.md b/aws/cluster/README.md
index a822bbe3..8e7f2d58 100644
--- a/aws/cluster/README.md
+++ b/aws/cluster/README.md
@@ -20,7 +20,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_managed_node_group"></a> [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.8.16 |
+| <a name="module_managed_node_group"></a> [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.8.18 |
 
 ## Resources
 
diff --git a/aws/cluster/worker_asg.tf b/aws/cluster/worker_asg.tf
index f65e075f..ec67d9f2 100644
--- a/aws/cluster/worker_asg.tf
+++ b/aws/cluster/worker_asg.tf
@@ -1,5 +1,5 @@
 module "managed_node_group" {
-  source                 = "github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups?ref=v1.8.16"
+  source                 = "github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups?ref=v1.8.18"
   vpc_security_group_ids = [aws_security_group.worker-sg.id]
   volume_size            = var.node_volume_size
   volume_type            = var.node_volume_type
diff --git a/aws/cluster/worker_iam.tf b/aws/cluster/worker_iam.tf
index c8f1b10e..b18a7115 100644
--- a/aws/cluster/worker_iam.tf
+++ b/aws/cluster/worker_iam.tf
@@ -58,7 +58,10 @@ resource "aws_iam_policy" "worker_policy" {
                 "autoscaling:SetDesiredCapacity",
                 "autoscaling:TerminateInstanceInAutoScalingGroup",
                 "ec2:DescribeLaunchTemplateVersions",
-                "eks:DescribeNodegroup"
+                "eks:DescribeNodegroup",
+				"ecr:GetAuthorizationToken",
+				"eks:DescribeCluster",
+				"ec2:DescribeInstances"
             ],
             "Resource": "*",
             "Effect": "Allow"
diff --git a/aws/eks-managed-node-groups/README.md b/aws/eks-managed-node-groups/README.md
index 6319af0e..1809968a 100644
--- a/aws/eks-managed-node-groups/README.md
+++ b/aws/eks-managed-node-groups/README.md
@@ -26,6 +26,7 @@ No modules.
 | [aws_launch_template.cluster_nodes_eks_arm_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
 | [aws_launch_template.cluster_nodes_eks_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
 | [aws_launch_template.cluster_spot_nodes_eks_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
diff --git a/aws/eks-managed-node-groups/graviton_node_groups.tf b/aws/eks-managed-node-groups/graviton_node_groups.tf
index 53af89b1..d7b305e4 100644
--- a/aws/eks-managed-node-groups/graviton_node_groups.tf
+++ b/aws/eks-managed-node-groups/graviton_node_groups.tf
@@ -20,18 +20,22 @@ resource "aws_launch_template" "cluster_nodes_eks_arm_launch_template" {
 
   user_data = var.use_al2023 ? base64encode(<<USERDATA
 #!/bin/bash
+echo "export AWS_REGION=${data.aws_region.current}" >> /etc/environment
+source /etc/environment
 cat <<EOF > /etc/eks/nodeadm-config.yaml
 apiVersion: node.eks.aws/v1alpha1
 kind: NodeConfig
 spec:
   cluster:
     name: ${var.cluster_name}
-    apiServerEndpoint: ${var.api_server_endpoint}
-    certificateAuthority: ${var.certificate_authority}
+    apiServerEndpoint: |
+      ${var.api_server_endpoint}
+    certificateAuthority: |
+      ${var.certificate_authority}
     cidr: ${var.service_ipv4_cidr}
 EOF
 
-/usr/local/bin/nodeadm --config /etc/eks/nodeadm-config.yaml
+/usr/local/bin/nodeadm init -c file:///etc/eks/nodeadm-config.yaml
 USERDATA
     ) : base64encode(<<USERDATA
 #!/bin/bash
diff --git a/aws/eks-managed-node-groups/node_groups.tf b/aws/eks-managed-node-groups/node_groups.tf
index d5b17d94..f4d99726 100644
--- a/aws/eks-managed-node-groups/node_groups.tf
+++ b/aws/eks-managed-node-groups/node_groups.tf
@@ -19,18 +19,22 @@ resource "aws_launch_template" "cluster_nodes_eks_launch_template" {
 
   user_data = var.use_al2023 ? base64encode(<<USERDATA
 #!/bin/bash
+echo "export AWS_REGION=${data.aws_region.current}" >> /etc/environment
+source /etc/environment
 cat <<EOF > /etc/eks/nodeadm-config.yaml
 apiVersion: node.eks.aws/v1alpha1
 kind: NodeConfig
 spec:
   cluster:
     name: ${var.cluster_name}
-    apiServerEndpoint: ${var.api_server_endpoint}
-    certificateAuthority: ${var.certificate_authority}
+    apiServerEndpoint: |
+      ${var.api_server_endpoint}
+    certificateAuthority: |
+      ${var.certificate_authority}
     cidr: ${var.service_ipv4_cidr}
 EOF
 
-/usr/local/bin/nodeadm --config /etc/eks/nodeadm-config.yaml
+/usr/local/bin/nodeadm init -c file:///etc/eks/nodeadm-config.yaml
 USERDATA
     ) : base64encode(<<USERDATA
 #!/bin/bash
diff --git a/aws/eks-managed-node-groups/providers.tf b/aws/eks-managed-node-groups/providers.tf
index 0c8f4ad5..a227cea9 100644
--- a/aws/eks-managed-node-groups/providers.tf
+++ b/aws/eks-managed-node-groups/providers.tf
@@ -1,3 +1,5 @@
+data "aws_region" "current" {}
+
 terraform {
   required_version = ">= 1.6.3"
   required_providers {