feat: improve AZ logic for addons

README.md

@@ -48,6 +48,8 @@ To view examples for how you can leverage this EKS Module, please see the [examp
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
+| [aws_subnet.vpc_cni_custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
 
 ## Inputs
 
@@ -63,7 +65,6 @@ To view examples for how you can leverage this EKS Module, please see the [examp
 | <a name="input_aws_node_termination_handler"></a> [aws\_node\_termination\_handler](#input\_aws\_node\_termination\_handler) | AWS Node Termination Handler config for aws-ia/eks-blueprints-addon/aws | `any` | `{}` | no |
 | <a name="input_aws_privateca_issuer"></a> [aws\_privateca\_issuer](#input\_aws\_privateca\_issuer) | AWS Private CA Issuer config for aws-ia/eks-blueprints-addon/aws | `any` | `{}` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | used to create vpc-cni eni config objects when configuring the vpc-cni marketplace addon | `string` | `""` | no |
-| <a name="input_azs"></a> [azs](#input\_azs) | List of names of availability zones to use for subnet configs | `list(string)` | `[]` | no |
 | <a name="input_blueprints_addons_prefixes"></a> [blueprints\_addons\_prefixes](#input\_blueprints\_addons\_prefixes) | Prefixes for the eks blueprints addons, used to parse addon gitops\_metadata output and create objects with | `list(string)` | <pre>[<br/>  "cert_manager",<br/>  "cluster_autoscaler",<br/>  "aws_cloudwatch_metrics",<br/>  "aws_efs_csi_driver",<br/>  "aws_fsx_csi_driver",<br/>  "aws_privateca_issuer",<br/>  "external_dns_route53",<br/>  "external_secrets",<br/>  "aws_load_balancer_controller",<br/>  "aws_for_fluentbit",<br/>  "aws_node_termination_handler",<br/>  "karpenter",<br/>  "velero",<br/>  "aws_gateway_api_controller",<br/>  "fargate_fluentbit_log"<br/>]</pre> | no |
 | <a name="input_bottlerocket_shadow"></a> [bottlerocket\_shadow](#input\_bottlerocket\_shadow) | Bottlerocket Shadow config for aws-ia/eks-blueprints-addon/aws | `any` | `{}` | no |
 | <a name="input_bottlerocket_update_operator"></a> [bottlerocket\_update\_operator](#input\_bottlerocket\_update\_operator) | Bottlerocket Update Operator config for aws-ia/eks-blueprints-addon/aws | `any` | `{}` | no |

eks-addons.tf

@@ -184,23 +184,31 @@ resource "kubernetes_storage_class_v1" "efs" {
   ]
 }
 
+data "aws_subnet" "private" {
+  count = length(var.private_subnet_ids)
+  id    = var.private_subnet_ids[count.index]
+}
+
 module "efs" {
   source  = "terraform-aws-modules/efs/aws"
   version = "~> 1.0"
 
   count = var.enable_amazon_eks_aws_efs_csi_driver ? 1 : 0
 
   name = lower(random_id.efs_name[0].hex)
+
   # Mount targets / security group
   mount_targets = {
-    for k, v in zipmap(var.azs, var.private_subnet_ids) : k => { subnet_id = v }
+    for subnet_id in var.private_subnet_ids : data.aws_subnet.private[subnet_id].availability_zone => {
+      subnet_id = subnet_id
+    }
   }
 
   security_group_description = "${local.cluster_name} EFS security group"
   security_group_vpc_id      = var.vpc_id
   security_group_rules = {
     vpc = {
-      # relying on the defaults provdied for EFS/NFS (2049/TCP + ingress)
+      # relying on the defaults provided for EFS/NFS (2049/TCP + ingress)
       description = "NFS ingress from VPC private subnets"
       cidr_blocks = var.efs_vpc_cidr_blocks
     }

examples/complete/main.tf

@@ -304,7 +304,6 @@ module "eks" {
   cluster_endpoint_public_access  = var.cluster_endpoint_public_access
   cluster_endpoint_private_access = true
   vpc_cni_custom_subnet           = module.vpc.intra_subnets
-  azs                             = module.vpc.azs
   aws_admin_usernames             = var.aws_admin_usernames
   cluster_version                 = var.cluster_version
   dataplane_wait_duration         = var.dataplane_wait_duration

main.tf

@@ -9,6 +9,11 @@ data "aws_iam_session_context" "current" {
   arn = data.aws_caller_identity.current.arn
 }
 
+data "aws_subnet" "vpc_cni_custom" {
+  count = length(var.vpc_cni_custom_subnet)
+  id    = var.vpc_cni_custom_subnet[count.index]
+}
+
 ###############################################################
 # EKS Cluster
 ###############################################################
@@ -59,22 +64,23 @@ locals {
   should_create_eni_configs = (
     var.create_eni_configs &&
     var.cluster_addons["vpc-cni"] != null &&
-    length(var.vpc_cni_custom_subnet) != 0 &&
-    length(var.vpc_cni_custom_subnet) == length(var.azs)
+    length(var.vpc_cni_custom_subnet) != 0
   )
 
   # Define ENI Configurations if should_create_eni_configs evaluates to true.
   eniConfig = local.should_create_eni_configs ? {
     create = true,
     region = var.aws_region,
-    subnets = { for az, subnet in zipmap(var.azs, var.vpc_cni_custom_subnet) : az => {
-      id = subnet,
-      securityGroups = compact([
-        module.aws_eks.cluster_primary_security_group_id,
-        module.aws_eks.node_security_group_id,
-        module.aws_eks.cluster_security_group_id
-      ])
-    } }
+    subnets = {
+      for subnet_id in var.vpc_cni_custom_subnet : data.aws_subnet.vpc_cni_custom[subnet_id].availability_zone => {
+        id = subnet_id,
+        securityGroups = compact([
+          module.aws_eks.cluster_primary_security_group_id,
+          module.aws_eks.node_security_group_id,
+          module.aws_eks.cluster_security_group_id
+        ])
+      }
+    }
   } : null
 
   # Merge extra configuration for VPC CNI if should_create_eni_configs evaluates to true.

variables.tf

@@ -40,12 +40,6 @@ variable "aws_region" {
   default     = ""
 }
 
-variable "azs" {
-  description = "List of names of availability zones to use for subnet configs"
-  type        = list(string)
-  default     = []
-}
-
 variable "private_subnet_ids" {
   description = "Private subnet IDs"
   type        = list(string)