Upgrade terraform-aws-iam module to version 6.0+ when stable #64
Description
Background
Currently, the terraform-aws-modules/terraform-aws-iam module is pinned to version 5.60.0 to avoid breaking changes introduced in version 6.0.
The breaking changes in version 6.0 include:
- Module
iam-role-for-service-accounts-ekswas renamed (related to PR #585) - Other module name changes that could affect existing Terraform state
Goal
Upgrade to terraform-aws-modules/terraform-aws-iam version 6.0+ when it becomes stable and we can ensure a smooth migration path.
Current Status
- Version is pinned to
5.60.0in PR fix: Pin terraform-aws-iam module to version 5.60.0 to avoid breaking changes #63 - All IRSA configurations are working with the current version
- No immediate issues with the current setup
Prerequisites for Upgrade
- Version 6.0+ becomes stable with community feedback
- Identify all modules affected by the name changes
- Create migration guide for Terraform state changes
- Test the upgrade in a development environment
- Document any required state migration commands
Affected Files
kubernetes/aws/terraform/eks-addons/irsa.tf- Contains 3 modules using the IAM module:- Load Balancer Controller Role
- EBS CSI Driver Role
- Cluster Autoscaler Role
Migration Considerations
When upgrading, we may need to:
- Update module source references to new module names
- Potentially run
terraform state mvcommands to update state references - Update documentation and examples
- Ensure backward compatibility or provide clear migration steps
Acceptance Criteria
- Successful upgrade to IAM module version 6.0+
- All existing configurations continue to work
- Migration path is documented
- No breaking changes for end users
- All tests pass with the new version