I am getting this error: On main.tf line 557: Expected the start of an expression, but found an │ invalid expression token.
resource “aws_iam_role_policy_attachment” “eks_vpc_cni_attachment” {
policy_arn = aws_iam_policy.eks_vpc_cni_policy.arn
role = aws_iam_role.eks_vpc_cni_role.name //line 557
}
The below is the code
resource “aws_iam_role” “eks_vpc_cni_role” {
name = “eks-vpc-cni-role”
assume_role_policy = <<EOF{
Version = “2012-10-17”
Statement = [
{
Action = “sts:AssumeRole”
Effect = “Allow”
Principal = {
Service = “eks.amazonaws.com”
}
},
]
}
EOF
}
resource “aws_iam_policy” “eks_vpc_cni_policy” {
name = “eks-vpc-cni-policy”
description = “EKS VPC CNI policy allowing IPAM and ENI management”
policy = <<EOF
{
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
]
Effect = "Allow"
Resource = "*"
},
{
Action = [
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeRouteTables"
]
Effect = "Allow"
Resource = "*"
}
]
}
EOF
}
resource “aws_iam_role_policy_attachment” “eks_vpc_cni_attachment” {
policy_arn = aws_iam_policy.eks_vpc_cni_policy.arn
role = aws_iam_role.eks_vpc_cni_role.name//line 557
}
resource “kubernetes_daemonset” “aws_node” {
metadata {
name = “aws-node”
namespace = “kube-system”
labels = {
“k8s-app” = “aws-node”
}
}
spec {
selector {
match_labels = {
“k8s-app” = “aws-node”
}
}
template {
metadata {
labels = {
“k8s-app” = “aws-node”
}
}
spec {
container {
name = “aws-vpc-cni”
image = “amazon-k8s-ani:v1.19.0”
env {
name = "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG"
value = "true"
}
env {
name = "AWS_VPC_CNI_IPV4_PREFIX"
value = var.secondary_cidr
}
env {
name = "AWS_VPC_CNI_ENI_CONFIG"
value = "true"
}
}
service_account_name = "aws-node"
tolerations {
effect = "NoSchedule"
key = "node.kubernetes.io/not-ready"
operator = "Exists"
}
tolerations {
effect = "NoExecute"
key = "node.kubernetes.io/unreachable"
operator = "Exists"
}
}
}
}
}
resource “aws_eks_node_group” “example” {
cluster_name = var.cluster_name
node_group_name = var.use_name_prefix ? null : var.name
node_role_arn = var.create_iam_role ? aws_iam_role.this[0].arn : var.iam_role_arn
subnet_ids = var.subnet_ids
instance_types = [“t3.medium”]
scaling_config {
min_size = var.min_size
max_size = var.max_size
desired_size = var.desired_size
}
}
Hi @jadas,
It would help to properly format the configuration so that it’s rendered verbatim without markdown changes and character replacements, but I think at least one problem is that you have <<EOF{ which isn’t a valid start to a heredoc string.
for the heredoc string, i had tried jsonencode also. But no luck
If a correct heredoc string or jsonencode function don’t work, you need to show exactly what that configuration looks like in order for someone to help you.
Using an editor with syntax highlighting can help diagnose syntax problems too. Also since the error is on line 557, try breaking up the config into multiple files until you have a minimal, isolated config which demonstrates the problem.
The previous error is gone. Now I am getting this error:
Blocks of type “tolerations” are not expected here. Did you mean “toleration”?
resource “aws_iam_role” “eks_vpc_cni_role” {
name = “eks-vpc-cni-role”
assume_role_policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Action = “sts:AssumeRole”
Effect = “Allow”
Principal = {
Service = “eks.amazonaws.com”
}
},
]
})
}
resource “aws_iam_policy” “eks_vpc_cni_policy” {
name = “eks-vpc-cni-policy”
description = “EKS VPC CNI policy allowing IPAM and ENI management”
policy = jsonencode(
{
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
]
Effect = "Allow"
Resource = "*"
},
{
Action = [
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeRouteTables"
]
Effect = "Allow"
Resource = "*"
}
]
})
}
resource “aws_iam_role_policy_attachment” “eks_vpc_cni_attachment” {
policy_arn = aws_iam_policy.eks_vpc_cni_policy.arn
role = aws_iam_role.eks_vpc_cni_role.name
}
resource “kubernetes_daemonset” “aws_node” {
metadata {
name = “aws-node”
namespace = “kube-system”
labels = {
“k8s-app” = “aws-node”
}
}
spec {
selector {
match_labels = {
“k8s-app” = “aws-node”
}
}
template {
metadata {
labels = {
“k8s-app” = “aws-node”
}
}
spec {
container {
name = “aws-vpc-cni”
image = “amazon-k8s-ani:v1.19.0”
env {
name = "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG"
value = "true"
}
env {
name = "AWS_VPC_CNI_IPV4_PREFIX"
value = var.secondary_cidr
}
env {
name = "AWS_VPC_CNI_ENI_CONFIG"
value = "true"
}
}
service_account_name = "aws-node"
tolerations {
effect = "NoSchedule"
key = "node.kubernetes.io/not-ready"
operator = "Exists"
}
tolerations {
effect = "NoExecute"
key = "node.kubernetes.io/unreachable"
operator = "Exists"
}
}
}
}
}
resource “aws_eks_node_group” “example” {
cluster_name = var.cluster_name
node_group_name = var.use_name_prefix ? null : var.name
node_role_arn = var.create_iam_role ? aws_iam_role.this[0].arn : var.iam_role_arn
subnet_ids = var.subnet_ids
instance_types = [“t3.medium”]
scaling_config {
min_size = var.min_size
max_size = var.max_size
desired_size = var.desired_size
}
}
I found the solution.Thanks @jbardin for the comments