chore(deps): update terraform terraform-aws-modules/eks/aws to v21 (9.4)

[elastic-renovate-prod]

This PR contains the following updates:

Package	Type	Update	Change
terraform-aws-modules/eks/aws (source)	module	major	18.26.6 -> 21.18.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

terraform-aws-modules/terraform-aws-eks (terraform-aws-modules/eks/aws)

v21.18.0

Compare Source

Features

• Update Karpenter sub-module to support Karpenter v1.11 (#​3674) (312ddb6)

v21.17.1

Compare Source

Bug Fixes

• Avoid attempting to retrieve the AMI ID from SSM parameter if a custom AMI ID is provided (#​3660) (26ead74)

v21.17.0

Compare Source

Features

• Add support for Windows 2025 AMIs (#​3669) (80db8c2), closes #​3664

v21.16.1

Compare Source

Bug Fixes

• Revert "feat: Add ECR Public permissions to EKS Auto Mode node IAM role" (#​3668) (f13e8db), closes #​3665

v21.16.0

Compare Source

Features

• Add ECR Public permissions to EKS Auto Mode node IAM role (#​3665) (c07c26c)

v21.15.1

Compare Source

Bug Fixes

• Move EKS workshop banner up the README (#​3633) (8a83380)

v21.15.0

Compare Source

Features

• Added link to AWS EKS workshops (#​3631) (c2d3b48)

v21.14.0

Compare Source

Features

• Add support for EKS managed node group update_config.update_strategy (#​3626) (617dba6)

v21.13.0

Compare Source

Features

• Add support for EKS Capabilities (#​3624) (990050b)

v21.12.0

Compare Source

Features

• Add provider meta user-agent, replacing static tag (#​3614) (391b11e)

v21.11.0

Compare Source

Features

• Update Hybrid Node IAM role permissions (#​3620) (60dcc45)

v21.10.1

Compare Source

Bug Fixes

• Update minimum required version of AWS provider for provisioned control plane (#​3603) (dc4de4f)

v21.10.0

Compare Source

Features

• Add support for Provisioned Control Plane (#​3597) (d3d6697)

v21.9.0

Compare Source

Features

• Add support for node repair configuration arguments (#​3585) (c0ed29b)

v21.8.0

Compare Source

Features

• Allow using inline policy for Karpenter controller role to mitigate policy size LimitExceeded error (#​3563) (0659a8d), closes #​3512

v21.7.0

Compare Source

Features

• Add recommended security group rule for port 10251 to match EKS addon for metrics-server (#​3562) (de8c550)

v21.6.1

Compare Source

Bug Fixes

• Update CI workflow versions to latest (#​3554) (e4e25b1)

v21.6.0

Compare Source

Features

• Use aws_service_principal data source for deriving IAM service prinicpals (#​3539) (0b0ca66)

v21.5.0

Compare Source

Features

• Allow for additional policy statements on sqs queue policy (#​3543) (67557e8)

v21.4.0

Compare Source

Features

• Allow setting KMS key rotation period (#​3546) (fd490ea)

v21.3.2

Compare Source

Bug Fixes

• Incorporate AWS provider v6.15 corrections for EKS Auto Mode to support enabling/disabling EKS Auto Mode without affecting non-Auto Mode users (#​3526) (f5f6dae)

v21.3.1

Compare Source

Bug Fixes

• Sync Karpenter IAM permissions with upstream (#​3517) (c8bb152)

v21.3.0

Compare Source

Features

• Support EKS Auto Mode custom node pools only creation (#​3514) (165d7c8)

v21.2.0

Compare Source

Features

• Update Karpenter controller policy and permissions to match upstream project (#​3510) (131db39)

v21.1.5

Compare Source

Bug Fixes

• Ensure module created security group is included on any network interfaces created (#​3495) (fa1d422)

v21.1.4

Compare Source

Bug Fixes

• Ensure module created security group is included on any network interfaces created (#​3493) (e5cff84)

v21.1.3

Compare Source

Bug Fixes

• Correct addon timeout lookup/override logic to support global and addon specific settings (#​3492) (b236208)

v21.1.2

Compare Source

Bug Fixes

• Remediate type mismatch for EFA interfaces and ensure correct (local) definition is used (#​3491) (3959b65)

v21.1.1

Compare Source

Bug Fixes

• Correct metadata options loop condition due to variable definition defaults (#​3490) (b40968a)

v21.1.0

Compare Source

Features

• Add support for deletion protection functionality in the cluster (#​3475) (83c9cd1)

v21.0.9

Compare Source

Bug Fixes

• Allow disabling instance refresh on self-managed node groups (part deux) (#​3478) (ca8f37e)

v21.0.8

Compare Source

Bug Fixes

• Allow disabling instance refresh on self-managed node groups (#​3473) (6a887ad)

v21.0.7

Compare Source

Bug Fixes

• Correct access policy logic to support not providing a policy to associate (#​3464) (39be61d)

v21.0.6

Compare Source

Bug Fixes

• Allow instance_requirements to be set in self-managed node groups (#​3455) (5322bf7)

v21.0.5

Compare Source

Bug Fixes

• Correct addon logic lookup to pull latest addon version (#​3449) (55d7fa2)

v21.0.4

Compare Source

Bug Fixes

• Correct encryption configuration enable logic; avoid creating Auto Mode policy when Auto Mode is not enabled (#​3439) (6b8a3d9)

v21.0.3

Compare Source

Bug Fixes

• Correct variable defaults for ami_id and kubernetes_version (#​3437) (8807e0b)

v21.0.2

Compare Source

Bug Fixes

• Move encryption_config default for resources out of type definition and to default variable value to allow disabling encryption (#​3436) (b37368f)

v21.0.1

Compare Source

Bug Fixes

• Correct logic to try to use module created IAM role before falli… (#​3433) (97d4ebb)

v21.0.0

Compare Source

⚠ BREAKING CHANGES

• Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#​3412)

Features

• Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#​3412) (416515a)

v20.37.2

Compare Source

Bug Fixes

• Allow for both amazonaws.com.cn and amazonaws.com conditions in PassRole as required for AWS CN (#​3422) (83b68fd)

v20.37.1

Compare Source

Bug Fixes

• Restrict AWS provider max version due to v6 provider breaking changes (#​3384) (681a868)

v20.37.0

Compare Source

Features

• Add AL2023 ARM64 NVIDIA variants (#​3369) (715d42b)

v20.36.1

Compare Source

Bug Fixes

• Ensure additional_cluster_dns_ips is passed through from root module (#​3376) (7a83b1b)

v20.36.0

Compare Source

Features

• Add support for cluster force_update_version (#​3345) (207d73f)

v20.35.0

Compare Source

Features

• Default to not changing autoscaling schedule values at the scheduled time (#​3322) (abf76f6)

v20.34.0

Compare Source

Features

• Add capacity reservation permissions to Karpenter IAM policy (#​3318) (770ee99)

v20.33.1

Compare Source

Bug Fixes

• Allow "EC2" access entry type for EKS Auto Mode custom node pools (#​3281) (3e2ea83)

v20.33.0

Compare Source

Features

• Add node repair config to managed node group (#​3271) (edd7ef3), closes terraform-aws-modules/terraform-aws-eks#3249

v20.32.0

Compare Source

Features

• Add Bottlerocket FIPS image variants (#​3275) (d876ac4)

v20.31.6

Compare Source

Bug Fixes

• Revert changes to disabling auto mode #​3253 (#​3255) (1ac67b8)

v20.31.5

Compare Source

Bug Fixes

• Correct Auto Mode disable (#​3253) (2a6a57a)

v20.31.4

Compare Source

Bug Fixes

• Auto Mode custom tag policy should apply to cluster role, not node role (#​3242) (a07013a)

v20.31.3

Compare Source

Bug Fixes

• Update min provider version to remediate cluster replacement when enabling EKS Auto Mode (#​3240) (012e51c)

v20.31.2

Compare Source

Bug Fixes

• Avoid trying to attach the node role when Auto Mode nodepools are not specified (#​3239) (ce34f1d)

v20.31.1

Compare Source

Bug Fixes

• Create EKS Auto Mode role when Auto Mode is enabled, regardless of built-in node pool use (#​3234) (e2846be)

v20.31.0

Compare Source

Features

• Add support for EKS Auto Mode and EKS Hybrid nodes (#​3225) (3b974d3)

v20.30.1

Compare Source

Bug Fixes

• Coalesce local resolve_conflicts_on_create_default value to a boolean since default is null (#​3221) (35388bb)

v20.30.0

Compare Source

Features

• Improve addon dependency chain and decrease time to provision addons (due to retries) (#​3218) (ab2207d)

v20.29.0

Compare Source

Features

• Add support for pod identity association on EKS addons (#​3203) (a224334)

v20.28.0

Compare Source

Features

• Add support for creating efa-only network interfaces (#​3196) (c6da22c)

v20.27.0

Compare Source

Features

• Add support for zonal shift (#​3195) (1b0ac83)

v20.26.1

Compare Source

Bug Fixes

• Use dynamic partition data source to determine DNS suffix for Karpenter EC2 pass role permission (#​3193) (dea6c44)

v20.26.0

Compare Source

Features

• Add support for desired_capacity_type (named desired_size_type) on self-managed node group (#​3166) (6974a5e)

v20.25.0

Compare Source

Features

• Add support for newly released AL2023 accelerated AMI types (#​3177) (b2a8617)

Bug Fixes

• Update CI workflow versions to latest (#​3176) (eb78240)

v20.24.3

Compare Source

Bug Fixes

• Add primary_ipv6 parameter to self-managed-node-group (#​3169) (fef6555)

v20.24.2

Compare Source

Bug Fixes

• Remove deprecated inline_policy from cluster role (#​3163) (8b90872)

v20.24.1

Compare Source

Bug Fixes

• Correct Karpenter EC2 service principal DNS suffix in non-commercial regions (#​3157) (47ab3eb)

v20.24.0

Compare Source

Features

• Add support for Karpenter v1 controller IAM role permissions (#​3126) (e317651)

v20.23.0

Compare Source

Features

• Add new output values for OIDC issuer URL and provider that are dual-stack compatible (#​3120) (72668ac)

v20.22.1

Compare Source

Bug Fixes

• Eliminates null check on tag values to fix for_each error about unknown keys (#​3119) (6124a08), closes #​3118 #​2760 #​2681 #​2337

v20.22.0

Compare Source

Features

• Enable update in place for node groups with cluster placement group strategy (#​3045) (75db486)

v20.21.0

Compare Source

Features

• Add support for upgrade_policy (#​3112) (e12ab7a)

v20.20.0

Compare Source

Features

• Enable support for ignore_failed_scaling_activities (#​3104) (532226e)

v20.19.0

Compare Source

Features

• Pass the primary_ipv6 argument to the AWS provider. (#​3098) (e1bb8b6)

v20.18.0

Compare Source

Features

• Support bootstrap_self_managed_addons (#​3099) (af88e7d)

v20.17.2

Compare Source

Bug Fixes

• Revert #​3058 - fix: Invoke aws_iam_session_context data source only when required (#​3092) (93ffdfc)

v20.17.1

Compare Source

Bug Fixes

• Invoke aws_iam_session_context data source only when required (#​3058) (f02df92)

v20.17.0

Compare Source

Features

• Add support for ML capacity block reservations with EKS managed node group(s) (#​3091) (ae3379e)

v20.16.0

Compare Source

Features

• Add support for custom IAM role policy (#​3087) (1604c6c)

v20.15.0

Compare Source

Features

• Deny HTTP on Karpenter SQS policy (#​3080) (f6e071c)

v20.14.0

Compare Source

Features

• Require users to supply OS via ami_type and not via platform which is unable to distinquish between the number of variants supported today (#​3068) (ef657bf)

v20.13.1

Compare Source

Bug Fixes

• Correct syntax for correctly ignoring bootstrap_cluster_creator_admin_permissions and not all of access_config (#​3056) (1e31929)

v20.13.0

Compare Source

Features

• Starting with 1.30, do not use the cluster OIDC issuer URL by default in the identity provider config (#​3055) (00f076a)

v20.12.0

Compare Source

Features

• Support additional cluster DNS IPs with Bottlerocket based AMIs (#​3051) (541dbb2)

v20.11.1

Compare Source

Bug Fixes

• Ignore changes to bootstrap_cluster_creator_admin_permissions which is disabled by default (#​3042) (c65d308)

v20.11.0

Compare Source

Features

• Add SourceArn condition to Fargate profile trust policy (#​3039) (a070d7b)

v20.10.0

Compare Source

Features

• Add support for Pod Identity assocation on Karpenter sub-module (#​3031) (cfcaf27)

v20.9.0

Compare Source

Features

• Propagate ami_type to self-managed node group; allow using ami_type only (#​3030) (74d3918)

v20.8.5

Compare Source

Bug Fixes

• Forces cluster outputs to wait until access entries are complete (#​3000) (e2a39c0)

v20.8.4

Compare Source

Bug Fixes

• Pass nodeadm user data variables from root module down to nodegroup sub-modules (#​2981) (84effa0)

v20.8.3

Compare Source

Bug Fixes

• Ensure the correct service CIDR and IP family is used in the rendered user data (#​2963) (aeb9f0c)

v20.8.2

Compare Source

Bug Fixes

• Ensure a default ip_family value is provided to guarantee a CNI policy is attached to nodes (#​2967) (29dcca3)

v20.8.1

Compare Source

Bug Fixes

• Do not attach policy if Karpenter node role is not created by module (#​2964) (3ad19d7)

v20.8.0

Compare Source

Features

• Replace the use of toset() with static keys for node IAM role policy attachment (#​2962) (57f5130)

v20.7.0

Compare Source

Features

• Add supprot for creating placement group for managed node group (#​2959) (3031631)

v20.6.0

Compare Source

Features

• Add support for tracking latest AMI release version on managed nodegroups (#​2951) (393da7e)

v20.5.3

Compare Source

Bug Fixes

• Update AWS provider version to support AL2023_* AMI types; ensure AL2023 user data receives cluster service CIDR (#​2960) (dfe4114)

v20.5.2

Compare Source

Bug Fixes

• Use the launch_template_tags on the launch template (#​2957) (0ed32d7)

v20.5.1

Compare Source

Bug Fixes

• Update CI workflow versions to remove deprecated runtime warnings (#​2956) (d14cc92)

v20.5.0

Compare Source

Features

• Add support for AL2023 nodeadm user data (#​2942) (7c99bb1)

v20.4.0

Compare Source

Features

• Add support for enabling EFA resources (#​2936) (7f472ec)

v20.3.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "* 1 * * 1-5" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.