From 26d8db35e762dcfb4ace0c758beceea1e05b679c Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Wed, 11 Sep 2024 09:50:06 -0700
Subject: [PATCH] fix: Use eks module for access_entries for trn-inf blueprint
 (#646)

---
 ai-ml/trainium-inferentia/addons.tf | 29 +++--------------------------
 ai-ml/trainium-inferentia/eks.tf    |  2 ++
 2 files changed, 5 insertions(+), 26 deletions(-)

diff --git a/ai-ml/trainium-inferentia/addons.tf b/ai-ml/trainium-inferentia/addons.tf
index 8da0d3b99..199190a58 100644
--- a/ai-ml/trainium-inferentia/addons.tf
+++ b/ai-ml/trainium-inferentia/addons.tf
@@ -222,33 +222,10 @@ module "eks_blueprints_addons" {
   tags = local.tags
 }
 
-# Access Entries
-locals {
-  # Default access entry
-  karpenter_access_entry = {
-    karpenter = {
-      principal_arn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
-      type          = "EC2_LINUX"
-    }
-  }
-
-  # Merge var.access_entries with the karpenter_access_entry
-  merged_access_entries = merge(
-    local.karpenter_access_entry,
-    var.access_entries
-  )
-}
-
 resource "aws_eks_access_entry" "this" {
-  for_each = local.merged_access_entries
-
-  cluster_name      = module.eks.cluster_name
-  kubernetes_groups = try(each.value.kubernetes_groups, null)
-  principal_arn     = each.value.principal_arn
-  type              = try(each.value.type, "STANDARD")
-  user_name         = try(each.value.user_name, null)
-
-  tags = merge(try(each.value.tags, {}))
+  cluster_name  = module.eks.cluster_name
+  principal_arn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
+  type          = "EC2_LINUX"
 }
 
 #---------------------------------------------------------------
diff --git a/ai-ml/trainium-inferentia/eks.tf b/ai-ml/trainium-inferentia/eks.tf
index 5b6e5275b..c80ef1233 100644
--- a/ai-ml/trainium-inferentia/eks.tf
+++ b/ai-ml/trainium-inferentia/eks.tf
@@ -16,6 +16,8 @@ module "eks" {
   # allow deploying resources (Karpenter) into the cluster
   enable_cluster_creator_admin_permissions = true
 
+  access_entries = var.access_entries
+
   vpc_id = module.vpc.vpc_id
   # Filtering only Secondary CIDR private subnets starting with "100.". Subnet IDs where the EKS Control Plane ENIs will be created
   subnet_ids = compact([for subnet_id, cidr_block in zipmap(module.vpc.private_subnets, module.vpc.private_subnets_cidr_blocks) :