Thanks to visit codestin.com
Credit goes to github.com

Skip to content

iam-role-for-service-accounts example throws "Error: Cycle" when creating ebs_csi_driver_irsa #629

New issue
New issue
Open
Open
iam-role-for-service-accounts example throws "Error: Cycle" when creating ebs_csi_driver_irsa#629
@blee1

Description

@blee1
blee1
opened on Nov 6, 2025

Description

I was looking at your example in the README.md for iam-role-for-service-accounts ebs_csi_driver_irsa it appears to create a cycle dependency between the eks module because it references the provider_arn at the same time the example passes the role arn that the module creates to the eks module.

If your request is for a new feature, please use the Feature request template.

  • [ ✔] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: 6.2.3

  • Terraform version:

  • 1.5.7

  • Provider version(s):

  • hashicorp/aws 6.14.1

Reproduction Code [Required]

Steps to reproduce the behavior:

  1. The example taken from the README.md to create an ebs_cis_driver_irsa role
  2. A Cycle error is created because the module requires a provider_arn from the eks module at the same time the role is passed to the eks module as service_account_role_arn
module "ebs_csi_driver_irsa" {
  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"

  name = "ebs-csi"

  attach_ebs_csi_policy = true

  oidc_providers = {
    this = {
      provider_arn               = module.eks.oidc_provider_arn
      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
    }
  }

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 21.0"

  name               = "my-cluster"
  kubernetes_version = "1.33"

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  addons = {
    coredns = {}
    aws-ebs-csi-driver = {
      service_account_role_arn = module.ebs_csi_driver_irsa.arn
    }
    kube-proxy = {}
    vpc-cni = {
      before_compute = true
    }
  }

  eks_managed_node_groups = {
    example = {
      ami_type       = "AL2023_x86_64_STANDARD"
      instance_types = ["m5.xlarge"]

      min_size     = 1
      max_size     = 2
      desired_size = 1
    }
  }
}

Expected behavior

  1. A role is created and passed to the eks module without a cycle error

Actual behavior

Terraform throws a cycle error

Terminal Output Screenshot(s)

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions