From 06e9078bf4baedba362f07dcfa0f3fb65e943899 Mon Sep 17 00:00:00 2001
From: "Thierno IB. BARRY" <ibrahima.br@gmail.com>
Date: Wed, 19 May 2021 16:47:40 +0200
Subject: [PATCH] feat: Search for Windows or Linux AMIs only if they are
 needed (#1371)

---
 README.md                                     |  1 +
 data.tf                                       |  4 +++
 examples/basic/main.tf                        |  2 +-
 examples/fargate/main.tf                      |  2 +-
 examples/instance_refresh/main.tf             |  2 +-
 examples/irsa/main.tf                         |  2 +-
 examples/launch_templates/main.tf             |  2 +-
 .../main.tf                                   |  2 +-
 examples/managed_node_groups/main.tf          |  2 +-
 examples/secrets_encryption/main.tf           |  2 +-
 examples/spot_instances/main.tf               |  2 +-
 local.tf                                      | 27 ++++++++++---------
 outputs.tf                                    |  7 ++++-
 13 files changed, 35 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index 9b31790031..141a53e4bb 100644
--- a/README.md
+++ b/README.md
@@ -316,6 +316,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | <a name="output_workers_asg_arns"></a> [workers\_asg\_arns](#output\_workers\_asg\_arns) | IDs of the autoscaling groups containing workers. |
 | <a name="output_workers_asg_names"></a> [workers\_asg\_names](#output\_workers\_asg\_names) | Names of the autoscaling groups containing workers. |
 | <a name="output_workers_default_ami_id"></a> [workers\_default\_ami\_id](#output\_workers\_default\_ami\_id) | ID of the default worker group AMI |
+| <a name="output_workers_default_ami_id_windows"></a> [workers\_default\_ami\_id\_windows](#output\_workers\_default\_ami\_id\_windows) | ID of the default Windows worker group AMI |
 | <a name="output_workers_launch_template_arns"></a> [workers\_launch\_template\_arns](#output\_workers\_launch\_template\_arns) | ARNs of the worker launch templates. |
 | <a name="output_workers_launch_template_ids"></a> [workers\_launch\_template\_ids](#output\_workers\_launch\_template\_ids) | IDs of the worker launch templates. |
 | <a name="output_workers_launch_template_latest_versions"></a> [workers\_launch\_template\_latest\_versions](#output\_workers\_launch\_template\_latest\_versions) | Latest versions of the worker launch templates. |
diff --git a/data.tf b/data.tf
index a574e83bc6..cc70fd509b 100644
--- a/data.tf
+++ b/data.tf
@@ -14,6 +14,8 @@ data "aws_iam_policy_document" "workers_assume_role_policy" {
 }
 
 data "aws_ami" "eks_worker" {
+  count = local.worker_has_linux_ami ? 1 : 0
+
   filter {
     name   = "name"
     values = [local.worker_ami_name_filter]
@@ -25,6 +27,8 @@ data "aws_ami" "eks_worker" {
 }
 
 data "aws_ami" "eks_worker_windows" {
+  count = local.worker_has_windows_ami ? 1 : 0
+
   filter {
     name   = "name"
     values = [local.worker_ami_name_filter_windows]
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index a1e443290a..c6257a25eb 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -103,7 +103,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.private_subnets
 
   tags = {
diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
index 167805d185..72514404ce 100644
--- a/examples/fargate/main.tf
+++ b/examples/fargate/main.tf
@@ -60,7 +60,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.private_subnets
 
   tags = {
diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf
index dd7af88a2e..1883ecc70c 100644
--- a/examples/instance_refresh/main.tf
+++ b/examples/instance_refresh/main.tf
@@ -228,7 +228,7 @@ resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.19"
+  cluster_version = "1.20"
   subnets         = module.vpc.public_subnets
   vpc_id          = module.vpc.vpc_id
   enable_irsa     = true
diff --git a/examples/irsa/main.tf b/examples/irsa/main.tf
index f881547262..820eff0c01 100644
--- a/examples/irsa/main.tf
+++ b/examples/irsa/main.tf
@@ -39,7 +39,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.public_subnets
   vpc_id          = module.vpc.vpc_id
   enable_irsa     = true
diff --git a/examples/launch_templates/main.tf b/examples/launch_templates/main.tf
index 98cac244bf..fe5df294ce 100644
--- a/examples/launch_templates/main.tf
+++ b/examples/launch_templates/main.tf
@@ -43,7 +43,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.public_subnets
   vpc_id          = module.vpc.vpc_id
 
diff --git a/examples/launch_templates_with_managed_node_groups/main.tf b/examples/launch_templates_with_managed_node_groups/main.tf
index 95c43a38f0..8d99dcfee5 100644
--- a/examples/launch_templates_with_managed_node_groups/main.tf
+++ b/examples/launch_templates_with_managed_node_groups/main.tf
@@ -50,7 +50,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.private_subnets
   vpc_id          = module.vpc.vpc_id
 
diff --git a/examples/managed_node_groups/main.tf b/examples/managed_node_groups/main.tf
index c2e910e4a5..32db73cf09 100644
--- a/examples/managed_node_groups/main.tf
+++ b/examples/managed_node_groups/main.tf
@@ -56,7 +56,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.private_subnets
 
   tags = {
diff --git a/examples/secrets_encryption/main.tf b/examples/secrets_encryption/main.tf
index 4612700f20..9aebd4cbe5 100644
--- a/examples/secrets_encryption/main.tf
+++ b/examples/secrets_encryption/main.tf
@@ -60,7 +60,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.private_subnets
 
   cluster_encryption_config = [
diff --git a/examples/spot_instances/main.tf b/examples/spot_instances/main.tf
index 67215d16a9..fb2ad23ee9 100644
--- a/examples/spot_instances/main.tf
+++ b/examples/spot_instances/main.tf
@@ -43,7 +43,7 @@ module "vpc" {
 module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
-  cluster_version = "1.17"
+  cluster_version = "1.20"
   subnets         = module.vpc.public_subnets
   vpc_id          = module.vpc.vpc_id
 
diff --git a/local.tf b/local.tf
index b7b7310ab7..cbf040c936 100644
--- a/local.tf
+++ b/local.tf
@@ -7,14 +7,17 @@ locals {
   worker_security_group_id          = var.worker_create_security_group ? join("", aws_security_group.workers.*.id) : var.worker_security_group_id
 
   default_iam_role_id    = concat(aws_iam_role.workers.*.id, [""])[0]
-  default_ami_id_linux   = coalesce(local.workers_group_defaults.ami_id, data.aws_ami.eks_worker.id)
-  default_ami_id_windows = coalesce(local.workers_group_defaults.ami_id_windows, data.aws_ami.eks_worker_windows.id)
+  default_ami_id_linux   = local.workers_group_defaults.ami_id != "" ? local.workers_group_defaults.ami_id : concat(data.aws_ami.eks_worker.*.id, [""])[0]
+  default_ami_id_windows = local.workers_group_defaults.ami_id_windows != "" ? local.workers_group_defaults.ami_id_windows : concat(data.aws_ami.eks_worker_windows.*.id, [""])[0]
 
   kubeconfig_name = var.kubeconfig_name == "" ? "eks_${var.cluster_name}" : var.kubeconfig_name
 
   worker_group_count                 = length(var.worker_groups)
   worker_group_launch_template_count = length(var.worker_groups_launch_template)
 
+  worker_has_linux_ami   = length([for x in concat(var.worker_groups, var.worker_groups_launch_template) : x if lookup(x, "platform", "linux") == "linux"]) > 0
+  worker_has_windows_ami = length([for x in concat(var.worker_groups, var.worker_groups_launch_template) : x if lookup(x, "platform", "linux") == "windows"]) > 0
+
   worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${var.cluster_version}-v*"
   # Windows nodes are available from k8s 1.14. If cluster version is less than 1.14, fix ami filter to some constant to not fail on 'terraform plan'.
   worker_ami_name_filter_windows = (var.worker_ami_name_filter_windows != "" ?
@@ -72,16 +75,16 @@ locals {
     additional_ebs_volumes        = []                          # A list of additional volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), volume_size, volume_type, iops, encrypted, kms_key_id (only on launch-template), delete_on_termination. Optional values are grabbed from root volume or from defaults
     warm_pool                     = null                        # If this block is configured, add a Warm Pool to the specified Auto Scaling group.
     # Settings for launch templates
-    root_block_device_name               = data.aws_ami.eks_worker.root_device_name # Root device name for workers. If non is provided, will assume default AMI was used.
-    root_kms_key_id                      = ""                                       # The KMS key to use when encrypting the root storage device
-    launch_template_id                   = null                                     # The id of the launch template used for managed node_groups
-    launch_template_version              = "$Latest"                                # The latest version of the launch template to use in the autoscaling group
-    update_default_version               = false                                    # Update the autoscaling group launch template's default version upon each update
-    launch_template_placement_tenancy    = "default"                                # The placement tenancy for instances
-    launch_template_placement_group      = null                                     # The name of the placement group into which to launch the instances, if any.
-    root_encrypted                       = false                                    # Whether the volume should be encrypted or not
-    eni_delete                           = true                                     # Delete the Elastic Network Interface (ENI) on termination (if set to false you will have to manually delete before destroying)
-    cpu_credits                          = "standard"                               # T2/T3 unlimited mode, can be 'standard' or 'unlimited'. Used 'standard' mode as default to avoid paying higher costs
+    root_block_device_name               = concat(data.aws_ami.eks_worker.*.root_device_name, [""])[0] # Root device name for workers. If non is provided, will assume default AMI was used.
+    root_kms_key_id                      = ""                                                          # The KMS key to use when encrypting the root storage device
+    launch_template_id                   = null                                                        # The id of the launch template used for managed node_groups
+    launch_template_version              = "$Latest"                                                   # The latest version of the launch template to use in the autoscaling group
+    update_default_version               = false                                                       # Update the autoscaling group launch template's default version upon each update
+    launch_template_placement_tenancy    = "default"                                                   # The placement tenancy for instances
+    launch_template_placement_group      = null                                                        # The name of the placement group into which to launch the instances, if any.
+    root_encrypted                       = false                                                       # Whether the volume should be encrypted or not
+    eni_delete                           = true                                                        # Delete the Elastic Network Interface (ENI) on termination (if set to false you will have to manually delete before destroying)
+    cpu_credits                          = "standard"                                                  # T2/T3 unlimited mode, can be 'standard' or 'unlimited'. Used 'standard' mode as default to avoid paying higher costs
     market_type                          = null
     metadata_http_endpoint               = "enabled"  # The state of the metadata service: enabled, disabled.
     metadata_http_tokens                 = "optional" # If session tokens are required: optional, required.
diff --git a/outputs.tf b/outputs.tf
index b751fb59b1..f6c53513d9 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -116,7 +116,12 @@ output "workers_user_data" {
 
 output "workers_default_ami_id" {
   description = "ID of the default worker group AMI"
-  value       = data.aws_ami.eks_worker.id
+  value       = local.default_ami_id_linux
+}
+
+output "workers_default_ami_id_windows" {
+  description = "ID of the default Windows worker group AMI"
+  value       = local.default_ami_id_windows
 }
 
 output "workers_launch_template_ids" {