From 4be3cc30458a83dbd6d3d00dd184103de2c15542 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 27 Aug 2021 09:37:37 +0200
Subject: [PATCH 01/28] Updated CHANGELOG

---
 CHANGELOG.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ba032b8a33..fd9c24d874d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,18 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.4.0"></a>
+## [v17.4.0] - 2021-08-26
+BUG FIXES:
+- Discourage usage of iam_policy_attachment in example ([#1529](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1529))
+- Allow instance `Name` tag to be overwritten ([#1538](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1538))
+
+DOCS:
+- Fix cluster-autoscaler tags in irsa example ([#1436](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1436))
+- Add missing comma to docs/iam-permissions.md ([#1437](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1437))
+- Updated autoscaling.md ([#1515](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1515))
+
+
 <a name="v17.3.0"></a>
 ## [v17.3.0] - 2021-08-25
 BUG FIXES:
@@ -413,7 +425,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.3.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...HEAD
+[v17.4.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.3.0...v17.4.0
 [v17.3.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.2.0...v17.3.0
 [v17.2.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.1.0...v17.2.0
 [v17.1.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.0.3...v17.1.0

From 6fb02c4fc430acbde444da0ac93fcc9e55f1cc03 Mon Sep 17 00:00:00 2001
From: Scott Cabrinha <scott@internaught.io>
Date: Tue, 31 Aug 2021 03:27:04 -0700
Subject: [PATCH 02/28] feat: Allow users to add more Audiences to OpenID
 Connect (#1451)

---
 README.md    | 1 +
 irsa.tf      | 2 +-
 local.tf     | 2 +-
 variables.tf | 6 ++++++
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6f680822b1d..621202c1fe8 100644
--- a/README.md
+++ b/README.md
@@ -262,6 +262,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_map_users"></a> [map\_users](#input\_map\_users) | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Map of map of node groups to create. See `node_groups` module's documentation for more details | `any` | `{}` | no |
 | <a name="input_node_groups_defaults"></a> [node\_groups\_defaults](#input\_node\_groups\_defaults) | Map of values to be applied to all node groups. See `node_groups` module's documentation for more details | `any` | `{}` | no |
+| <a name="input_openid_connect_audiences"></a> [openid\_connect\_audiences](#input\_openid\_connect\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider. | `list(string)` | `[]` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only. | `map(string)` | `{}` | no |
diff --git a/irsa.tf b/irsa.tf
index 9c5d653a254..9ef8d003c85 100644
--- a/irsa.tf
+++ b/irsa.tf
@@ -9,7 +9,7 @@
 
 resource "aws_iam_openid_connect_provider" "oidc_provider" {
   count           = var.enable_irsa && var.create_eks ? 1 : 0
-  client_id_list  = [local.sts_principal]
+  client_id_list  = local.sts_principal
   thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
   url             = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]
 
diff --git a/local.tf b/local.tf
index 9d2d7fdd868..d31f1c929ce 100644
--- a/local.tf
+++ b/local.tf
@@ -44,7 +44,7 @@ locals {
   )
 
   ec2_principal = "ec2.${data.aws_partition.current.dns_suffix}"
-  sts_principal = "sts.${data.aws_partition.current.dns_suffix}"
+  sts_principal = compact(concat(["sts.${data.aws_partition.current.dns_suffix}"], var.openid_connect_audiences))
 
   policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
   workers_group_defaults_defaults = {
diff --git a/variables.tf b/variables.tf
index b7d560e4025..aca69a8d49d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -393,3 +393,9 @@ variable "wait_for_cluster_timeout" {
   type        = number
   default     = 300
 }
+
+variable "openid_connect_audiences" {
+  description = "List of OpenID Connect audience client IDs to add to the IRSA provider."
+  type        = list(string)
+  default     = []
+}
\ No newline at end of file

From 02c9a52f3b728e86bdb7feb537ee4e849f55efe2 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Tue, 31 Aug 2021 12:27:26 +0200
Subject: [PATCH 03/28] Updated CHANGELOG

---
 CHANGELOG.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd9c24d874d..da831927a21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,8 +10,14 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.5.0"></a>
+## [v17.5.0] - 2021-08-31
+FEATURES:
+- Allow users to add more Audiences to OpenID Connect ([#1451](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1451))
+
+
 <a name="v17.4.0"></a>
-## [v17.4.0] - 2021-08-26
+## [v17.4.0] - 2021-08-27
 BUG FIXES:
 - Discourage usage of iam_policy_attachment in example ([#1529](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1529))
 - Allow instance `Name` tag to be overwritten ([#1538](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1538))
@@ -425,7 +431,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...HEAD
+[v17.5.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...v17.5.0
 [v17.4.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.3.0...v17.4.0
 [v17.3.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.2.0...v17.3.0
 [v17.2.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.1.0...v17.2.0

From e1f54ba73f07a83aae8f73b04a112e24a738acc6 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin@particule.io>
Date: Tue, 31 Aug 2021 12:51:42 +0200
Subject: [PATCH 04/28] chore: Extract only tflint file in GH Actions (#1453)

---
 .github/workflows/pre-commit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index f5d5d776a8f..5a3c0ce7e11 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -92,7 +92,7 @@ jobs:
         run: |
           pip install pre-commit
           curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
-          curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
+          curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip tflint && rm tflint.zip && sudo mv tflint /usr/bin/
       - name: Execute pre-commit
         # Run all pre-commit checks on max version supported
         if: ${{ matrix.version ==  needs.getBaseVersion.outputs.maxVersion }}

From 8e1d5c11b798259c67f308d7f6c8afc5dfe14e9d Mon Sep 17 00:00:00 2001
From: Olesia Ivanenko <lisfo4ka@gmail.com>
Date: Tue, 31 Aug 2021 16:11:43 +0300
Subject: [PATCH 05/28] feat: Tags passed into worker_groups_launch_template
 extend var.tags for the volumes (#1397)

---
 examples/launch_templates/main.tf | 5 +++++
 local.tf                          | 2 +-
 workers_launch_template.tf        | 5 +++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/examples/launch_templates/main.tf b/examples/launch_templates/main.tf
index c01256fe585..cc1cbfb6909 100644
--- a/examples/launch_templates/main.tf
+++ b/examples/launch_templates/main.tf
@@ -53,6 +53,11 @@ module "eks" {
       instance_type        = "t3.small"
       asg_desired_capacity = 2
       public_ip            = true
+      tags = [{
+        key                 = "ExtraTag"
+        value               = "TagValue"
+        propagate_at_launch = true
+      }]
     },
     {
       name                 = "worker-group-2"
diff --git a/local.tf b/local.tf
index d31f1c929ce..fbaa04f3123 100644
--- a/local.tf
+++ b/local.tf
@@ -49,7 +49,7 @@ locals {
   policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
   workers_group_defaults_defaults = {
     name                              = "count.index"               # Name of the worker group. Literal count.index will never be used but if name is not set, the count.index interpolation will be used.
-    tags                              = []                          # A list of map defining extra tags to be applied to the worker group autoscaling group.
+    tags                              = []                          # A list of maps defining extra tags to be applied to the worker group autoscaling group and volumes.
     ami_id                            = ""                          # AMI ID for the eks linux based workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI based on platform.
     ami_id_windows                    = ""                          # AMI ID for the eks windows based workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI based on platform.
     asg_desired_capacity              = "1"                         # Desired worker capacity in the autoscaling group and changing its value will not affect the autoscaling group's desired capacity because the cluster-autoscaler manages up and down scaling of the nodes. Cluster-autoscaler add nodes when pods are in pending state and remove the nodes when they are not required by modifying the desired_capacity of the autoscaling group. Although an issue exists in which if the value of the asg_min_size is changed it modifies the value of asg_desired_capacity.
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
index 6e14b7dcb0e..d1d48186c0c 100644
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -547,6 +547,11 @@ resource "aws_launch_template" "workers_launch_template" {
         )}-eks_asg"
       },
       var.tags,
+      {
+        for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) :
+        tag["key"] => tag["value"]
+        if tag["key"] != "Name" && tag["propagate_at_launch"]
+      }
     )
   }
 

From 979d62d9b807db10ed3a6327c3554ee480175c62 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Tue, 31 Aug 2021 15:12:00 +0200
Subject: [PATCH 06/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index da831927a21..929e88baccb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.6.0"></a>
+## [v17.6.0] - 2021-08-31
+FEATURES:
+- Tags passed into worker_groups_launch_template extend var.tags for the volumes ([#1397](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1397))
+
+
 <a name="v17.5.0"></a>
 ## [v17.5.0] - 2021-08-31
 FEATURES:
@@ -431,7 +437,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...HEAD
+[v17.6.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...v17.6.0
 [v17.5.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...v17.5.0
 [v17.4.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.3.0...v17.4.0
 [v17.3.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.2.0...v17.3.0

From 19ce95d7b69c965de72db5eb90cfb396b9dbc767 Mon Sep 17 00:00:00 2001
From: Olesia Ivanenko <lisfo4ka@gmail.com>
Date: Thu, 2 Sep 2021 12:39:39 +0300
Subject: [PATCH 07/28] chore: Update client_id_list argument for OIDC provider
 (#1561)

---
 irsa.tf  | 2 +-
 local.tf | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/irsa.tf b/irsa.tf
index 9ef8d003c85..8c6e34d0302 100644
--- a/irsa.tf
+++ b/irsa.tf
@@ -9,7 +9,7 @@
 
 resource "aws_iam_openid_connect_provider" "oidc_provider" {
   count           = var.enable_irsa && var.create_eks ? 1 : 0
-  client_id_list  = local.sts_principal
+  client_id_list  = local.client_id_list
   thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
   url             = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]
 
diff --git a/local.tf b/local.tf
index fbaa04f3123..6fb5ccd68d1 100644
--- a/local.tf
+++ b/local.tf
@@ -43,8 +43,9 @@ locals {
     var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${tonumber(var.cluster_version) >= 1.14 ? var.cluster_version : 1.14}-*"
   )
 
-  ec2_principal = "ec2.${data.aws_partition.current.dns_suffix}"
-  sts_principal = compact(concat(["sts.${data.aws_partition.current.dns_suffix}"], var.openid_connect_audiences))
+  ec2_principal  = "ec2.${data.aws_partition.current.dns_suffix}"
+  sts_principal  = "sts.${data.aws_partition.current.dns_suffix}"
+  client_id_list = distinct(compact(concat([local.sts_principal], var.openid_connect_audiences)))
 
   policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
   workers_group_defaults_defaults = {

From bcea0708e6a53904eb30e79c80e2468cec2a374c Mon Sep 17 00:00:00 2001
From: Junaid Ali <junaidali.yahya@gmail.com>
Date: Thu, 2 Sep 2021 11:28:13 +0100
Subject: [PATCH 08/28] feat: Added throughput support for root and EBS disks
 (#1445)

---
 README.md                         |  4 ++--
 examples/launch_templates/main.tf | 17 +++++++++++++++++
 local.tf                          |  2 +-
 versions.tf                       |  2 +-
 workers.tf                        | 10 ++++++++++
 5 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 621202c1fe8..9107ca74364 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.40.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.44.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.4.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 1.11.1 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.4 |
@@ -152,7 +152,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.40.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 2.4.1 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 1.11.1 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 1.4 |
diff --git a/examples/launch_templates/main.tf b/examples/launch_templates/main.tf
index cc1cbfb6909..ad71e1382c6 100644
--- a/examples/launch_templates/main.tf
+++ b/examples/launch_templates/main.tf
@@ -73,5 +73,22 @@ module "eks" {
       public_ip                     = true
       elastic_inference_accelerator = "eia2.medium"
     },
+    {
+      name                   = "worker-group-4"
+      instance_type          = "t3.small"
+      asg_desired_capacity   = 1
+      public_ip              = true
+      root_volume_size       = 150
+      root_volume_type       = "gp3"
+      root_volume_throughput = 300
+      additional_ebs_volumes = [
+        {
+          block_device_name = "/dev/xvdb"
+          volume_size       = 100
+          volume_type       = "gp3"
+          throughput        = 150
+        },
+      ]
+    },
   ]
 }
diff --git a/local.tf b/local.tf
index 6fb5ccd68d1..7f4799d4182 100644
--- a/local.tf
+++ b/local.tf
@@ -93,7 +93,7 @@ locals {
     service_linked_role_arn           = ""                          # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS
     termination_policies              = []                          # A list of policies to decide how the instances in the auto scale group should be terminated.
     platform                          = local.default_platform      # Platform of workers. Either "linux" or "windows".
-    additional_ebs_volumes            = []                          # A list of additional volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), volume_size, volume_type, iops, encrypted, kms_key_id (only on launch-template), delete_on_termination. Optional values are grabbed from root volume or from defaults
+    additional_ebs_volumes            = []                          # A list of additional volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), volume_size, volume_type, iops, throughput, encrypted, kms_key_id (only on launch-template), delete_on_termination. Optional values are grabbed from root volume or from defaults
     additional_instance_store_volumes = []                          # A list of additional instance store (local disk) volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), virtual_name.
     warm_pool                         = null                        # If this block is configured, add a Warm Pool to the specified Auto Scaling group.
 
diff --git a/versions.tf b/versions.tf
index db42ebeb2fa..e448b56ecd9 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws        = ">= 3.40.0"
+    aws        = ">= 3.44.0"
     local      = ">= 1.4"
     kubernetes = ">= 1.11.1"
     http = {
diff --git a/workers.tf b/workers.tf
index 31a2ffd5685..c73046ea17d 100644
--- a/workers.tf
+++ b/workers.tf
@@ -304,6 +304,11 @@ resource "aws_launch_configuration" "workers" {
       "root_iops",
       local.workers_group_defaults["root_iops"],
     )
+    throughput = lookup(
+      var.worker_groups[count.index],
+      "root_volume_throughput",
+      local.workers_group_defaults["root_volume_throughput"],
+    )
     delete_on_termination = true
   }
 
@@ -327,6 +332,11 @@ resource "aws_launch_configuration" "workers" {
         "iops",
         local.workers_group_defaults["root_iops"],
       )
+      throughput = lookup(
+        ebs_block_device.value,
+        "throughput",
+        local.workers_group_defaults["root_volume_throughput"],
+      )
       encrypted = lookup(
         ebs_block_device.value,
         "encrypted",

From c2bd137152945317124c4cded258f12662d267f4 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Thu, 2 Sep 2021 12:28:28 +0200
Subject: [PATCH 09/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 929e88baccb..f18393ca843 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.7.0"></a>
+## [v17.7.0] - 2021-09-02
+FEATURES:
+- Added throughput support for root and EBS disks ([#1445](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1445))
+
+
 <a name="v17.6.0"></a>
 ## [v17.6.0] - 2021-08-31
 FEATURES:
@@ -437,7 +443,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...HEAD
+[v17.7.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...v17.7.0
 [v17.6.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...v17.6.0
 [v17.5.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...v17.5.0
 [v17.4.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.3.0...v17.4.0

From 7f3b695ef143a806e1afb392b0d78f9411e8bb9a Mon Sep 17 00:00:00 2001
From: Yves-Olivier Laroche <yves.laroche@bluecoala.com>
Date: Fri, 3 Sep 2021 09:37:00 +0100
Subject: [PATCH 10/28] fix: Put KubeletExtraArgs in double quotes for Windows
 (#1082)

---
 templates/userdata_windows.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/userdata_windows.tpl b/templates/userdata_windows.tpl
index 61be8e8b110..e8856838f1c 100644
--- a/templates/userdata_windows.tpl
+++ b/templates/userdata_windows.tpl
@@ -4,7 +4,7 @@ ${pre_userdata}
 [string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS"
 [string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1'
 [string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName"
-& $EKSBootstrapScriptFile -EKSClusterName ${cluster_name} -KubeletExtraArgs '${kubelet_extra_args}' 3>&1 4>&1 5>&1 6>&1
+& $EKSBootstrapScriptFile -EKSClusterName ${cluster_name} -KubeletExtraArgs "${kubelet_extra_args}" 3>&1 4>&1 5>&1 6>&1
 $LastError = if ($?) { 0 } else { $Error[0].Exception.HResult }
 
 ${additional_userdata}

From a9c29719e8a2c6d7ab2cf961b8d6073d10a7247a Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 3 Sep 2021 10:45:04 +0200
Subject: [PATCH 11/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f18393ca843..1032332efc9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.8.0"></a>
+## [v17.8.0] - 2021-09-03
+BUG FIXES:
+- Put KubeletExtraArgs in double quotes for Windows ([#1082](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1082))
+
+
 <a name="v17.7.0"></a>
 ## [v17.7.0] - 2021-09-02
 FEATURES:
@@ -443,7 +449,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...HEAD
+[v17.8.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...v17.8.0
 [v17.7.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...v17.7.0
 [v17.6.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...v17.6.0
 [v17.5.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.4.0...v17.5.0

From c2490c5148e11ee8ace3811cea1e61d42680a4b4 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 3 Sep 2021 16:54:59 +0200
Subject: [PATCH 12/28] feat: Ability to tag just EKS cluster (#1569)

---
 README.md    | 1 +
 cluster.tf   | 5 ++++-
 variables.tf | 6 ++++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9107ca74364..693e017c13f 100644
--- a/README.md
+++ b/README.md
@@ -239,6 +239,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. Also used as a prefix in names of related resources. | `string` | n/a | yes |
 | <a name="input_cluster_security_group_id"></a> [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | `string` | `""` | no |
 | <a name="input_cluster_service_ipv4_cidr"></a> [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | service ipv4 cidr for the kubernetes cluster | `string` | `null` | no |
+| <a name="input_cluster_tags"></a> [cluster\_tags](#input\_cluster\_tags) | A map of tags to add to just the eks resource. | `map(string)` | `{}` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster. | `string` | n/a | yes |
 | <a name="input_create_eks"></a> [create\_eks](#input\_create\_eks) | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no |
 | <a name="input_create_fargate_pod_execution_role"></a> [create\_fargate\_pod\_execution\_role](#input\_create\_fargate\_pod\_execution\_role) | Controls if the EKS Fargate pod execution IAM role should be created. | `bool` | `true` | no |
diff --git a/cluster.tf b/cluster.tf
index 13d38a09a7a..4e5086c8534 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -12,7 +12,10 @@ resource "aws_eks_cluster" "this" {
   enabled_cluster_log_types = var.cluster_enabled_log_types
   role_arn                  = local.cluster_iam_role_arn
   version                   = var.cluster_version
-  tags                      = var.tags
+  tags = merge(
+    var.tags,
+    var.cluster_tags,
+  )
 
   vpc_config {
     security_group_ids      = compact([local.cluster_security_group_id])
diff --git a/variables.tf b/variables.tf
index aca69a8d49d..064243605fa 100644
--- a/variables.tf
+++ b/variables.tf
@@ -98,6 +98,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "cluster_tags" {
+  description = "A map of tags to add to just the eks resource."
+  type        = map(string)
+  default     = {}
+}
+
 variable "vpc_id" {
   description = "VPC where the cluster and workers will be deployed."
   type        = string

From b7413b3e37856a7a7697dc67e79c5e9e17521d9d Mon Sep 17 00:00:00 2001
From: Robert Kozak <Robert.kozak@emburse.com>
Date: Fri, 3 Sep 2021 08:07:59 -0700
Subject: [PATCH 13/28] feat: Allow override of timeouts in node_groups (#1552)

---
 README.md                          | 1 +
 local.tf                           | 1 +
 modules/node_groups/README.md      | 2 ++
 modules/node_groups/locals.tf      | 1 +
 modules/node_groups/node_groups.tf | 6 ++++++
 modules/node_groups/variables.tf   | 5 +++++
 node_groups.tf                     | 1 +
 variables.tf                       | 9 ++++++++-
 8 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 693e017c13f..a0638a01f1b 100644
--- a/README.md
+++ b/README.md
@@ -267,6 +267,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only. | `map(string)` | `{}` | no |
+| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | A map of timeouts for create/update/delete operations. | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC where the cluster and workers will be deployed. | `string` | n/a | yes |
 | <a name="input_wait_for_cluster_timeout"></a> [wait\_for\_cluster\_timeout](#input\_wait\_for\_cluster\_timeout) | A timeout (in seconds) to wait for cluster to be available. | `number` | `300` | no |
 | <a name="input_worker_additional_security_group_ids"></a> [worker\_additional\_security\_group\_ids](#input\_worker\_additional\_security\_group\_ids) | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no |
diff --git a/local.tf b/local.tf
index 7f4799d4182..6064876f863 100644
--- a/local.tf
+++ b/local.tf
@@ -96,6 +96,7 @@ locals {
     additional_ebs_volumes            = []                          # A list of additional volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), volume_size, volume_type, iops, throughput, encrypted, kms_key_id (only on launch-template), delete_on_termination. Optional values are grabbed from root volume or from defaults
     additional_instance_store_volumes = []                          # A list of additional instance store (local disk) volumes to be attached to the instances on this Auto Scaling group. Each volume should be an object with the following: block_device_name (required), virtual_name.
     warm_pool                         = null                        # If this block is configured, add a Warm Pool to the specified Auto Scaling group.
+    timeouts                          = {}                          # A map of timeouts for create/update/delete operations
 
     # Settings for launch templates
     root_block_device_name               = concat(data.aws_ami.eks_worker.*.root_device_name, [""])[0]         # Root device name for Linux workers. If not provided, will assume default Linux AMI was used.
diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
index 1ac6612eab1..4811e1a7091 100644
--- a/modules/node_groups/README.md
+++ b/modules/node_groups/README.md
@@ -48,6 +48,7 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | subnets | Subnets to contain workers | list(string) | `var.workers_group_defaults[subnets]` |
 | version | Kubernetes version | string | Provider default behavior |
 | taints | Kubernetes node taints | list(map) | empty |
+| timeouts | A map of timeouts for create/update/delete operations. | `map(string)` | Provider default behavior |
 | update_default_version | Whether or not to set the new launch template version the Default | bool | `true` |
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -89,6 +90,7 @@ No modules.
 | <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no |
 | <a name="input_node_groups_defaults"></a> [node\_groups\_defaults](#input\_node\_groups\_defaults) | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes |
+| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | A map of timeouts for create/update/delete operations. | `map(string)` | n/a | yes |
 | <a name="input_worker_additional_security_group_ids"></a> [worker\_additional\_security\_group\_ids](#input\_worker\_additional\_security\_group\_ids) | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no |
 | <a name="input_worker_security_group_id"></a> [worker\_security\_group\_id](#input\_worker\_security\_group\_id) | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no |
 | <a name="input_workers_group_defaults"></a> [workers\_group\_defaults](#input\_workers\_group\_defaults) | Workers group defaults from parent | `any` | n/a | yes |
diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf
index da8d20e582d..6d40e038080 100644
--- a/modules/node_groups/locals.tf
+++ b/modules/node_groups/locals.tf
@@ -24,6 +24,7 @@ locals {
       pre_userdata                  = var.workers_group_defaults["pre_userdata"]
       additional_security_group_ids = var.workers_group_defaults["additional_security_group_ids"]
       taints                        = []
+      timeouts                      = var.workers_group_defaults["timeouts"]
       update_default_version        = true
       ebs_optimized                 = null
     },
diff --git a/modules/node_groups/node_groups.tf b/modules/node_groups/node_groups.tf
index 4e3bf596ada..865f3ae6344 100644
--- a/modules/node_groups/node_groups.tf
+++ b/modules/node_groups/node_groups.tf
@@ -69,6 +69,12 @@ resource "aws_eks_node_group" "workers" {
     }
   }
 
+  timeouts {
+    create = lookup(each.value["timeouts"], "create", null)
+    update = lookup(each.value["timeouts"], "update", null)
+    delete = lookup(each.value["timeouts"], "delete", null)
+  }
+
   version = lookup(each.value, "version", null)
 
   labels = merge(
diff --git a/modules/node_groups/variables.tf b/modules/node_groups/variables.tf
index 52209e5ef0e..d881968b06a 100644
--- a/modules/node_groups/variables.tf
+++ b/modules/node_groups/variables.tf
@@ -36,6 +36,11 @@ variable "tags" {
   type        = map(string)
 }
 
+variable "timeouts" {
+  description = "A map of timeouts for create/update/delete operations."
+  type        = map(string)
+}
+
 variable "node_groups_defaults" {
   description = "map of maps of node groups to create. See \"`node_groups` and `node_groups_defaults` keys\" section in README.md for more details"
   type        = any
diff --git a/node_groups.tf b/node_groups.tf
index ec483b8f02a..2a3580828a6 100644
--- a/node_groups.tf
+++ b/node_groups.tf
@@ -7,6 +7,7 @@ module "node_groups" {
   worker_security_group_id             = local.worker_security_group_id
   worker_additional_security_group_ids = var.worker_additional_security_group_ids
   tags                                 = var.tags
+  timeouts                             = var.timeouts
   node_groups_defaults                 = var.node_groups_defaults
   node_groups                          = var.node_groups
   ebs_optimized_not_supported          = local.ebs_optimized_not_supported
diff --git a/variables.tf b/variables.tf
index 064243605fa..b2019fafc45 100644
--- a/variables.tf
+++ b/variables.tf
@@ -104,6 +104,12 @@ variable "cluster_tags" {
   default     = {}
 }
 
+variable "timeouts" {
+  description = "A map of timeouts for create/update/delete operations."
+  type        = map(string)
+  default     = {}
+}
+
 variable "vpc_id" {
   description = "VPC where the cluster and workers will be deployed."
   type        = string
@@ -404,4 +410,5 @@ variable "openid_connect_audiences" {
   description = "List of OpenID Connect audience client IDs to add to the IRSA provider."
   type        = list(string)
   default     = []
-}
\ No newline at end of file
+}
+

From be71ef203bdbedecaf74015b54f344407347b2e6 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 3 Sep 2021 17:08:20 +0200
Subject: [PATCH 14/28] Updated CHANGELOG

---
 CHANGELOG.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1032332efc9..11e37795a23 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,13 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.9.0"></a>
+## [v17.9.0] - 2021-09-03
+FEATURES:
+- Allow override of timeouts in node_groups ([#1552](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1552))
+- Ability to tag just EKS cluster ([#1569](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1569))
+
+
 <a name="v17.8.0"></a>
 ## [v17.8.0] - 2021-09-03
 BUG FIXES:
@@ -449,7 +456,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...HEAD
+[v17.9.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...v17.9.0
 [v17.8.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...v17.8.0
 [v17.7.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...v17.7.0
 [v17.6.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.5.0...v17.6.0

From f23f729980e8610d3e641210ecda9eb29224de86 Mon Sep 17 00:00:00 2001
From: marianobilli <14143004+marianobilli@users.noreply.github.com>
Date: Fri, 3 Sep 2021 22:56:17 +0200
Subject: [PATCH 15/28] feat: Added support for update_config in EKS managed
 node groups (#1560)

---
 examples/managed_node_groups/main.tf | 3 +++
 modules/node_groups/README.md        | 2 ++
 modules/node_groups/node_groups.tf   | 9 +++++++++
 3 files changed, 14 insertions(+)

diff --git a/examples/managed_node_groups/main.tf b/examples/managed_node_groups/main.tf
index 4c8b3fed6c6..b6193147566 100644
--- a/examples/managed_node_groups/main.tf
+++ b/examples/managed_node_groups/main.tf
@@ -95,6 +95,9 @@ module "eks" {
           effect = "NO_SCHEDULE"
         }
       ]
+      update_config = {
+        max_unavailable_percentage = 50 # or set `max_unavailable`
+      }
     }
   }
 
diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
index 4811e1a7091..685c6e5533e 100644
--- a/modules/node_groups/README.md
+++ b/modules/node_groups/README.md
@@ -40,6 +40,8 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | launch\_template_version | The version of the LT to use | string | none |
 | max\_capacity | Max number of workers | number | `var.workers_group_defaults[asg_max_size]` |
 | min\_capacity | Min number of workers | number | `var.workers_group_defaults[asg_min_size]` |
+| update_config.max\_unavailable\_percentage | Max percentage of unavailable nodes during update. (e.g. 25, 50, etc) | number | `null` if `update_config.max_unavailable` is set |
+| update_config.max\_unavailable | Max number of unavailable nodes during update  | number | `null` if `update_config.max_unavailable_percentage` is set |
 | name | Name of the node group. If you don't really need this, we recommend you to use `name_prefix` instead. | string | Will use the autogenerate name prefix |
 | name_prefix | Name prefix of the node group | string | Auto generated |
 | pre_userdata | userdata to pre-append to the default userdata. Require `create_launch_template` to be `true`| string | "" |
diff --git a/modules/node_groups/node_groups.tf b/modules/node_groups/node_groups.tf
index 865f3ae6344..134d38345c0 100644
--- a/modules/node_groups/node_groups.tf
+++ b/modules/node_groups/node_groups.tf
@@ -69,6 +69,15 @@ resource "aws_eks_node_group" "workers" {
     }
   }
 
+  dynamic "update_config" {
+    for_each = try(each.value.update_config.max_unavailable_percentage > 0, each.value.update_config.max_unavailable > 0, false) ? [true] : []
+
+    content {
+      max_unavailable_percentage = try(each.value.update_config.max_unavailable_percentage, null)
+      max_unavailable            = try(each.value.update_config.max_unavailable, null)
+    }
+  }
+
   timeouts {
     create = lookup(each.value["timeouts"], "create", null)
     update = lookup(each.value["timeouts"], "update", null)

From ff0360fd60ee743f220d8f84d562381c217bc719 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 3 Sep 2021 22:56:31 +0200
Subject: [PATCH 16/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11e37795a23..628257d747b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.10.0"></a>
+## [v17.10.0] - 2021-09-03
+FEATURES:
+- Added support for update_config in EKS managed node groups ([#1560](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1560))
+
+
 <a name="v17.9.0"></a>
 ## [v17.9.0] - 2021-09-03
 FEATURES:
@@ -456,7 +462,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...HEAD
+[v17.10.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...v17.10.0
 [v17.9.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...v17.9.0
 [v17.8.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...v17.8.0
 [v17.7.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.6.0...v17.7.0

From 40e47a40202e581c6a09b107e47325e50d3afab8 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Sat, 4 Sep 2021 10:46:48 +0200
Subject: [PATCH 17/28] fix: Updated required version of AWS provider to 3.56.0
 (#1571)

---
 README.md                                | 4 ++--
 examples/managed_node_groups/versions.tf | 2 +-
 modules/node_groups/README.md            | 4 ++--
 modules/node_groups/versions.tf          | 2 +-
 versions.tf                              | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index a0638a01f1b..082b6e463a6 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.44.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.56.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.4.1 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 1.11.1 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.4 |
@@ -152,7 +152,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.56.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 2.4.1 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 1.11.1 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 1.4 |
diff --git a/examples/managed_node_groups/versions.tf b/examples/managed_node_groups/versions.tf
index 6e29ae8f1b4..47f7c05e43d 100644
--- a/examples/managed_node_groups/versions.tf
+++ b/examples/managed_node_groups/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws        = ">= 3.22.0"
+    aws        = ">= 3.56.0"
     local      = ">= 1.4"
     random     = ">= 2.1"
     kubernetes = "~> 1.11"
diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
index 685c6e5533e..10c4cbaf63d 100644
--- a/modules/node_groups/README.md
+++ b/modules/node_groups/README.md
@@ -59,13 +59,13 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.43.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.56.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.43.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.56.0 |
 | <a name="provider_cloudinit"></a> [cloudinit](#provider\_cloudinit) | n/a |
 
 ## Modules
diff --git a/modules/node_groups/versions.tf b/modules/node_groups/versions.tf
index c68eb70217f..ea2a91d7da5 100644
--- a/modules/node_groups/versions.tf
+++ b/modules/node_groups/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws = ">= 3.43.0"
+    aws = ">= 3.56.0"
   }
 }
diff --git a/versions.tf b/versions.tf
index e448b56ecd9..aa74ab7bf1c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws        = ">= 3.44.0"
+    aws        = ">= 3.56.0"
     local      = ">= 1.4"
     kubernetes = ">= 1.11.1"
     http = {

From 013afb0cc6ff6178d72ec8639827ee023e61753b Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Sat, 4 Sep 2021 10:47:46 +0200
Subject: [PATCH 18/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 628257d747b..6a872175aaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.11.0"></a>
+## [v17.11.0] - 2021-09-04
+BUG FIXES:
+- Updated required version of AWS provider to 3.56.0 ([#1571](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1571))
+
+
 <a name="v17.10.0"></a>
 ## [v17.10.0] - 2021-09-03
 FEATURES:
@@ -462,7 +468,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...HEAD
+[v17.11.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...v17.11.0
 [v17.10.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...v17.10.0
 [v17.9.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...v17.9.0
 [v17.8.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.7.0...v17.8.0

From 7512f171c9a84a28fc1ddc658f08748ab221145b Mon Sep 17 00:00:00 2001
From: nikitacr7 <nikitameshanenko@gmail.com>
Date: Mon, 6 Sep 2021 12:25:31 +0300
Subject: [PATCH 19/28] feat: Add ability to tag network-interface using Launch
 Template (#1563)

---
 .../launchtemplate.tf                         |  9 +++++++++
 modules/node_groups/launch_template.tf        | 14 +++++++++++++
 workers_launch_template.tf                    | 20 +++++++++++++++++++
 3 files changed, 43 insertions(+)

diff --git a/examples/launch_templates_with_managed_node_groups/launchtemplate.tf b/examples/launch_templates_with_managed_node_groups/launchtemplate.tf
index e66bad1a9f2..2494a7a688e 100644
--- a/examples/launch_templates_with_managed_node_groups/launchtemplate.tf
+++ b/examples/launch_templates_with_managed_node_groups/launchtemplate.tf
@@ -80,6 +80,15 @@ resource "aws_launch_template" "default" {
     }
   }
 
+  # Supplying custom tags to EKS instances ENI's is another use-case for LaunchTemplates
+  tag_specifications {
+    resource_type = "network-interface"
+
+    tags = {
+      CustomTag = "EKS example"
+    }
+  }
+
   # Tag the LT itself
   tags = {
     CustomTag = "EKS example"
diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
index f70d2f5838f..40bcf17713e 100644
--- a/modules/node_groups/launch_template.tf
+++ b/modules/node_groups/launch_template.tf
@@ -103,6 +103,20 @@ resource "aws_launch_template" "workers" {
     )
   }
 
+  # Supplying custom tags to EKS instances ENI's is another use-case for LaunchTemplates
+  tag_specifications {
+    resource_type = "network-interface"
+
+    tags = merge(
+      var.tags,
+      {
+        Name = local.node_groups_names[each.key]
+      },
+      lookup(var.node_groups_defaults, "additional_tags", {}),
+      lookup(var.node_groups[each.key], "additional_tags", {})
+    )
+  }
+
   # Tag the LT itself
   tags = merge(
     var.tags,
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
index d1d48186c0c..9da5a16d04b 100644
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -573,6 +573,26 @@ resource "aws_launch_template" "workers_launch_template" {
     )
   }
 
+  tag_specifications {
+    resource_type = "network-interface"
+
+    tags = merge(
+      {
+        "Name" = "${coalescelist(aws_eks_cluster.this[*].name, [""])[0]}-${lookup(
+          var.worker_groups_launch_template[count.index],
+          "name",
+          count.index,
+        )}-eks_asg"
+      },
+      var.tags,
+      {
+        for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) :
+        tag["key"] => tag["value"]
+        if tag["key"] != "Name" && tag["propagate_at_launch"]
+      }
+    )
+  }
+
   tags = var.tags
 
   lifecycle {

From 577e16d167a20b2f7d29e7a36849bda2e964da31 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 6 Sep 2021 11:25:52 +0200
Subject: [PATCH 20/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a872175aaa..39db1a8b879 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.12.0"></a>
+## [v17.12.0] - 2021-09-06
+FEATURES:
+- Add ability to tag network-interface using Launch Template ([#1563](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1563))
+
+
 <a name="v17.11.0"></a>
 ## [v17.11.0] - 2021-09-04
 BUG FIXES:
@@ -468,7 +474,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...HEAD
+[v17.12.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...v17.12.0
 [v17.11.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...v17.11.0
 [v17.10.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...v17.10.0
 [v17.9.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.8.0...v17.9.0

From 752c1836786f4c4ca657b0864d691ec436ed4a6d Mon Sep 17 00:00:00 2001
From: Sungho Spark <73847248+sunghospark-calm@users.noreply.github.com>
Date: Mon, 6 Sep 2021 04:40:50 -0700
Subject: [PATCH 21/28] fix: Worker security group handling when
 worker_create_security_group=false (#1461)

---
 cluster.tf                             | 2 +-
 modules/node_groups/launch_template.tf | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cluster.tf b/cluster.tf
index 4e5086c8534..e35d8e864c2 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -80,7 +80,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.cluster_create_security_group && var.create_eks ? 1 : 0
+  count                    = var.cluster_create_security_group && var.create_eks && var.worker_create_security_group ? 1 : 0
   description              = "Allow pods to communicate with the EKS cluster API."
   protocol                 = "tcp"
   security_group_id        = local.cluster_security_group_id
diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
index 40bcf17713e..84fa7552cff 100644
--- a/modules/node_groups/launch_template.tf
+++ b/modules/node_groups/launch_template.tf
@@ -52,7 +52,7 @@ resource "aws_launch_template" "workers" {
   network_interfaces {
     associate_public_ip_address = lookup(each.value, "public_ip", null)
     delete_on_termination       = lookup(each.value, "eni_delete", null)
-    security_groups = flatten([
+    security_groups = compact(flatten([
       var.worker_security_group_id,
       var.worker_additional_security_group_ids,
       lookup(
@@ -60,7 +60,7 @@ resource "aws_launch_template" "workers" {
         "additional_security_group_ids",
         null,
       ),
-    ])
+    ]))
   }
 
   # if you want to use a custom AMI

From d1d135b13f3075afca457bf4d25986a5d4a47dd7 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 6 Sep 2021 13:41:09 +0200
Subject: [PATCH 22/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39db1a8b879..ebd0104e583 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.13.0"></a>
+## [v17.13.0] - 2021-09-06
+BUG FIXES:
+- Worker security group handling when worker_create_security_group=false ([#1461](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1461))
+
+
 <a name="v17.12.0"></a>
 ## [v17.12.0] - 2021-09-06
 FEATURES:
@@ -474,7 +480,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.13.0...HEAD
+[v17.13.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...v17.13.0
 [v17.12.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...v17.12.0
 [v17.11.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...v17.11.0
 [v17.10.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.9.0...v17.10.0

From 710903170f9d39129bb30c5018eba70ac88a92e5 Mon Sep 17 00:00:00 2001
From: Olesia Ivanenko <lisfo4ka@gmail.com>
Date: Mon, 6 Sep 2021 15:04:56 +0300
Subject: [PATCH 23/28] feat: Create SG rule for each new
 cluster_endpoint_private_access_cidr block (#1549)

---
 cluster.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cluster.tf b/cluster.tf
index e35d8e864c2..7d345568865 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -91,13 +91,13 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
 }
 
 resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {
-  count       = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_cidrs != null ? 1 : 0
+  for_each    = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_cidrs != null ? toset(var.cluster_endpoint_private_access_cidrs) : []
   description = "Allow private K8S API ingress from custom CIDR source."
   type        = "ingress"
   from_port   = 443
   to_port     = 443
   protocol    = "tcp"
-  cidr_blocks = var.cluster_endpoint_private_access_cidrs
+  cidr_blocks = [each.value]
 
   security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
 }

From 7f8232c570786dcf33eff71bc5b5b187e6066db2 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 6 Sep 2021 14:05:53 +0200
Subject: [PATCH 24/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ebd0104e583..12256b7a62a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.14.0"></a>
+## [v17.14.0] - 2021-09-06
+FEATURES:
+- Create SG rule for each new cluster_endpoint_private_access_cidr block ([#1549](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1549))
+
+
 <a name="v17.13.0"></a>
 ## [v17.13.0] - 2021-09-06
 BUG FIXES:
@@ -480,7 +486,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.13.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.14.0...HEAD
+[v17.14.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.13.0...v17.14.0
 [v17.13.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...v17.13.0
 [v17.12.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...v17.12.0
 [v17.11.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.10.0...v17.11.0

From 4a7678d37246ca07630c2c19d9fc4dd873cee2b5 Mon Sep 17 00:00:00 2001
From: DayneD89 <dayned89@gmail.com>
Date: Mon, 6 Sep 2021 14:15:38 +0100
Subject: [PATCH 25/28] feat: Added ability to pass different subnets for
 fargate and the cluster (#1527)

---
 README.md                | 1 +
 examples/fargate/main.tf | 3 ++-
 fargate.tf               | 2 +-
 variables.tf             | 6 ++++++
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 082b6e463a6..06b05eb3efa 100644
--- a/README.md
+++ b/README.md
@@ -247,6 +247,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Whether to create OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no |
 | <a name="input_fargate_pod_execution_role_name"></a> [fargate\_pod\_execution\_role\_name](#input\_fargate\_pod\_execution\_role\_name) | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no |
 | <a name="input_fargate_profiles"></a> [fargate\_profiles](#input\_fargate\_profiles) | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no |
+| <a name="input_fargate_subnets"></a> [fargate\_subnets](#input\_fargate\_subnets) | A list of subnets to place fargate workers within (if different from subnets). | `list(string)` | `[]` | no |
 | <a name="input_iam_path"></a> [iam\_path](#input\_iam\_path) | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no |
 | <a name="input_kubeconfig_aws_authenticator_additional_args"></a> [kubeconfig\_aws\_authenticator\_additional\_args](#input\_kubeconfig\_aws\_authenticator\_additional\_args) | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no |
 | <a name="input_kubeconfig_aws_authenticator_command"></a> [kubeconfig\_aws\_authenticator\_command](#input\_kubeconfig\_aws\_authenticator\_command) | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no |
diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
index 0697a58c6be..254793fb6e2 100644
--- a/examples/fargate/main.tf
+++ b/examples/fargate/main.tf
@@ -61,7 +61,8 @@ module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
   cluster_version = "1.20"
-  subnets         = module.vpc.private_subnets
+  subnets         = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]]
+  fargate_subnets = [module.vpc.private_subnets[2]]
 
   tags = {
     Environment = "test"
diff --git a/fargate.tf b/fargate.tf
index 413c582a9c9..f48aa34f01e 100644
--- a/fargate.tf
+++ b/fargate.tf
@@ -8,7 +8,7 @@ module "fargate" {
   permissions_boundary              = var.permissions_boundary
   iam_path                          = var.iam_path
   iam_policy_arn_prefix             = local.policy_arn_prefix
-  subnets                           = var.subnets
+  subnets                           = coalescelist(var.fargate_subnets, var.subnets)
   tags                              = var.tags
 
   # Hack to ensure ordering of resource creation.
diff --git a/variables.tf b/variables.tf
index b2019fafc45..9b94c992f2b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,6 +87,12 @@ variable "map_users" {
   default = []
 }
 
+variable "fargate_subnets" {
+  description = "A list of subnets to place fargate workers within (if different from subnets)."
+  type        = list(string)
+  default     = []
+}
+
 variable "subnets" {
   description = "A list of subnets to place the EKS cluster and workers within."
   type        = list(string)

From a9b84558b1abb4ca2a4dd07f571439ccfff79f9d Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 6 Sep 2021 15:16:04 +0200
Subject: [PATCH 26/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 12256b7a62a..f86847ccbab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.15.0"></a>
+## [v17.15.0] - 2021-09-06
+FEATURES:
+- Added ability to pass different subnets for fargate and the cluster ([#1527](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1527))
+
+
 <a name="v17.14.0"></a>
 ## [v17.14.0] - 2021-09-06
 FEATURES:
@@ -486,7 +492,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.14.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.15.0...HEAD
+[v17.15.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.14.0...v17.15.0
 [v17.14.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.13.0...v17.14.0
 [v17.13.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...v17.13.0
 [v17.12.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.11.0...v17.12.0

From a4aef989cbc669c329ed2682f79dc121eb95d8cd Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 8 Sep 2021 09:30:10 +0200
Subject: [PATCH 27/28] fix: Fixed coalescelist() with subnets in fargate
 module (#1576)

---
 fargate.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fargate.tf b/fargate.tf
index f48aa34f01e..ddba3bd04b6 100644
--- a/fargate.tf
+++ b/fargate.tf
@@ -8,7 +8,7 @@ module "fargate" {
   permissions_boundary              = var.permissions_boundary
   iam_path                          = var.iam_path
   iam_policy_arn_prefix             = local.policy_arn_prefix
-  subnets                           = coalescelist(var.fargate_subnets, var.subnets)
+  subnets                           = coalescelist(var.fargate_subnets, var.subnets, [""])
   tags                              = var.tags
 
   # Hack to ensure ordering of resource creation.

From 281e46a0e3d027208559aad4c31ecd05ea560d22 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 8 Sep 2021 09:30:30 +0200
Subject: [PATCH 28/28] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f86847ccbab..d38679c5b25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v17.16.0"></a>
+## [v17.16.0] - 2021-09-08
+BUG FIXES:
+- Fixed coalescelist() with subnets in fargate module ([#1576](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1576))
+
+
 <a name="v17.15.0"></a>
 ## [v17.15.0] - 2021-09-06
 FEATURES:
@@ -492,7 +498,8 @@ CI:
 - Restrict sementic PR to validate PR title only ([#804](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/804))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.15.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.16.0...HEAD
+[v17.16.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.15.0...v17.16.0
 [v17.15.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.14.0...v17.15.0
 [v17.14.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.13.0...v17.14.0
 [v17.13.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v17.12.0...v17.13.0