EKS Terraform Upgrade Issue v17.24.0 -> v20.34.0

When upgrading the EKS Terraform module from v17.24.0 to v20.34.0, the issue you're experiencing with the role_arn attribute forcing a cluster replacement is a common challenge. This happens because the module structure has changed significantly between these versions.

The key to avoiding cluster recreation is to ensure the role ARN remains exactly the same. Here are some approaches to resolve this:

1. Use the moved block: In Terraform 1.1+, you can use a moved block to tell Terraform that a resource has been moved to a new address without requiring recreation. This helps Terraform understand that the resource is the same despite structural changes in the module.

2. Import the existing state: You might need to import the existing cluster state into the new module structure to maintain continuity.

3. Use ignore_changes: Add a lifecycle block with ignore_changes = [role_arn] to prevent Terraform from trying to modify this attribute.

4. Explicitly set the role_arn: Instead of letting the module calculate it, explicitly provide the exact same role ARN that was used previously as an input variable to the module.

5. Staged migration: Consider a staged approach where you first modify your Terraform configuration to explicitly reference the existing role ARN before upgrading the module version.

Before proceeding with the upgrade in production, it's highly recommended to test this approach in a staging environment that mirrors your production setup as closely as possible. This will help identify any other potential issues with the upgrade process.

If you're using Terraform with a CI/CD pipeline, you might want to temporarily disable automatic applies and carefully review the plan output before proceeding with the actual apply.
Sources
EKS Upgrade from 1.29 to 1.30 | AWS re:Post
Terraform and ECS: Task definition revision not sync with terraform state file | AWS re:Post