Terraform EKS error Network interfaces and an instance-level security groups may not be specified

Question

Terraform gave me this error, which is not making sense to me. This occurred when I tried to create aws_eks_node_group for an AWS EKS cluster using terraform.

module.compute.aws_launch_template.eks: Modifications complete after 2s [id=xx] module.compute.aws_eks_node_group.nodegrp: Creating...

Error: error creating EKS Node Group (xxxx): InvalidRequestException: Network interfaces and an instance-level security groups may not be specified on the same request {
RespMetadata: { StatusCode: 400, RequestID: "xx" }, Message_: "Network interfaces and an instance-level security groups may not be specified on the same request" }

I have used aws_launch_template for creating the nodes. like so:

And the launch template is defined as:

Answer 1

So, after reviewing the configuration, nothing came to me.

Then I commented out vpc_security_group_ids = [data.aws_security_group.nodes.id] from the configuration of resource "aws_launch_template" "eks".

The below two lines cannot be together in launch template. As both define the security groups.

vpc_security_group_ids = [data.aws_security_group.nodes.id] and network_interfaces {}

And Terraform was able to proceed to create the aws_eks_node_group as AWS APIs stopped complaining.

There is another issue with this configuration, that I am yet to figure out. I think, the custom AMIs on EKS are still buggy.

After 23 minutes of waiting time, it says configuration is not supported.

module.compute.aws_eks_node_group.nodegrp: Still creating... [23m20s elapsed]

Error: error waiting for EKS Node Group (qa-svr-centinela-eks-cluster01:qa-svr-centinela-nodegroup01) creation: AsgInstanceLaunchFailures: Could not launch On-Demand Instances. Unsupported - The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed.. Resource IDs: [eks-76bb2498-fabb-dfe7-2b3d-c0a80ad965cf]