fix: add depends_on to storage class to wait for EKS access entry

ausbru87 · ausbru87 · commit 140f59885686 · 2026-03-30T04:36:24.000Z
The storage class had no implicit dependency on the EKS module
(it only references locals from remote state). Terraform created it
in parallel with the access entry, racing the RBAC propagation.
diff --git a/infra/terraform/3-eks/storage.tf b/infra/terraform/3-eks/storage.tf
@@ -21,4 +21,9 @@ resource "kubernetes_storage_class_v1" "gp3_encrypted" {
     encrypted = "true"
     kmsKeyId  = local.kms_key_arn
   }
+
+  # Wait for EKS access entry to propagate before talking to the
+  # K8s API. Without this, the storage class creation races the
+  # RBAC grant and fails with "forbidden."
+  depends_on = [module.eks]
 }

Original file line number	Diff line number	Diff line change
`@@ -21,4 +21,9 @@ resource "kubernetes_storage_class_v1" "gp3_encrypted" {`
`21`	`21`	`encrypted = "true"`
`22`	`22`	`kmsKeyId = local.kms_key_arn`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+ # Wait for EKS access entry to propagate before talking to the`
	`26`	`+ # K8s API. Without this, the storage class creation races the`
	`27`	`+ # RBAC grant and fails with "forbidden."`
	`28`	`+ depends_on = [module.eks]`
`24`	`29`	`}`