https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_policy_association
When creating an EKS access policy association, a corresponding EKS access entry with the same principal_arn must exist already. Since none of the aws_eks_access_policy_association arguments access derivative attributes of an aws_eks_access_entry it appears that terraform is unaware of this dependency.
Even worse if you are only creating a couple EKS access entries and corresponding policy associations the terraform will not fail as it appears the aws_eks_access_policy_association will keep retrying until it can be created. As soon as you have a large number of paired entries and associations you will see failed terraform runs as terraform seems to apply batches of aws_eks_access_policy_association resources before even trying to create the corresponding aws_eks_access_entry resources. The only reliable fix is to add a depends_on block to the aws_eks_access_policy_association to make the dependency explicit.
If this is how these resources are intended to operate then the docs for aws_eks_access_policy_association should definitely give a complete example using a depends_on block to reference the associated aws_eks_access_entry resource as this is the only reliable way to create both resources at scale.
No response
None