From 409d20e94f69e1eeb0d1f723aebdc9934a38bdc0 Mon Sep 17 00:00:00 2001
From: Brian Meneley <brianmeneley@gmail.com>
Date: Mon, 21 Jul 2025 17:17:50 -0300
Subject: [PATCH] fix(terraform): CKV_AWS_339 - Update supported EKS platform
 versions

Update list of supported EKS platform versions to include 1.33 and
remove versions that are no longer receiving extended support.
---
 checkov/terraform/checks/resource/aws/EKSPlatformVersion.py | 2 +-
 .../checks/resource/aws/example_EKSPlatformVersion/main.tf  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/checkov/terraform/checks/resource/aws/EKSPlatformVersion.py b/checkov/terraform/checks/resource/aws/EKSPlatformVersion.py
index dd3858c77d..78804868d9 100644
--- a/checkov/terraform/checks/resource/aws/EKSPlatformVersion.py
+++ b/checkov/terraform/checks/resource/aws/EKSPlatformVersion.py
@@ -25,7 +25,7 @@ def get_inspected_key(self) -> str:
 
     def get_expected_values(self) -> list[Any]:
         # https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html
-        return ["1.25", "1.26", "1.27", "1.28", "1.29", "1.30", "1.31", "1.32", "1.33"]
+        return ["1.28", "1.29", "1.30", "1.31", "1.32", "1.33"]
 
 
 check = EKSPlatformVersion()
diff --git a/tests/terraform/checks/resource/aws/example_EKSPlatformVersion/main.tf b/tests/terraform/checks/resource/aws/example_EKSPlatformVersion/main.tf
index bc7fb96fe5..f9589e1635 100644
--- a/tests/terraform/checks/resource/aws/example_EKSPlatformVersion/main.tf
+++ b/tests/terraform/checks/resource/aws/example_EKSPlatformVersion/main.tf
@@ -22,7 +22,7 @@ resource "aws_eks_cluster" "pass2" {
     subnet_ids = [aws_subnet.example1.id, aws_subnet.example2.id]
   }
 
-  version="1.25"
+  version = "1.33"
   # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
   # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
   depends_on = [
@@ -39,7 +39,7 @@ resource "aws_eks_cluster" "fail" {
     subnet_ids = [aws_subnet.example1.id, aws_subnet.example2.id]
   }
 
-  version="1.21"
+  version = "1.21"
 
   # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
   # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
@@ -47,4 +47,4 @@ resource "aws_eks_cluster" "fail" {
     aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
     aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
   ]
-}
\ No newline at end of file
+}