Skip to main content

Upgrade Wayfinder


Please note that the instructions on this page are only for upgrading Wayfinder and the cluster it runs within. See how you can upgrade Kubernetes Clusters and Packages by visiting the relevant documentation sections.

You can upgrade Wayfinder for:

  • Terraform Module installs
  • AWS Marketplace (if you used the installer from AWS Marketplace)
  • Azure Marketplace (if you used the installer from Azure Marketplace)

You must update Wayfinder's cloud access permissions after an upgrade or re-install, otherwise it could result in access failures for existing linked cloud accounts. See Update Wayfinder's cloud access below.

Upgrade Wayfinder

To upgrade Wayfinder:

  1. Identify the latest release of Wayfinder you wish to update to:

  2. Check the release notes for any breaking changes or required updates to make.

  3. Update the Wayfinder module version in your Terraform code to the latest release:

    module "wayfinder" {
    source = ""
  4. Make any other required Terraform changes as mentioned in the release notes.

  5. Run a terraform plan and terraform apply as per the install instructions.

Update Wayfinder's cloud access


You must follow this procedure after you complete an upgrade or re-install.

After upgrading Wayfinder, it is essential any new cloud permissions required are updated to ensure:

  • New Wayfinder features can work
  • Any improvement in access rights to existing features are maintained

To update Wayfinder's cloud access permissions:

  1. Check the current version of Wayfinder you are running:
    wf version --server
  2. Identify the matching release version of the Wayfinder Terraform Module for the relevant Cloud provider:
  3. Update the Wayfinder Cloud Access module version in your Terraform code to the latest release:
    module "wayfinder_cloudaccess_myworkspace_nonprod" {
    source = ""
  4. Run a terraform plan and terraform apply as per your normal Terraform workflow.

Frequently Asked Questions

When attempting to upgrade Wayfinder on EKS, I get a failure to authenticate to the EKS Cluster

When Wayfinder is installed on an AWS EKS cluster, the IAM Role used for the installation is automatically added within the EKS aws-auth ConfigMap, which enables access to the EKS API endpoint. If you are performing an upgrade or need to access the EKS Management Cluster (e.g. for debugging, troubleshooting, providing logs to Appvia Support), you need to use the same IAM Role used for the original installation, or alternatively add the IAM Role you are using to the aws-auth ConfigMap.

To add a new IAM Role to the aws-auth ConfigMap:

  1. Add a trust policy to the original IAM Role used to perform the Wayfinder installation:
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:root"
"Action": "sts:AssumeRole"
  1. Assume the above IAM Role:
aws sts assume-role --role-arn <AWS_IAM_ROLE_ARN> --role-session-name admin
  1. Add the IAM Role to the aws-auth ConfigMap, example below is using the eksctl CLI:
eksctl create iamidentitymapping \
--region <AWS_REGION> \
--cluster <EKS_CLUSTER_NAME> \
--arn <AWS_IAM_ROLE_ARN> \
--username <AWS_IAM_ROLE_NAME> \
--group system:masters \
  1. Use your initial IAM User / Role and run the following command to gain access to the EKS cluster:
aws eks update-kubeconfig --region <AWS_REGION> --name <EKS_CLUSTER_NAME>