feat(eks): add support overwriteServiceAccount prop in service account construct

[aemada-aws]

Issue # (if applicable)

Reason for this change

Add support for passing overwrite to the K8Manifest resource which doesn't fail if resource exists.
This feature is needed for migrating from v1 to v2 without temporarily losing the service account.

Description of changes

Add overwriteServiceAccount prop to ServiceAccount + AlbController in EKS v1 and v2.

Describe any new or updated permissions being added

None

Description of how you validated changes

Integ + unit test

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ☑️	Skipped	Failed ❌️
Security Guardian Results	96 ran	95 passed		1 failed

Test	Result
Security Guardian Results
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json
iam-no-overly-permissive-passrole.guard	❌ failure

• View Security Guardian Results

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ☑️	Skipped	Failed ❌️
Security Guardian Results with resolved templates	96 ran	94 passed		2 failed

Test	Result
Security Guardian Results with resolved templates
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json
iam-role-root-principal-needs-conditions.guard	❌ failure
packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json
iam-role-root-principal-needs-conditions.guard	❌ failure

• View Security Guardian Results with resolved templates

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Merge Queue Status

🚫 The pull request has left the queue (rule: default-squash) at 844cc38

This pull request spent 58 minutes 21 seconds in the queue, with no time running CI.

Reason

The pull request can't be updated

merge conflict between base and head

Hint

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[alvazjor]

@Mergifyio requeue

[mergify]

requeue

✅ This pull request will be embarked automatically

Details

The head sha of this pull request, 0bdca75, was never embarked in the merge queue.

But don't worry, Mergify will embark it automatically for you.

[mergify]

queue

🛑 There are no queue conditions matching

Details

There are queue conditions defined in the configuration, but none matches. The pull request has not been embarked.

Details:

• Queue default-merge:

• -closed
• -merged
• label~=no-squash
• #approved-reviews-by>=1
• #changes-requested-reviews-by=0
• -approved-reviews-by~=author
• -label~=(blocked|do-not-merge)
• -title~=(WIP|wip)
• check-success=build
• check-success=validate-pr
• any of:
  • -label~=pr/needs-integration-tests-deployment
  • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)

• Queue priority-squash:

• -closed
• -merged
• label~=priority-pr
• #approved-reviews-by>=1
• #changes-requested-reviews-by=0
• -approved-reviews-by~=author
• -label~=(blocked|do-not-merge|no-squash)
• -title~=(WIP|wip)
• base!=release
• check-success=build
• check-success=validate-pr
• any of:
  • -label~=pr/needs-integration-tests-deployment
  • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)

• Queue default-squash:

• -closed
• -merged
• #approved-reviews-by>=1
• #changes-requested-reviews-by=0
• -approved-reviews-by~=author
• -label~=(blocked|do-not-merge|no-squash|priority-pr)
• -title~=(WIP|wip)
• base!=release
• check-success=build
• check-success=validate-pr
• any of:
  • -label~=pr/needs-integration-tests-deployment
  • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)

[mergify]

Merge Queue Status

🛑 Queue command has been cancelled

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Merge Queue Status

✅ The pull request has been merged at 0bdca75

This pull request spent 9 seconds in the queue, with no time running CI.
The checks were run in-place.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • feat(eks): add support overwriteServiceAccount prop in service account construct #36751
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • feat(eks): add support overwriteServiceAccount prop in service account construct #36751
• any of [🛡 GitHub branch protection]:
  • check-success = validate-pr
  • check-neutral = validate-pr
  • check-skipped = validate-pr
• any of [🛡 GitHub branch protection]:
  • check-success = build
  • check-neutral = build
  • check-skipped = build

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.