diff --git a/README.md b/README.md
index 8100e93d952..0d3ae9a81ef 100644
--- a/README.md
+++ b/README.md
@@ -140,6 +140,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no |
 | worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `1025` | no |
 | workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys. | map | `{}` | no |
+| write\_aws\_auth\_config | Whether to write the aws-auth configmap file. | string | `true` | no |
 | write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `true` | no |
 
 ## Outputs
diff --git a/aws_auth.tf b/aws_auth.tf
index 50c6e86bd1b..7a7e3d8b148 100644
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -1,19 +1,32 @@
 resource "local_file" "config_map_aws_auth" {
   content  = "${data.template_file.config_map_aws_auth.rendered}"
   filename = "${var.config_output_path}config-map-aws-auth_${var.cluster_name}.yaml"
-  count    = "${var.manage_aws_auth ? 1 : 0}"
+  count    = "${var.write_aws_auth_config ? 1 : 0}"
 }
 
 resource "null_resource" "update_config_map_aws_auth" {
   depends_on = ["aws_eks_cluster.this"]
 
   provisioner "local-exec" {
-    command     = "for i in {1..5}; do kubectl apply -f ${var.config_output_path}config-map-aws-auth_${var.cluster_name}.yaml --kubeconfig ${var.config_output_path}kubeconfig_${var.cluster_name} && break || sleep 10; done"
+    working_dir = "${path.module}"
+
+    command = <<EOS
+mkfifo aws_auth_configmap kube_config & \
+for i in {1..5}; do \
+echo "${null_resource.update_config_map_aws_auth.triggers.kube_config_map_rendered}" > kube_config & \
+echo "${null_resource.update_config_map_aws_auth.triggers.config_map_rendered}" > aws_auth_configmap & \
+kubectl apply -f aws_auth_configmap --kubeconfig kube_config && break || \
+sleep 10; \
+done; \
+rm -f aws_auth_configmap kube_config;
+EOS
+
     interpreter = ["${var.local_exec_interpreter}"]
   }
 
   triggers {
-    config_map_rendered = "${data.template_file.config_map_aws_auth.rendered}"
+    kube_config_map_rendered = "${data.template_file.kubeconfig.rendered}"
+    config_map_rendered      = "${data.template_file.config_map_aws_auth.rendered}"
   }
 
   count = "${var.manage_aws_auth ? 1 : 0}"
diff --git a/variables.tf b/variables.tf
index c17ad5582f2..b347bb1e8c2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -23,7 +23,12 @@ variable "write_kubeconfig" {
 }
 
 variable "manage_aws_auth" {
-  description = "Whether to write and apply the aws-auth configmap file."
+  description = "Whether to apply the aws-auth configmap file."
+  default     = true
+}
+
+variable "write_aws_auth_config" {
+  description = "Whether to write the aws-auth configmap file."
   default     = true
 }