An example using terraform templatefile with Helm

aws-vpc-cni.yaml.tpl

zones:
%{ for subnet in subnets ~}
- name: ${subnet.availability_zone}
  subnetID: ${subnet.id}
%{ endfor ~}
securityGroupIDs:
%{ for sg in security_groups ~}
- ${sg}
%{ endfor ~}
env:
  AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: ${enable_custom_config}

ENIConfig.yaml

{{- range .Values.zones }}
---
apiVersion: crd.k8s.amazonaws.com/v1alpha1
kind: ENIConfig
metadata:
  name: {{ .name }}
spec:
  subnet: {{ .subnetID }}
  securityGroups:
  {{- range $.Values.securityGroupIDs }}
    - {{ . }}
  {{- end }}
{{- end }}

helm_relase_example.tf

resource "helm_release" "aws_vpc_cni" {
  name       = "aws-vpc-cni"
  repository = "${path.module}/charts"
  chart      = "aws-vpc-cni"
  namespace  = "kube-system"

  values = [templatefile("${path.module}/templates/aws-vpc-cni.yaml.tpl", {
    subnets              = data.aws_subnet.secondary_cidr.*,
    security_groups      = [ module.eks.security_group_rule_cluster_https_worker_ingress[0].source_security_group_id ],
    enable_custom_config = true
  })]

  depends_on = [
    null_resource.aws_vpc_cni_relabel
  ]
}

yaml-into-values.tf

resource "helm_release" "metric_server" {
  name       = "metric-server"
  repository = "https://kubernetes-charts.storage.googleapis.com"
  chart      = "metrics-server"
  namespace  = "kube-system"
  version    = "2.11.1"

  values = [<<EOF
args: [ "--kubelet-preferred-address-types=InternalIP" ]
EOF
  ]

  depends_on = [
    helm_release.aws_vpc_cni
  ]
}