diff --git a/.changelog/36484.txt b/.changelog/36484.txt
new file mode 100644
index 000000000000..6c2f325339ed
--- /dev/null
+++ b/.changelog/36484.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_eks_access_entry: Always send `kubernetes_groups` and `user_name` values on update when configured
+```
diff --git a/internal/service/eks/access_entry.go b/internal/service/eks/access_entry.go
index a3c42ab8a261..c99768c1f89a 100644
--- a/internal/service/eks/access_entry.go
+++ b/internal/service/eks/access_entry.go
@@ -183,13 +183,8 @@ func resourceAccessEntryUpdate(ctx context.Context, d *schema.ResourceData, meta
 			PrincipalArn: aws.String(principalARN),
 		}
 
-		if d.HasChange("kubernetes_groups") {
-			input.KubernetesGroups = flex.ExpandStringValueSet(d.Get("kubernetes_groups").(*schema.Set))
-		}
-
-		if d.HasChange("user_name") {
-			input.Username = aws.String(d.Get("user_name").(string))
-		}
+		input.KubernetesGroups = flex.ExpandStringValueSet(d.Get("kubernetes_groups").(*schema.Set))
+		input.Username = aws.String(d.Get("user_name").(string))
 
 		_, err = conn.UpdateAccessEntry(ctx, input)
 
diff --git a/internal/service/eks/access_entry_test.go b/internal/service/eks/access_entry_test.go
index 9ba3e9c3c930..f80c7f2a7682 100644
--- a/internal/service/eks/access_entry_test.go
+++ b/internal/service/eks/access_entry_test.go
@@ -236,6 +236,8 @@ func TestAccEKSAccessEntry_username(t *testing.T) {
 				Config: testAccAccessEntryConfig_username(rName, "user1"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAccessEntryExists(ctx, resourceName, &accessentry),
+					resource.TestCheckResourceAttr(resourceName, "kubernetes_groups.#", "1"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "kubernetes_groups.*", "ae-test"),
 					resource.TestCheckResourceAttr(resourceName, "type", "STANDARD"),
 					resource.TestCheckResourceAttr(resourceName, "user_name", "user1"),
 				),
@@ -249,6 +251,8 @@ func TestAccEKSAccessEntry_username(t *testing.T) {
 				Config: testAccAccessEntryConfig_username(rName, "user2"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAccessEntryExists(ctx, resourceName, &accessentry),
+					resource.TestCheckResourceAttr(resourceName, "kubernetes_groups.#", "1"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "kubernetes_groups.*", "ae-test"),
 					resource.TestCheckResourceAttr(resourceName, "type", "STANDARD"),
 					resource.TestCheckResourceAttr(resourceName, "user_name", "user2"),
 				),
@@ -528,6 +532,8 @@ resource "aws_eks_access_entry" "test" {
 
   type      = "STANDARD"
   user_name = %[2]q
+
+  kubernetes_groups = ["ae-test"]
 }
 `, rName, username))
 }