Allow additional security groups to be included in worker launch configurations (#112)

* Allow additional security groups to be included for all workers and each worker group #47 * update changelog with reference to issue and be more descriptive * Update CHANGELOG.md * address pr comments and rebase * rebase * fix bug introduced by PR#115 that sets the AMI id to the default value of "" always * rebase * align default value of additional_security_group_ids to be pulled from local var workers_group_defaults_defaults
2026-03-21 17:09:04 +01:00 · 2018-09-04 10:09:24 -05:00
parent da6ff7d151
commit 0180644770
6 changed files with 99 additions and 35 deletions
--- a/examples/eks_test_fixture/main.tf
+++ b/examples/eks_test_fixture/main.tf
@@ -36,10 +36,15 @@ locals {
  # )}"

  worker_groups = "${list(
-                  map("instance_type","t2.small",
-                      "additional_userdata","echo foo bar",
-                      "subnets", "${join(",", module.vpc.private_subnets)}",
-                      ),
+    map("instance_type","t2.small",
+      "additional_userdata","echo foo bar",
+      "subnets", "${join(",", module.vpc.private_subnets)}",
+    ),
+    map("instance_type","t2.small",
+      "additional_userdata","echo foo bar",
+      "subnets", "${join(",", module.vpc.private_subnets)}",
+      "additional_security_group_ids", "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
+    )
  )}"
  tags = "${map("Environment", "test",
                "GithubRepo", "terraform-aws-eks",
@@ -53,6 +58,54 @@ resource "random_string" "suffix" {
  special = false
 }

+resource "aws_security_group" "worker_group_mgmt_one" {
+  name_prefix = "worker_group_mgmt_one"
+  description = "SG to be applied to all *nix machines"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}
+
+resource "aws_security_group" "worker_group_mgmt_two" {
+  name_prefix = "worker_group_mgmt_two"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "all_worker_mgmt" {
+  name_prefix = "all_worker_management"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+      "172.16.0.0/12",
+      "192.168.0.0/16",
+    ]
+  }
+}
+
 module "vpc" {
  source             = "terraform-aws-modules/vpc/aws"
  version            = "1.14.0"
@@ -67,14 +120,15 @@ module "vpc" {
 }

 module "eks" {
-  source             = "../.."
-  cluster_name       = "${local.cluster_name}"
-  subnets            = ["${module.vpc.private_subnets}"]
-  tags               = "${local.tags}"
-  vpc_id             = "${module.vpc.vpc_id}"
-  worker_groups      = "${local.worker_groups}"
-  worker_group_count = "1"
-  map_roles          = "${var.map_roles}"
-  map_users          = "${var.map_users}"
-  map_accounts       = "${var.map_accounts}"
+  source                               = "../.."
+  cluster_name                         = "${local.cluster_name}"
+  subnets                              = ["${module.vpc.private_subnets}"]
+  tags                                 = "${local.tags}"
+  vpc_id                               = "${module.vpc.vpc_id}"
+  worker_groups                        = "${local.worker_groups}"
+  worker_group_count                   = "2"
+  worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
+  map_roles                            = "${var.map_roles}"
+  map_users                            = "${var.map_users}"
+  map_accounts                         = "${var.map_accounts}"
 }