github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-17 23:13:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Remove duplicated security group rule for EKS private access endpoint (#1412)

Browse Source 
NOTES: In this bug fix, we remove a duplicated security rule introduced during a merge conflict resolution in [#1274](https://github.com/terraform-aws-modules/terraform-aws-eks/pull/1274)
This commit is contained in:
Thierno IB. BARRY
2021-05-28 21:11:02 +02:00
committed by GitHub
parent 2df401fe7f
commit 1d848b56bf
3 changed files with 4 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cluster.tf
View File

@@ -89,6 +89,7 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_cidrs != null ? 1 : 0
description = "Allow private K8S API ingress from custom CIDR source."
type = "ingress"
from_port = 443
to_port = 443
@@ -100,6 +101,7 @@ resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {
resource "aws_security_group_rule" "cluster_private_access_sg_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_sg != null ? length(var.cluster_endpoint_private_access_sg) : 0
description = "Allow private K8S API ingress from custom Security Groups source."
type = "ingress"
from_port = 443
to_port = 443
@@ -109,18 +111,6 @@ resource "aws_security_group_rule" "cluster_private_access_sg_source" {
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}
resource "aws_security_group_rule" "cluster_private_access" {
description = "Allow private K8S API ingress from custom source."
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access ? 1 : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = var.cluster_endpoint_private_access_cidrs
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}
resource "aws_iam_role" "cluster" {
count = var.manage_cluster_iam_resources && var.create_eks ? 1 : 0
name_prefix = var.cluster_iam_role_name != "" ? null : var.cluster_name