fix: Disable creation of cluster security group rules that map to node security group when create_node_security_group = false (#2274)

* fix: Disable creation of cluster security group rules that map to node security group when `create_node_security_group` = `false` * feat: Update Fargate example to run only Fargate and show disabling of both cluster and node security groups * fix: Ensure CoreDNS changes are made ahead of install
2026-03-21 00:49:06 +01:00 · 2022-10-14 09:16:57 -04:00
parent 8dc5ad4478
commit 28ccecefe2
5 changed files with 178 additions and 60 deletions
--- a/main.tf
+++ b/main.tf
@@ -128,7 +128,8 @@ locals {

  cluster_security_group_id = local.create_cluster_sg ? aws_security_group.cluster[0].id : var.cluster_security_group_id

-  cluster_security_group_rules = {
+  # Do not add rules to node security group if the module is not creating it
+  cluster_security_group_rules = local.create_node_sg ? {
    ingress_nodes_443 = {
      description                = "Node groups to cluster API"
      protocol                   = "tcp"
@@ -153,7 +154,7 @@ locals {
      type                       = "egress"
      source_node_security_group = true
    }
-  }
+  } : {}
 }

 resource "aws_security_group" "cluster" {