From 752c1836786f4c4ca657b0864d691ec436ed4a6d Mon Sep 17 00:00:00 2001
From: Sungho Spark <73847248+sunghospark-calm@users.noreply.github.com>
Date: Mon, 6 Sep 2021 04:40:50 -0700
Subject: [PATCH] fix: Worker security group handling when
 worker_create_security_group=false (#1461)

---
 cluster.tf                             | 2 +-
 modules/node_groups/launch_template.tf | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cluster.tf b/cluster.tf
index 4e5086c..e35d8e8 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -80,7 +80,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.cluster_create_security_group && var.create_eks ? 1 : 0
+  count                    = var.cluster_create_security_group && var.create_eks && var.worker_create_security_group ? 1 : 0
   description              = "Allow pods to communicate with the EKS cluster API."
   protocol                 = "tcp"
   security_group_id        = local.cluster_security_group_id
diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
index 40bcf17..84fa755 100644
--- a/modules/node_groups/launch_template.tf
+++ b/modules/node_groups/launch_template.tf
@@ -52,7 +52,7 @@ resource "aws_launch_template" "workers" {
   network_interfaces {
     associate_public_ip_address = lookup(each.value, "public_ip", null)
     delete_on_termination       = lookup(each.value, "eni_delete", null)
-    security_groups = flatten([
+    security_groups = compact(flatten([
       var.worker_security_group_id,
       var.worker_additional_security_group_ids,
       lookup(
@@ -60,7 +60,7 @@ resource "aws_launch_template" "workers" {
         "additional_security_group_ids",
         null,
       ),
-    ])
+    ]))
   }
 
   # if you want to use a custom AMI