fix: Worker security group handling when worker_create_security_group=false (#1461)

2026-04-17 14:29:39 +02:00 · 2021-09-06 04:40:50 -07:00
parent 577e16d167
commit 752c183678
2 changed files with 3 additions and 3 deletions
--- a/cluster.tf
+++ b/cluster.tf
@@ -80,7 +80,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.cluster_create_security_group && var.create_eks ? 1 : 0
+  count                    = var.cluster_create_security_group && var.create_eks && var.worker_create_security_group ? 1 : 0
  description              = "Allow pods to communicate with the EKS cluster API."
  protocol                 = "tcp"
  security_group_id        = local.cluster_security_group_id
--- a/modules/node_groups/launch_template.tf
+++ b/modules/node_groups/launch_template.tf
@@ -52,7 +52,7 @@ resource "aws_launch_template" "workers" {
  network_interfaces {
    associate_public_ip_address = lookup(each.value, "public_ip", null)
    delete_on_termination       = lookup(each.value, "eni_delete", null)
-    security_groups = flatten([
+    security_groups = compact(flatten([
      var.worker_security_group_id,
      var.worker_additional_security_group_ids,
      lookup(
@@ -60,7 +60,7 @@ resource "aws_launch_template" "workers" {
        "additional_security_group_ids",
        null,
      ),
-    ])
+    ]))
  }
  # if you want to use a custom AMI