github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-18 07:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add ability to use Security Groups as source for private endpoint access (#1274)

Browse Source 
BREAKING CHANGES: The private endpoint security group rule has been renamed to allow the use of CIDR blocks and Security Groups as source. This will delete the `cluster_private_access` Security Group Rule for existing cluster. Please rename by `aws_security_group_rule.cluster_private_access[0]` into `aws_security_group_rule.cluster_private_access_cidrs_source[0]`.

Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
This commit is contained in:
Marc Haase
2021-05-28 05:56:02 -07:00
committed by GitHub
parent fcc2fdc993
commit 796cbead2f
3 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cluster.tf
View File

@@ -87,6 +87,28 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
type = "ingress"
}
resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_cidrs != null ? 1 : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = var.cluster_endpoint_private_access_cidrs
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}
resource "aws_security_group_rule" "cluster_private_access_sg_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_sg != null ? length(var.cluster_endpoint_private_access_sg) : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
source_security_group_id = var.cluster_endpoint_private_access_sg[count.index]
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}
resource "aws_security_group_rule" "cluster_private_access" {
description = "Allow private K8S API ingress from custom source."
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access ? 1 : 0