From 806edb600187f3889041c54c62dbdf07744d1a4f Mon Sep 17 00:00:00 2001 From: Stijn De Haes Date: Mon, 25 Mar 2019 12:05:32 +0100 Subject: [PATCH] Add support for eks endpoint_private_access and endpoint_public_access (#314) --- CHANGELOG.md | 1 + cluster.tf | 6 ++++-- variables.tf | 10 ++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e53f3b3..9ff064a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/). ### Added +- Added support for eks public and private endpoints (by @stijndehaes) - Write your awesome addition here (by @you) - Added minimum inbound traffic rule to the cluster worker security group as per the [EKS security group requirements](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) (by @sc250024) diff --git a/cluster.tf b/cluster.tf index b4e55f6..48ef030 100644 --- a/cluster.tf +++ b/cluster.tf @@ -4,8 +4,10 @@ resource "aws_eks_cluster" "this" { version = "${var.cluster_version}" vpc_config { - security_group_ids = ["${local.cluster_security_group_id}"] - subnet_ids = ["${var.subnets}"] + security_group_ids = ["${local.cluster_security_group_id}"] + subnet_ids = ["${var.subnets}"] + endpoint_private_access = "${var.cluster_endpoint_private_access}" + endpoint_public_access = "${var.cluster_endpoint_public_access}" } timeouts { diff --git a/variables.tf b/variables.tf index d3d196d..588d42a 100644 --- a/variables.tf +++ b/variables.tf @@ -241,3 +241,13 @@ variable "iam_path" { description = "If provided, all IAM roles will be created on this path." default = "/" } + +variable "cluster_endpoint_private_access" { + description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled." + default = false +} + +variable "cluster_endpoint_public_access" { + description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled." + default = true +}