Don't create ingress rule if worker security group exists (#715)

2026-03-21 17:09:04 +01:00 · 2020-01-28 16:34:55 +01:00
parent 905d9f05a9
commit de90ff5d3a
2 changed files with 2 additions and 1 deletions
--- a/cluster.tf
+++ b/cluster.tf
@@ -74,7 +74,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }

 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.create_eks ? 1 : 0
+  count                    = var.worker_security_group_id == "" && var.create_eks ? 1 : 0
  description              = "Allow pods to communicate with the EKS cluster API."
  protocol                 = "tcp"
  security_group_id        = local.cluster_security_group_id