Always add var.security_groups to launch template if provided (#77)

cvittoriasona · cloudpossebot · jamengual · web-flow · commit 813c88fdc18f · 2021-07-30T11:01:52.000-07:00
* If sg's are passed in to var.security_groups, always add them to the lt along with cluster sg

* Auto Format

Co-authored-by: cloudpossebot &lt;11232728+cloudpossebot@users.noreply.github.com&gt;
Co-authored-by: PePe Amengual &lt;jose.amengual@gmail.com&gt;
diff --git a/launch-template.tf b/launch-template.tf
@@ -37,10 +37,16 @@ locals {
 
   launch_template_ami = length(local.configured_ami_image_id) == 0 ? (local.features_require_ami ? data.aws_ami.selected[0].image_id : "") : local.configured_ami_image_id
 
-  launch_template_vpc_security_group_ids = (
-    local.need_remote_access_sg ?
-    concat(data.aws_eks_cluster.this[0].vpc_config[*].cluster_security_group_id, module.security_group.*.id, var.security_groups) : []
-  )
+  launch_template_vpc_security_group_ids = distinct(concat(
+    (
+      local.need_remote_access_sg ?
+      concat(data.aws_eks_cluster.this[0].vpc_config[*].cluster_security_group_id, module.security_group.*.id) : []
+    ),
+    (
+      local.add_sgs_to_cluster_default ?
+      concat(var.security_groups, data.aws_eks_cluster.this[0].vpc_config[*].cluster_security_group_id) : []
+    )
+  ))
 
   # launch_template_key = join(":", coalescelist(local.launch_template_vpc_security_group_ids, ["closed"]))
 }
diff --git a/main.tf b/main.tf
@@ -9,7 +9,8 @@ locals {
   features_require_launch_template = local.enabled ? length(var.resources_to_tag) > 0 || local.need_userdata || local.features_require_ami || local.need_imds_settings : false
   remote_access_enabled            = local.enabled && var.remote_access_enabled
   need_remote_access_sg            = local.generate_launch_template && local.remote_access_enabled
-  get_cluster_data                 = local.enabled ? (local.need_cluster_kubernetes_version || local.need_bootstrap || local.need_remote_access_sg) : false
+  add_sgs_to_cluster_default       = local.enabled && length(var.security_groups) > 0 ? true : false
+  get_cluster_data                 = local.enabled ? (local.need_cluster_kubernetes_version || local.need_bootstrap || local.need_remote_access_sg || local.add_sgs_to_cluster_default) : false
   autoscaler_enabled               = var.enable_cluster_autoscaler != null ? var.enable_cluster_autoscaler : var.cluster_autoscaler_enabled == true
   #
   # Set up tags for autoscaler and other resources
