Fix resource tags and security groups

JoshVanL · JoshVanL · commit 174bf2d76c23 · 2019-04-10T22:25:12.000+01:00
Signed-off-by: JoshVanL &lt;vleeuwenjoshua@gmail.com&gt;
diff --git a/demo/infrastructure/modules/amazon-cluster/security_groups.tf b/demo/infrastructure/modules/amazon-cluster/security_groups.tf
@@ -36,11 +36,12 @@ resource "aws_security_group" "cluster-node" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
-  tags = {
-    Name = "cluster-${var.suffix}"
-
-    "kubernetes.io/cluster/cluster-${var.suffix}" = "owned"
-  }
+  tags = "${
+    map(
+     "Name", "cluster-${var.suffix}",
+     "kubernetes.io/cluster/cluster-${var.suffix}", "owned",
+    )
+  }"
 }
 
 resource "aws_security_group_rule" "cluster-node-ingress-self" {
@@ -58,11 +59,20 @@ resource "aws_security_group_rule" "cluster-node-ingress-cluster" {
   from_port                = 1025
   protocol                 = "tcp"
   security_group_id        = "${aws_security_group.cluster-node.id}"
-  source_security_group_id = "${aws_security_group.cluster-node.id}"
+  source_security_group_id = "${aws_security_group.cluster.id}"
   to_port                  = 65535
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "cluster-ingress-node-https" {
+  description              = "Allow pods to communicate with the cluster API Server"
+  from_port                = 443
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.cluster.id}"
+  source_security_group_id = "${aws_security_group.cluster-node.id}"
+  to_port                  = 443
+  type                     = "ingress"
+}
 
 resource "aws_security_group_rule" "cluster-ingress-workstation-https" {
   cidr_blocks       = ["${local.workstation-external-cidr}"]
diff --git a/demo/infrastructure/modules/amazon-cluster/vpc.tf b/demo/infrastructure/modules/amazon-cluster/vpc.tf
@@ -3,11 +3,12 @@ data "aws_availability_zones" "available" {}
 resource "aws_vpc" "cluster" {
   cidr_block = "10.0.0.0/16"
 
-  tags = {
-    Name = "cluster-${var.suffix}"
-
-    "kubernetes.io/cluster/cluster-${var.suffix}" = "shared"
-  }
+  tags = "${
+    map(
+     "Name", "cluster-${var.suffix}",
+     "kubernetes.io/cluster/cluster-${var.suffix}", "shared",
+    )
+  }"
 }
 
 resource "aws_subnet" "cluster" {
@@ -17,11 +18,12 @@ resource "aws_subnet" "cluster" {
   cidr_block        = "10.0.${count.index}.0/24"
   vpc_id            = "${aws_vpc.cluster.id}"
 
-  tags = {
-    Name = "cluster-${var.suffix}"
-
-    "kubernetes.io/cluster/cluster-${var.suffix}" = "shared"
-  }
+  tags = "${
+    map(
+     "Name", "cluster-${var.suffix}",
+     "kubernetes.io/cluster/cluster-${var.suffix}", "shared",
+    )
+  }"
 }
 
 resource "aws_internet_gateway" "cluster" {
