Merge pull request openshift#7589 from r4f4/aws-sg-default-platform

OCPBUGS-20525: aws: use security groups from defaultMachinePlatform

Author: openshift-ci[bot]

pkg/asset/cluster/tfvars.go

@@ -280,12 +280,19 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			workerIAMRoleName = awsMP.IAMRole
 		}
 
+		var securityGroups []string
+		if mp := installConfig.Config.AWS.DefaultMachinePlatform; mp != nil {
+			securityGroups = mp.AdditionalSecurityGroupIDs
+		}
 		masterIAMRoleName := ""
 		if mp := installConfig.Config.ControlPlane; mp != nil {
 			awsMP := &aws.MachinePool{}
 			awsMP.Set(installConfig.Config.AWS.DefaultMachinePlatform)
 			awsMP.Set(mp.Platform.AWS)
 			masterIAMRoleName = awsMP.IAMRole
+			if len(awsMP.AdditionalSecurityGroupIDs) > 0 {
+				securityGroups = awsMP.AdditionalSecurityGroupIDs
+			}
 		}
 
 		// AWS Zones is used to determine which route table the edge zone will be associated.
@@ -294,13 +301,6 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			return err
 		}
 
-		var securityGroups []string
-		if mp := installConfig.Config.ControlPlane; mp != nil {
-			if mp.Platform.AWS != nil {
-				securityGroups = append(securityGroups, mp.Platform.AWS.AdditionalSecurityGroupIDs...)
-			}
-		}
-
 		data, err := awstfvars.TFVars(awstfvars.TFVarsSources{
 			VPC:                       vpc,
 			PrivateSubnets:            privateSubnets,