Add support for eks endpoint_private_access and endpoint_public_access (#314)

stijndehaes · max-rocket-internet · commit 806edb600187 · 2019-03-25T12:05:32.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 
+- Added support for eks public and private endpoints (by @stijndehaes)
 - Write your awesome addition here (by @you)
 - Added minimum inbound traffic rule to the cluster worker security group as per the [EKS security group requirements](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) (by @sc250024)
 
diff --git a/cluster.tf b/cluster.tf
@@ -4,8 +4,10 @@ resource "aws_eks_cluster" "this" {
   version  = "${var.cluster_version}"
 
   vpc_config {
-    security_group_ids = ["${local.cluster_security_group_id}"]
-    subnet_ids         = ["${var.subnets}"]
+    security_group_ids      = ["${local.cluster_security_group_id}"]
+    subnet_ids              = ["${var.subnets}"]
+    endpoint_private_access = "${var.cluster_endpoint_private_access}"
+    endpoint_public_access  = "${var.cluster_endpoint_public_access}"
   }
 
   timeouts {
diff --git a/variables.tf b/variables.tf
@@ -241,3 +241,13 @@ variable "iam_path" {
   description = "If provided, all IAM roles will be created on this path."
   default     = "/"
 }
+
+variable "cluster_endpoint_private_access" {
+  description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled."
+  default     = false
+}
+
+variable "cluster_endpoint_public_access" {
+  description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled."
+  default     = true
+}
