Don't create ingress rule if worker security group exists (#715)

andjelx · max-rocket-internet · commit de90ff5d3a03 · 2020-01-28T16:34:55.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 ## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.1.0...HEAD)] - YYYY-MM-DD]
 
 - Include ability to configure custom os-specific command for waiting until kube cluster is healthy (@sanjeevgiri)
+- Disable creation of ingress rules if worker nodes security groups are exists (@andjelx)
 
 # History
 
diff --git a/cluster.tf b/cluster.tf
@@ -74,7 +74,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.create_eks ? 1 : 0
+  count                    = var.worker_security_group_id == "" && var.create_eks ? 1 : 0
   description              = "Allow pods to communicate with the EKS cluster API."
   protocol                 = "tcp"
   security_group_id        = local.cluster_security_group_id

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`resource "aws_security_group_rule" "cluster_https_worker_ingress" {`
`77`		`- count = var.create_eks ? 1 : 0`
	`77`	`+ count = var.worker_security_group_id == "" && var.create_eks ? 1 : 0`
`78`	`78`	`description = "Allow pods to communicate with the EKS cluster API."`
`79`	`79`	`protocol = "tcp"`
`80`	`80`	`security_group_id = local.cluster_security_group_id`