Skip to content

Commit

Permalink
fix: Remove duplicated security group rule for EKS private access end…
Browse files Browse the repository at this point in the history
…point (terraform-aws-modules#1412)

NOTES: In this bug fix, we remove a duplicated security rule introduced during a merge conflict resolution in [terraform-aws-modules#1274](terraform-aws-modules#1274)
  • Loading branch information
barryib authored and ArchiFleKs committed Jun 1, 2021
1 parent 311a797 commit 0c8c5b5
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 14 deletions.
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,6 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
| [aws_security_group_rule.cluster_egress_internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.cluster_https_worker_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.cluster_primary_ingress_workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.cluster_private_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.cluster_private_access_cidrs_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.cluster_private_access_sg_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.workers_egress_internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
Expand Down
14 changes: 2 additions & 12 deletions cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {

resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_cidrs != null ? 1 : 0
description = "Allow private K8S API ingress from custom CIDR source."
type = "ingress"
from_port = 443
to_port = 443
Expand All @@ -100,6 +101,7 @@ resource "aws_security_group_rule" "cluster_private_access_cidrs_source" {

resource "aws_security_group_rule" "cluster_private_access_sg_source" {
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access && var.cluster_endpoint_private_access_sg != null ? length(var.cluster_endpoint_private_access_sg) : 0
description = "Allow private K8S API ingress from custom Security Groups source."
type = "ingress"
from_port = 443
to_port = 443
Expand All @@ -109,18 +111,6 @@ resource "aws_security_group_rule" "cluster_private_access_sg_source" {
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}

resource "aws_security_group_rule" "cluster_private_access" {
description = "Allow private K8S API ingress from custom source."
count = var.create_eks && var.cluster_create_endpoint_private_access_sg_rule && var.cluster_endpoint_private_access ? 1 : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = var.cluster_endpoint_private_access_cidrs

security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}

resource "aws_iam_role" "cluster" {
count = var.manage_cluster_iam_resources && var.create_eks ? 1 : 0
name_prefix = var.cluster_iam_role_name != "" ? null : var.cluster_name
Expand Down
3 changes: 2 additions & 1 deletion data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ data "http" "wait_for_cluster" {

depends_on = [
aws_eks_cluster.this,
aws_security_group_rule.cluster_private_access,
aws_security_group_rule.cluster_private_access_sg_source,
aws_security_group_rule.cluster_private_access_cidrs_source,
]
}

0 comments on commit 0c8c5b5

Please sign in to comment.