Last active
March 10, 2023 21:05
-
-
Save ngaffa/b835099c5d3ae7e5efa2c39a975da59b to your computer and use it in GitHub Desktop.
EKS and Launch Template with the adequate sg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example of creating EKS Cluster terraform resources | |
resource "aws_eks_cluster" "eks_cluster" { | |
name = var.cluster_name | |
role_arn = var.eks_master_role_arn | |
version = var.cluster_version | |
enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] | |
# Create a custome sg for other staff | |
vpc_config { | |
endpoint_private_access = true | |
endpoint_public_access = false | |
# This security will not work even if we attached it to the launch template of our node groups | |
security_group_ids = [aws_security_group.eks_controlplane_sg.id] | |
subnet_ids = local.subnet_ids_list | |
} | |
} | |
# In your launch template get the default sg created by EKS and attach it to your vpc security group | |
resource "aws_launch_template" "eks_ng_worker_canary_lc" { | |
name_prefix = "${aws_eks_cluster.eks_cluster.id}" | |
image_id = var.amazonlinux2 | |
# Attache the default sg of the cluster to the launch template | |
vpc_security_group_ids = [aws_eks_cluster.eks_cluster.vpc_config.0.cluster_security_group_id] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment