fix: Add missing security group rule to allow workers to communicate …

…with the cluster API
devopsmakers · Mar 12, 2020 · 3f81efb · 3f81efb
1 parent 919c4a0
commit 3f81efb
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/modules/worker_groups/worker_groups.tf b/modules/worker_groups/worker_groups.tf
@@ -286,6 +286,17 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "cluster_https_workers_ingress" {
+  count                    = var.worker_create_security_group && var.create_eks ? 1 : 0
+  description              = "Allow pods to communicate with the EKS cluster API."
+  protocol                 = "tcp"
+  security_group_id        = var.cluster_security_group_id
+  source_security_group_id = local.worker_security_group_id
+  from_port                = 443
+  to_port                  = 443
+  type                     = "ingress"
+}
+
 resource "aws_iam_role" "worker_groups" {
   count                 = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
   name_prefix           = var.workers_role_name != "" ? null : var.cluster_name