Terraform AWS EKS security group issue

3
votes

I am deploying AWS EKS Cluster using a terraform script. Everything is deploying fine. But I am stuck in an issue with the security group. I have added two ports to allow ingress traffic to my application URL.

But the issue is that, after complete deployment of EKS cluster there is two security group created, one which I have created and other is created by EKS itself.

So here I have to manually add the port in EKS created security group to access my application's URL on the browser.

Here how I can add my specific ports in EKS created security group.

2
amazon-web-serviceskubernetesterraformaws-security-groupamazon-eks

2 Answers

1
votes

This value is accessible as an attribute of the eks_cluster resource under the vpc_config.cluster_security_group_id.

Using this value you could create a security_group_rule resource and pass in the ID you retrieve back from the above attribute.

0
votes

This can be solved using following code, add data block to import security group created by AWS EKS and add other resource block to define rules which you would like to implement.

Please keep in mind, you have to create separate rules for ingress and egress and you cannot combine these resources with inline rules definitions.


    # SG created by EKS
    data "aws_security_group" "imported_sg" {
      id = "sg-123456"
    }
    
    # SG Rule which you would like to add
    resource "aws_security_group_rule" "example" {
      type              = "ingress"
      from_port         = 0
      to_port           = 65535
      protocol          = "tcp"
      cidr_blocks       = ["10.0.0.0/16"]
    
      security_group_id = aws_security_group.imported_sg.id
    }

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group