fix: Worker security group handling when worker_create_security_group=false (#1461)

sunghospark-calm · web-flow · commit 752c1836786f · 2021-09-06T13:40:50.000+02:00
diff --git a/cluster.tf b/cluster.tf
@@ -80,7 +80,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.cluster_create_security_group && var.create_eks ? 1 : 0
+  count                    = var.cluster_create_security_group && var.create_eks && var.worker_create_security_group ? 1 : 0
   description              = "Allow pods to communicate with the EKS cluster API."
   protocol                 = "tcp"
   security_group_id        = local.cluster_security_group_id
diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
@@ -52,15 +52,15 @@ resource "aws_launch_template" "workers" {
   network_interfaces {
     associate_public_ip_address = lookup(each.value, "public_ip", null)
     delete_on_termination       = lookup(each.value, "eni_delete", null)
-    security_groups = flatten([
+    security_groups = compact(flatten([
       var.worker_security_group_id,
       var.worker_additional_security_group_ids,
       lookup(
         each.value,
         "additional_security_group_ids",
         null,
       ),
-    ])
+    ]))
   }
 
   # if you want to use a custom AMI

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`resource "aws_security_group_rule" "cluster_https_worker_ingress" {`
`83`		`- count = var.cluster_create_security_group && var.create_eks ? 1 : 0`
	`83`	`+ count = var.cluster_create_security_group && var.create_eks && var.worker_create_security_group ? 1 : 0`
`84`	`84`	`description = "Allow pods to communicate with the EKS cluster API."`
`85`	`85`	`protocol = "tcp"`
`86`	`86`	`security_group_id = local.cluster_security_group_id`