Set additional cluster sg rules configurable (#62)

quortex · Apr 15, 2024 · 9064729 · 9064729
1 parent 18942b9
commit 9064729
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -89,6 +89,21 @@ resource "aws_eks_cluster" "quortex" {
   ]
 }
 
+resource "aws_security_group_rule" "cluster_security_group_additional" {
+  for_each = var.cluster_security_group_additional_rules
+
+  security_group_id        = aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id
+  description              = each.value.description
+  protocol                 = each.value.protocol
+  type                     = each.value.type
+  from_port                = each.value.from_port
+  to_port                  = each.value.to_port
+  cidr_blocks              = each.value.cidr_blocks
+  ipv6_cidr_blocks         = each.value.ipv6_cidr_blocks
+  prefix_list_ids          = each.value.prefix_list_ids
+  source_security_group_id = each.value.source_security_group_id
+}
+
 data "tls_certificate" "quortex_cluster" {
   url = aws_eks_cluster.quortex.identity[0].oidc[0].issuer
 }

diff --git a/variables.tf b/variables.tf
@@ -302,3 +302,19 @@ variable "aws_auth_accounts" {
   type        = list(any)
   default     = []
 }
+
+variable "cluster_security_group_additional_rules" {
+  description = "Additional rules for cluster security group."
+  type = map(object({
+    description              = optional(string)
+    protocol                 = string
+    type                     = string
+    from_port                = number
+    to_port                  = number
+    cidr_blocks              = optional(list(string))
+    ipv6_cidr_blocks         = optional(list(string))
+    prefix_list_ids          = optional(list(string))
+    source_security_group_id = optional(string)
+  }))
+  default = {}
+}