Skip to main content
View SourceRelease Notes

EKS Cluster Workers Cross Access Module

This Terraform Module creates reciprocating ingress security group rules for the ports that are provided, so that you can configure network access between separate ASG worker groups.

This module should be used when you have core services that can be scheduled on any of your available worker groups, and services on either group depend on them. For example, coredns is an essential service on EKS clusters that provide DNS capabilities within the Kubernetes cluster. coredns has tolerations such that it can be scheduled on any node. Therefore, you will typically want to ensure port 53 is available between all your worker pools. To allow port 53 access between all your worker groups, you can add the following module block:

module "allow_all_access_between_worker_pools" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-workers-cross-access?ref=v0.3.1"

# This should be the number of security groups in the list eks_worker_security_group_ids.
num_eks_worker_security_group_ids = 2

eks_worker_security_group_ids = [
# Include the security group ID of each worker group
]

ports = [
{
from_port = 53
to_port = 53
},
]
}

Note that this module will configure the security group rules to go both ways for each pair in the provided list. If you have more complex network topologies, you should manually construct the security group rules instead of using this module.

Reference

Required

eks_worker_security_group_idslist(string)required

The list of Security Group IDs for EKS workers that should have reciprocating ingress rules for the port information provided in ports. For each group in the list, there will be an ingress rule created for all ports provided for all the other groups in the list.

The number of Security Group IDs passed into the module. This should be equal to the length of the eks_worker_security_group_ids input list.

Optional

portslist(object(…))optional

The list of port ranges that should be allowed into the security groups.

list(object({
from_port = number
to_port = number
protocol = string
}))
[
{
from_port = 0,
protocol = "-1",
to_port = 0
}
]