Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vpc_security_group_ids parameter is ignored #1452

Closed
2 tasks done
meakbiyik opened this issue Feb 23, 2023 · 2 comments
Closed
2 tasks done

vpc_security_group_ids parameter is ignored #1452

meakbiyik opened this issue Feb 23, 2023 · 2 comments

Comments

@meakbiyik
Copy link

meakbiyik commented Feb 23, 2023
edited
Loading

Description

  • ✋ I have searched the open/closed issues and my issue is not listed.
  • reinitialized terraform directory

Versions

  • Module version [Required]:

  • Terraform version:
    Terraform v1.3.7
    on windows_amd64

  • Provider version(s):

  • provider registry.terraform.io/gavinbunney/kubectl v1.14.0
  • provider registry.terraform.io/hashicorp/aws v4.53.0
  • provider registry.terraform.io/hashicorp/cloudinit v2.2.0
  • provider registry.terraform.io/hashicorp/helm v2.8.0
  • provider registry.terraform.io/hashicorp/kubernetes v2.17.0
  • provider registry.terraform.io/hashicorp/local v2.3.0
  • provider registry.terraform.io/hashicorp/null v3.2.1
  • provider registry.terraform.io/hashicorp/random v3.4.3
  • provider registry.terraform.io/hashicorp/time v0.9.1
  • provider registry.terraform.io/hashicorp/tls v4.0.4
  • provider registry.terraform.io/terraform-aws-modules/http v2.4.1

Reproduction Code [Required]

resource "aws_security_group" "ingress_sg" {
  name_prefix = "ingress"
  description = "inbound rules"
  vpc_id      = module.vpc.vpc_id
  ingress {
    protocol    = "tcp"
    from_port   = 8000
    to_port     = 8000
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
}

module "eks_blueprints" {
  source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.22.0"

  cluster_name    = local.cluster_name
  cluster_version = "1.24"

  vpc_id             = module.vpc.vpc_id
  private_subnet_ids = module.vpc.private_subnets
  cluster_endpoint_public_access = true
  managed_node_groups = {
    node_groups = {
      node_group_name = "node_group"
      ami_type = "AL2_ARM_64"
      capacity_type = "ON_DEMAND"

      instance_types = [
        "c6g.xlarge"
      ]

      min_size     = 1
      max_size     = 10
      desired_size = 1

      subnet_ids      = module.vpc.public_subnets
      vpc_security_group_ids = [
        "${aws_security_group.ingress_sg.id}"
      ]
    }
  }
}

Steps to reproduce the behavior:

Adding or removing the segment

      vpc_security_group_ids = [
        "${aws_security_group.ingress_sg.id}"
      ]

does not trigger any change in the plan, it reports "No changes. Your infrastructure matches the configuration."

Expected behaviour

External security group is applied to the managed node group.

Actual behaviour

Security group is successfully created, but is not applied.
@meakbiyik
Copy link
Author

I believe this is related to #328, but I am still keeping it open because this seems like a somewhat trivial addition to managed_ng resource.

@dumitraand dumitraand mentioned this issue Feb 27, 2023
Closed
4 tasks
@bryantbiggs
Copy link
Contributor

Thank you but please see #1421 - we will be removing support for creation of cluster resources soon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Take into account vpc_security_group_ids dumitraand/terraform-aws-eks-blueprints
2 participants
@bryantbiggs @meakbiyik