terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Patch for v17.20.0

Open schwichti opened this issue 3 years ago β€’ 2 comments

Hi, I am using an older version, i.e. 17.20.0 of this module. Currently, updating the module would take to long and I need a short-term patch to restrict the security group rule workers_ingress_self which "Allow node to communicate with each other.": see https://github.com/terraform-aws-modules/terraform-aws-eks/blob/v17.20.0/workers.tf#L399

What is the purpose of the rule? Why is it so permissive?

schwichti avatar Sep 22 '22 14:09 schwichti

Are these the security group rules that are currently used in the latest release https://github.com/terraform-aws-modules/terraform-aws-eks/blob/58285f37d1dfaacbf99055ed87f1be19cc39f5ad/node_groups.tf#L61 ? Is it possible to manually recreating such a security group and pass it to the module in version 17.20.0 via the variable worker_security_group_id ?

schwichti avatar Sep 22 '22 14:09 schwichti

We won't be releasing any additional changes for v17.x which was deprecated almost a year ago now

bryantbiggs avatar Sep 23 '22 11:09 bryantbiggs

I want to patch it myself, but I would need guidance. The rule currently allows all protocols on all ports. I do not know how to restrict traffic without breaking anything.

schwichti avatar Sep 26 '22 13:09 schwichti

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Nov 08 '22 02:11 github-actions[bot]