Fully Private Amazon EKS Cluster supporting second CIDR

[lindarr915]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

What is the outcome that you are trying to reach?

The terraform module below has one main VPC CIDR, but the customers are looking for second CIDR - 100.64.0.0/16 to solve IP shortage problem for cluster, worker nodes and pods https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/patterns/fully-private-cluster

Describe the solution you would like

To enable second CIDR, it is neccessary to

1. Configure the VPC subnets
2. Configure the security groups for VPC Endpoints

Describe alternatives you have considered

Additional context

The new onboarding customer has tried to modified the Terraform module to enable secondary CIDR, but did not allow ingress of VPC Endpoints in Security Groups, and spend days to troubleshoot worker node failing to join the cluster.