resource "aws_security_group" "sensyne_demo_cluster" { name = "sensyne-demo-cluster-sg" description = "Cluster communication with worker nodes" vpc_id = "${aws_vpc.sensyne_demo_vpc.id}" egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "sensyne_demo_cluster_sg" } } resource "aws_security_group_rule" "sensyne_demo_cluster_remote_access" { cidr_blocks = ["81.187.12.210/32"] description = "Allow external comms with cluster" from_port = 443 protocol = "tcp" security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" to_port = 443 type = "ingress" } resource "aws_security_group" "sensyne_demo_node" { name = "sensyne_demo_node" description = "Security group for all nodes in the cluster" vpc_id = "${aws_vpc.sensyne_demo_vpc.id}" egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = "${ map( "Name", "sensyne-demo-worker-node", ) }" } resource "aws_security_group_rule" "sensyne_demo_node_ingress_self" { description = "Allow node to communicate with each other" from_port = 0 protocol = "-1" security_group_id = "${aws_security_group.sensyne_demo_node.id}" source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" to_port = 65535 type = "ingress" } resource "aws_security_group_rule" "sensyne_demo_node_ingress_cluster" { description = "Allow worker Kubelets and pods to receive communication from the cluster control plane" from_port = 1025 protocol = "tcp" security_group_id = "${aws_security_group.sensyne_demo_node.id}" source_security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" to_port = 65535 type = "ingress" } resource "aws_security_group_rule" "sensyne_demo_cluster_ingress_node_https" { description = "Allow pods to communicate with the cluster API Server" from_port = 443 protocol = "tcp" security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" to_port = 443 type = "ingress" }