Aws eks cluster security group, terraform

Question

Maybe someone could help. We are creating AWS EKS Cluster on our project using Terraform. I'm working on security groups. I created two security groups, and one is created by eks itself. The problem is, that this security group is against company's security policy. I need to change inbound and outbound rules for this security group. All this need to be done using Terraform (or maybe there is other workaround) but everything need to be done automatically. I was able to get this security groups output, but no luck when tryed to use this id to create rule, and currently no idea how I can delete existing rules. Sorry, if there is something stupid I have asked, I'm new on this, hope you can give some advice.

Answer 1

I'm doing the same, and my workaround is:

To import the existing SG, and then modify it. It's not nice, because your configuration drifts, but Maybe somebody has some idea to use/update the original statefile. So:

1. Deploy the eks (I'm not pasting the code here, but I'm using the default aws module)
2. prepare another module with a security rule as I wish:

 resource "aws_security_group_rule" "egress" { type= "egress" protocol = -1 from_port = 0 to_port = 0 source_security_group_id = data.aws_eks_cluster.delta-cluster.vpc_config[0].cluster_security_group_id security_group_id = data.aws_eks_cluster.delta-cluster.vpc_config[0].cluster_security_group_id }

3. do a terraform import into another module (notice YOU HAVE TO CHANGE THE APPROPRIATE SG -but just that, the rest is AWS' magic):

 terraform import aws_security_group_rule.egress sg-004582110c1572053_egress_all_0_65535_0.0.0.0/0

4. terraform apply