enable private access

SCT-Engineering · Mar 21, 2025 · c9aaa44 · c9aaa44
1 parent 972783b
commit c9aaa44
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -143,6 +143,7 @@ efs-csi-controller    0         5m
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_entries"></a> [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no |
 | <a name="input_census_private_cidr"></a> [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | <pre>[<br/>  "148.129.0.0/16",<br/>  "172.16.0.0/12",<br/>  "192.168.0.0/16"<br/>]</pre> | no |
+| <a name="input_cluster_endpoint_private_access"></a> [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Whether the EKS cluster API server endpoint is privately accessible | `bool` | `true` | no |
 | <a name="input_cluster_endpoint_public_access"></a> [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes |

diff --git a/main.tf b/main.tf
@@ -32,6 +32,7 @@ module "cluster" {
   cluster_name                             = var.cluster_name
   cluster_version                          = var.cluster_version
   cluster_endpoint_public_access           = var.cluster_endpoint_public_access
+  cluster_endpoint_private_access          = var.cluster_endpoint_private_access
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
   access_entries                           = local.access_entries
 
@@ -42,6 +43,7 @@ module "cluster" {
     "controllerManager",
     "scheduler",
   ]
+  cloudwatch_log_group_retention_in_days = "14"
 
   vpc_id     = local.vpc_id
   subnet_ids = local.subnets

diff --git a/variables.tf b/variables.tf
@@ -16,6 +16,12 @@ variable "cluster_version" {
   }
 }
 
+variable "cluster_endpoint_private_access" {
+  description = "Whether the EKS cluster API server endpoint is privately accessible"
+  type        = bool
+  default     = true
+}
+
 variable "cluster_endpoint_public_access" {
   description = "Whether the EKS cluster API server endpoint is publicly accessible"
   type        = bool