From c9aaa4446f41a891ac65a49617403cf3525d1f0f Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 20 Mar 2025 20:28:11 -0400
Subject: [PATCH] enable private access

---
 README.md    | 1 +
 main.tf      | 2 ++
 variables.tf | 6 ++++++
 3 files changed, 9 insertions(+)

diff --git a/README.md b/README.md
index d67d537..2271ec6 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,7 @@ efs-csi-controller    0         5m
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_entries"></a> [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no |
 | <a name="input_census_private_cidr"></a> [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | <pre>[<br/>  "148.129.0.0/16",<br/>  "172.16.0.0/12",<br/>  "192.168.0.0/16"<br/>]</pre> | no |
+| <a name="input_cluster_endpoint_private_access"></a> [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Whether the EKS cluster API server endpoint is privately accessible | `bool` | `true` | no |
 | <a name="input_cluster_endpoint_public_access"></a> [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 907f035..958476e 100644
--- a/main.tf
+++ b/main.tf
@@ -32,6 +32,7 @@ module "cluster" {
   cluster_name                             = var.cluster_name
   cluster_version                          = var.cluster_version
   cluster_endpoint_public_access           = var.cluster_endpoint_public_access
+  cluster_endpoint_private_access          = var.cluster_endpoint_private_access
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
   access_entries                           = local.access_entries
 
@@ -42,6 +43,7 @@ module "cluster" {
     "controllerManager",
     "scheduler",
   ]
+  cloudwatch_log_group_retention_in_days = "14"
 
   vpc_id     = local.vpc_id
   subnet_ids = local.subnets
diff --git a/variables.tf b/variables.tf
index 4153048..527a25e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -16,6 +16,12 @@ variable "cluster_version" {
   }
 }
 
+variable "cluster_endpoint_private_access" {
+  description = "Whether the EKS cluster API server endpoint is privately accessible"
+  type        = bool
+  default     = true
+}
+
 variable "cluster_endpoint_public_access" {
   description = "Whether the EKS cluster API server endpoint is publicly accessible"
   type        = bool