diff --git a/security_groups.tf b/security_groups.tf
deleted file mode 100644
index e62c641..0000000
--- a/security_groups.tf
+++ /dev/null
@@ -1,120 +0,0 @@
-
-locals {
-  all_worker_mgmt_name           = format("%v%v-all-worker-mgmt", local.prefixes["eks-security-group"], var.cluster_name)
-  additional_eks_cluster_sg_name = format("%v%v-cluster", local.prefixes["eks-security-group"], var.cluster_name)
-}
-
-resource "aws_security_group" "additional_eks_cluster_sg" {
-  name = local.additional_eks_cluster_sg_name
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = local.additional_eks_cluster_sg_name },
-  )
-
-  vpc_id = data.aws_vpc.eks_vpc.id
-
-  ingress {
-    from_port = 0
-    to_port   = 0
-    protocol  = -1
-
-    security_groups = [
-      aws_security_group.all_worker_mgmt.id,
-    ]
-  }
-
-  # in-VPC access to K8s API
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"])
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  lifecycle {
-    ignore_changes = [ingress, egress]
-  }
-}
-
-
-resource "aws_security_group" "all_worker_mgmt" {
-  name = local.all_worker_mgmt_name
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = local.all_worker_mgmt_name },
-  )
-
-  vpc_id = local.vpc_id
-
-  ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = -1
-    cidr_blocks = [local.vpc_cidr_block]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  lifecycle {
-    ignore_changes = [ingress, egress]
-  }
-}
-
-resource "aws_security_group" "extra_cluster_sg" {
-  name        = format("%v%v-extra", local.prefixes["eks-security-group"], var.cluster_name)
-  description = format("Security group for additional access for EKS cluster %v", var.cluster_name)
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = format("%v%v-extra", local.prefixes["eks-security-group"], var.cluster_name) },
-  )
-
-  vpc_id = data.aws_vpc.eks_vpc.id
-
-  ingress {
-    from_port = 0
-    to_port   = 0
-    protocol  = -1
-    self      = true
-  }
-
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"])
-  }
-
-  # kubectl logs
-  ingress {
-    from_port   = 10250
-    to_port     = 10250
-    protocol    = "tcp"
-    cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"])
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  lifecycle {
-    ignore_changes = [ingress, egress]
-  }
-}