From 1147fd25839fb004874076c06d0b0237f0bb39db Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 26 Apr 2022 09:41:04 -0400
Subject: [PATCH] update securitygroup to allow inbound 443 to vpc

---
 examples/full-cluster/securitygroup.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/examples/full-cluster/securitygroup.tf b/examples/full-cluster/securitygroup.tf
index 8c6e880..0a233d6 100644
--- a/examples/full-cluster/securitygroup.tf
+++ b/examples/full-cluster/securitygroup.tf
@@ -21,6 +21,13 @@ resource "aws_security_group" "additional_eks_cluster_sg" {
       ##      aws_security_group.cni_custom_sg.id
     ]
   }
+  # this grants in-VPC access to the K8S api
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [var.vpc_cidr_block]
+  }
 
   egress {
     from_port   = 0