search

angelabad / terraform-aws-msk-cluster

Terraform module which creates Msk Kafka Cluster on AWS
https://registry.terraform.io/modules/angelabad/msk-cluster/
Apache License 2.0
30 stars 34 forks source link

Security group rule - CIDR blocks #16

Closed madpearl closed 2 years ago

madpearl commented 3 years ago

Hi, I´ve got a non communicated kafka cluster when on the aws_security_group_rule no specified cidr_blocks. The cidr_blocks should be as source module.vpc.vpc_cidr_block - the cidr from the EKS cluster. Only in this way I´ve got the communication working. BR, Bisser

madpearl commented 3 years ago

### main.tf

resource "aws_security_group_rule" "msk-plain" { from_port = 9092 to_port = 9092 protocol = "tcp" security_group_id = aws_security_group.this.id type = "ingress" cidr_blocks = var.sg_cidr_blocks

self = true

}

resource "aws_security_group_rule" "msk-tls" { from_port = 9094 to_port = 9094 protocol = "tcp" security_group_id = aws_security_group.this.id type = "ingress" cidr_blocks = var.sg_cidr_blocks

self = true

}

resource "aws_security_group_rule" "zookeeper" { from_port = 2181 to_port = 2181 protocol = "tcp" security_group_id = aws_security_group.this.id type = "ingress" cidr_blocks = var.sg_cidr_blocks

self = true

}

resource "aws_security_group_rule" "jmx-exporter" { count = var.prometheus_jmx_exporter ? 1 : 0

from_port = 11001 to_port = 11001 protocol = "tcp" security_group_id = aws_security_group.this.id type = "ingress" cidr_blocks = var.sg_cidr_blocks

self = true

}

resource "aws_security_group_rule" "node_exporter" { count = var.prometheus_node_exporter ? 1 : 0

from_port = 11002 to_port = 11002 protocol = "tcp" security_group_id = aws_security_group.this.id type = "ingress" cidr_blocks = var.sg_cidr_blocks

self = true

}

### variables.tf

variable "sg_cidr_blocks" { description = "Specify groups CIDR Blocks access from within VPC" type = list(string) }

*### in my .tf**

module "msk-cluster" { source = "angelabad/msk-cluster/aws"

cluster_name = "${var.uniqueIdentifier}-kafka" instance_type = "kafka.t3.small" number_of_nodes = length(module.vpc.private_subnets) client_subnets = module.vpc.private_subnets kafka_version = "2.4.1.1" sg_cidr_blocks = [module.vpc.vpc_cidr_block] volume_size = 2000

extra_security_groups = [data.aws_eks_cluster.cluster.vpc_config[0].cluster_security_group_id]

angelabad commented 3 years ago

Hi, thanks for the report, but sorry, I think I dont understand your problem.

Why you cant use extra_security_groups for this?

Regards

angelabad commented 2 years ago

Hi! A lot of time without reply, I will close it. If you have info, please reopen it.

Thanks!