resource "aws_security_group" "aws-elb" { name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" vpc_id = "${var.aws_vpc_id}" tags { Name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" } } resource "aws_security_group_rule" "aws-allow-api-access" { type = "ingress" from_port = "${var.aws_elb_api_port}" to_port = "${var.k8s_secure_api_port}" protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] security_group_id = "${aws_security_group.aws-elb.id}" } # Create a new AWS ELB for K8S API resource "aws_elb" "aws-elb-api" { name = "kubernetes-elb-${var.aws_cluster_name}" subnets = ["${var.aws_subnet_ids_public}"] security_groups = ["${aws_security_group.aws-elb.id}"] listener { instance_port = "${var.k8s_secure_api_port}" instance_protocol = "tcp" lb_port = "${var.aws_elb_api_port}" lb_protocol = "tcp" } health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "HTTP:8080/" interval = 30 } cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400 tags { Name = "kubernetes-${var.aws_cluster_name}-elb-api" } }