-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(eks): KubectlProvider
creates un-necessary security group
#13178
Conversation
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Following #10200, our `KubectlProvider` functions are now provisioned inside a VPC when applicable. A somewhat unintended side effect is that the provider framework will **create** and use a dedicated security group for its functions. This can violate organizational policies that don't allow CDK to create security groups. We can easily avoid this by simply reusing the `kubectlSecurityGroup`, which must be defined in this case, and passing it to the provider. Fixes #12952 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Following #10200, our
KubectlProvider
functions are now provisioned inside a VPC when applicable. A somewhat unintended side effect is that the provider framework will create and use a dedicated security group for its functions.This can violate organizational policies that don't allow CDK to create security groups. We can easily avoid this by simply reusing the
kubectlSecurityGroup
, which must be defined in this case, and passing it to the provider.Fixes #12952
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license