Remove unneeded security group rules

These rules are analogous to similar ones defined in the original nodegroup.yaml cloudformation template. I deliberately didn't replicate these rules when introducing the new security group because `nodes-from-controller` is already covered by `nodes-from-vpc` and `controller-to-nodes` is covered by `controller-egress`.
alphagov · Oct 4, 2019 · 3e76e6e · 3e76e6e
1 parent 490845a
commit 3e76e6e
Showing 1 changed file with 0 additions and 22 deletions.
diff --git a/modules/k8s-cluster/security.tf b/modules/k8s-cluster/security.tf
@@ -109,28 +109,6 @@ resource "aws_security_group_rule" "nodes-from-vpc" {
   cidr_blocks = ["${data.aws_vpc.private.cidr_block}"]
 }
 
-resource "aws_security_group_rule" "nodes-from-controller" {
-  security_group_id = "${aws_security_group.node.id}"
-
-  type      = "ingress"
-  protocol  = "tcp"
-  from_port = 1025
-  to_port   = 65535
-
-  source_security_group_id = "${aws_security_group.controller.id}"
-}
-
-resource "aws_security_group_rule" "controller-to-nodes" {
-  security_group_id = "${aws_security_group.controller.id}"
-
-  type      = "egress"
-  protocol  = "tcp"
-  from_port = 1025
-  to_port   = 65535
-
-  source_security_group_id = "${aws_security_group.node.id}"
-}
-
 resource "aws_security_group_rule" "controller-from-nodes" {
   security_group_id = "${aws_security_group.controller.id}"