Create EKS Security Group

As part of the cluster creation we need to create an EC2 security group. A Security Group acts as a virtual firewall that controls the traffic for one or more instances.

  1. Choose the security group name:

    $ export SECURITYGROUP=demo-eks-clusters
    
  2. Set a trusted CIDR. For example:

    $ export CIDR=1.2.3.4/32
    
  3. Create a security group in the default VPC:

    $ aws ec2 create-security-group \
    >     --description "Demo EKS clusters" \
    >     --group-name ${SECURITYGROUP?} \
    >     --vpc-id ${VPCID?}
    
  4. Obtain the security group ID:

    $ export SECURITYGROUPID=$(aws ec2 describe-security-groups --filters Name=vpc-id,Values=${VPCID?} Name=group-name,Values=${SECURITYGROUP?} | jq -r '.SecurityGroups[].GroupId')
    
  5. Only allow traffic to your EKS cluster from a specific IP or CIDR:

    $ aws ec2 authorize-security-group-ingress \
    >     --group-id ${SECURITYGROUPID?} \
    >     --protocol tcp \
    >     --port 0-65535 \
    >     --cidr ${CIDR?}
    $ aws ec2 authorize-security-group-ingress \
    >     --group-id ${SECURITYGROUPID?} \
    >     --protocol icmp \
    >     --port -1 \
    >     --cidr ${CIDR?}
    
  6. Allow intra SG traffic:

    $ aws ec2 authorize-security-group-ingress \
    >     --group-id ${SECURITYGROUPID?} \
    >     --protocol all \
    >     --source-group ${SECURITYGROUPID?}
    
  7. Verify:

    $ aws ec2 describe-security-groups --group-ids ${SECURITYGROUPID?}