Create EKS Security Group

As part of the cluster creation we need to create an EC2 security group. A Security Group acts as a virtual firewall that controls the traffic for one or more instances.

Note

In case you opted for creating a new VPC using Amazon’s official instructions in the Create EKS VPC guide, you have already created the required SecurityGroups, so you can skip this section.

  1. Choose the security group name:

    $ export SECURITYGROUP=demo-eks-clusters
    
  2. Set a trusted CIDR. For example:

    $ export CIDR=1.2.3.4/32
    
  3. Create a security group in the default VPC:

    $ aws ec2 create-security-group \
    >     --description "Demo EKS clusters" \
    >     --group-name ${SECURITYGROUP?} \
    >     --vpc-id ${VPCID?}
    
  4. Obtain the security group ID:

    $ export SECURITYGROUPID=$(aws ec2 describe-security-groups --filters Name=vpc-id,Values=${VPCID?} Name=group-name,Values=${SECURITYGROUP?} | jq -r '.SecurityGroups[].GroupId')
    
  5. Only allow traffic to your EKS cluster from a specific IP or CIDR:

    $ aws ec2 authorize-security-group-ingress \
    >     --group-id ${SECURITYGROUPID?} \
    >     --protocol tcp \
    >     --port 0-65535 \
    >     --cidr ${CIDR?}
    $ aws ec2 authorize-security-group-ingress \
    >     --group-id ${SECURITYGROUPID?} \
    >     --protocol icmp \
    >     --port -1
    
  6. Verify:

    $ aws ec2 describe-security-groups --group-ids ${SECURITYGROUPID?}