Add toggles for private and public endpoints

aws/cluster/main.tf

@@ -17,6 +17,8 @@ module "eks_cluster" {
   source = "./modules/eks-cluster"
 
   enabled_cluster_log_types = var.enabled_cluster_log_types
+  endpoint_private_access   = var.endpoint_private_access
+  endpoint_public_access    = var.endpoint_public_access
   k8s_version               = var.k8s_version
   log_retention_in_days     = var.log_retention_in_days
   name                      = module.cluster_name.full

aws/cluster/modules/eks-cluster/main.tf

@@ -12,6 +12,8 @@ resource "aws_eks_cluster" "this" {
   vpc_config {
     security_group_ids = [aws_security_group.control_plane.id]
     subnet_ids         = concat(var.private_subnet_ids, var.public_subnet_ids)
+    endpoint_private_access = var.endpoint_private_access
+    endpoint_public_access  = var.endpoint_public_access
   }
 
   encryption_config {

aws/cluster/modules/eks-cluster/variables.tf

@@ -4,6 +4,18 @@ variable "enabled_cluster_log_types" {
   description = "Which EKS control plane log types to enable"
 }
 
+variable "endpoint_private_access" {
+  type = bool
+  description = "Enables the Amazon EKS private API server endpoint."
+  default = false
+}
+
+variable "endpoint_public_access" {
+  type = bool
+  description = "Enables the Amazon EKS public API server endpoint."
+  default = true
+}
+
 variable "log_retention_in_days" {
   type        = number
   description = "How many days until control plane logs are purged"

aws/cluster/variables.tf

@@ -4,6 +4,18 @@ variable "enabled_cluster_log_types" {
   description = "Which EKS control plane log types to enable"
 }
 
+variable "endpoint_private_access" {
+  type = bool
+  description = "Enables the Amazon EKS private API server endpoint."
+  default = false
+}
+
+variable "endpoint_public_access" {
+  type = bool
+  description = "Enables the Amazon EKS public API server endpoint."
+  default = true
+}
+
 variable "k8s_version" {
   type        = string
   description = "Kubernetes version to deploy"