From ac1c696fdb391303410dc50530f31df188c41a0e Mon Sep 17 00:00:00 2001
From: Docs <docs@external-secrets.io>
Date: Mon, 11 Apr 2022 19:38:03 +0200
Subject: [PATCH] fix: allow control plane ingress to webhook

---
 terraform/aws/modules/cluster/main.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/terraform/aws/modules/cluster/main.tf b/terraform/aws/modules/cluster/main.tf
index a4004445c..4d9b0c3cf 100644
--- a/terraform/aws/modules/cluster/main.tf
+++ b/terraform/aws/modules/cluster/main.tf
@@ -112,6 +112,24 @@ resource "aws_security_group" "additional" {
     ]
   }
 
+  # allow control-plane to access webhook
+  ingress {
+    from_port        = 9443
+    to_port          = 9443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    from_port        = 443
+    to_port          = 443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+
   # 443, 53, 123 is already allowed
   egress {
     from_port        = 80