jfautley · April 23, 2019 17:57
diff --git a/terraform-example b/terraform-example

 # Create EIP and NAT Gateway (NB: Not HA as only located in a single subnet)
 resource "aws_eip" "nat" {
  vpc = true
 }

 resource "aws_nat_gateway" "nat" {
  allocation_id = "${aws_eip.nat.allocation_id}"
  subnet_id = "${aws_subnet.demo.id[0]}"
 }

 ### Change the existing aws_route_table definition in the demo code to point to the NAT gateway:
 resource "aws_route_table" "demo" {
  vpc_id = "${aws_vpc.demo.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_nat_gateway.demo.id}"
  }
 }

 # Enable private endpoint access for the EKS cluster
 resource "aws_eks_cluster" "demo" {
 ### Leave the defaults here, and add the bottom two entries to vpc_config
  vpc_config {
    security_group_ids = ["${aws_security_group.demo-cluster.id}"]
    subnet_ids         = ["${aws_subnet.demo.*.id}"]
    endpoint_private_access = true
    endpoint_public_access = false ### If you don't want public/internet access to your EKS API
  }
 }

	# Create EIP and NAT Gateway (NB: Not HA as only located in a single subnet)
	resource "aws_eip" "nat" {
	vpc = true
	}

	resource "aws_nat_gateway" "nat" {
	allocation_id = "${aws_eip.nat.allocation_id}"
	subnet_id = "${aws_subnet.demo.id[0]}"
	}

	### Change the existing aws_route_table definition in the demo code to point to the NAT gateway:
	resource "aws_route_table" "demo" {
	vpc_id = "${aws_vpc.demo.id}"

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_nat_gateway.demo.id}"
	}
	}

	# Enable private endpoint access for the EKS cluster
	resource "aws_eks_cluster" "demo" {
	### Leave the defaults here, and add the bottom two entries to vpc_config
	vpc_config {
	security_group_ids = ["${aws_security_group.demo-cluster.id}"]
	subnet_ids = ["${aws_subnet.demo.*.id}"]
	endpoint_private_access = true
	endpoint_public_access = false ### If you don't want public/internet access to your EKS API
	}
	}