aws-load-balancer-controller: ALB Ingress is not getting created

For people who are stumbling on this after upgrading the aws terraform eks module to version 18.x, the required configuration for the module to work with the load balancer controller is:

node_security_group_additional_rules = {
  ...
  ingress_allow_access_from_control_plane = {
    type                          = "ingress"
    protocol                      = "tcp"
    from_port                     = 9443
    to_port                       = 9443
    source_cluster_security_group = true
    description                   = "Allow access from control plane to webhook port of AWS load balancer controller"
  }
}

node_security_group_additional_rules

after checking, investigating and suddenly discover this thread , I saw your comment @DZDomi and your solution works!

It need to open the port 9443 and works

Also thanks for share the Terraform code of the EKS module 😃

@GrigorievNick, for aws lb controller, you’d need to allow port 9443 for webhook access. Other application components might have different requirements, you’d need to figure out the optimum configuration based on your security requirements.

@gitmaniak This is fixed, the reason for the failure is the service port number is not opened in the node security group. This piece of information is not captured anywhere in the documentation.

@boopathykpm, error indicates that the k8s controlplane is not able to connect to the aws-load-balancer-controller pods running on your worker nodes. Could you ensure the cluster security group allows traffic between the k8s controlplane and the worker nodes? Please refer to issue #2460, the symptoms are the same.