cloudposse · nitrocode · Oct 25, 2021 · Oct 25, 2021 · Oct 25, 2021 · Oct 25, 2021
diff --git a/main.tf b/main.tf
@@ -75,7 +75,7 @@ resource "aws_msk_cluster" "default" {
     instance_type   = var.broker_instance_type
     ebs_volume_size = var.broker_volume_size
     client_subnets  = var.subnet_ids
-    security_groups = aws_security_group.default.*.id
+    security_groups = concat(var.broker_node_security_groups, aws_security_group.default.*.id)
   }
 
   configuration_info {

diff --git a/variables.tf b/variables.tf
@@ -41,6 +41,12 @@ variable "security_groups" {
   description = "List of security group IDs to be allowed to connect to the cluster"
 }
 
+variable "broker_node_security_groups" {
+  type        = list(string)
+  default     = []
+  description = "List of broker node security group IDs to be associated with the elastic network interfaces to control who can communicate with the cluster"
+}
+
 variable "allowed_cidr_blocks" {
   type        = list(string)
   default     = []