cloudposse · RoseSecurity · Oct 1, 2025 · Oct 1, 2025 · Oct 1, 2025
@@ -440,6 +440,7 @@ Module usage with two unmanaged worker groups:
 | <a name="input_public_access_cidrs"></a> [public\_access\_cidrs](#input\_public\_access\_cidrs) | Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | OBSOLETE (not needed): AWS Region | `string` | `null` | no |
+| <a name="input_remote_network_config"></a> [remote\_network\_config](#input\_remote\_network\_config) | Configuration block for the cluster remote network configuration | <pre>object({<br/>    remote_node_networks_cidrs = list(string)<br/>    remote_pod_networks_cidrs  = optional(list(string))<br/>  })</pre> | `null` | no |
 | <a name="input_service_ipv4_cidr"></a> [service\_ipv4\_cidr](#input\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from.<br/>You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. | `string` | `null` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch the cluster in | `list(string)` | n/a | yes |

@@ -59,3 +59,9 @@ upgrade_policy = {
 zonal_shift_config = {
   enabled = true
 }
+
+
+remote_network_config = {
+  remote_node_networks_cidrs = ["10.255.0.0/16"]
+  remote_pod_networks_cidrs  = ["192.168.0.0/16"]
+}
@@ -129,6 +129,8 @@ module "eks_cluster" {
 
   kubernetes_network_ipv6_enabled = local.private_ipv6_enabled
 
+  remote_network_config = var.remote_network_config
+
   context = module.this.context
 
   cluster_depends_on = [module.subnets]

@@ -141,3 +141,12 @@ variable "private_ipv6_enabled" {
   default     = false
   description = "Whether to use IPv6 addresses for the pods in the node group"
 }
+
+variable "remote_network_config" {
+  description = "Configuration block for the cluster remote network configuration"
+  type = object({
+    remote_node_networks_cidrs = list(string)
+    remote_pod_networks_cidrs  = optional(list(string))
+  })
+  default = null
+}
@@ -110,6 +110,28 @@ resource "aws_eks_cluster" "default" {
     }
   }
 
+  dynamic "remote_network_config" {
+    for_each = var.remote_network_config != null ? [var.remote_network_config] : []
+
+    content {
+      dynamic "remote_node_networks" {
+        for_each = [remote_network_config.value.remote_node_networks_cidrs]
+
+        content {
+          cidrs = remote_network_config.value.remote_node_networks_cidrs
+        }
+      }
+
+      dynamic "remote_pod_networks" {
+        for_each = remote_network_config.value.remote_pod_networks_cidrs != null ? [remote_network_config.value.remote_pod_networks_cidrs] : []
+
+        content {
+          cidrs = remote_network_config.value.remote_pod_networks_cidrs
+        }
+      }
+    }
+  }
+
   dynamic "upgrade_policy" {
     for_each = var.upgrade_policy != null ? [var.upgrade_policy] : []
     content {

@@ -381,3 +381,12 @@ variable "custom_ingress_rules" {
     A List of Objects, which are custom security group rules that
     EOT
 }
+
+variable "remote_network_config" {
+  description = "Configuration block for the cluster remote network configuration"
+  type = object({
+    remote_node_networks_cidrs = list(string)
+    remote_pod_networks_cidrs  = optional(list(string))
+  })
+  default = null
+}