Hi Zoya,

For my deployments I am only using Terraform. For that reason I created a publicly available terraform module (https://github.com/umotif-public/terraform-aws-eks-node-group) also available through official terraform registry.

Into this module you can pass in following parameters:

• ec2_ssh_key - EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify source_security_group_ids when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).
• source_security_group_ids - (Optional) Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify ec2_ssh_key, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).

This means that, yes, you can have additional ingress rules for other security groups but only on default port 22.

In order to be able to add other ingress rules you can make use of the output remote_access_security_group_id which is returned by https://www.terraform.io/docs/providers/aws/r/eks_node_group.html resource.

Once you have the id of the security group, you can add additional ingress rules using https://www.terraform.io/docs/providers/aws/r/security_group_rule.html resource

Hope that helps