11# Create an Application Load Balancer (ALB)
22resource "aws_lb" "httpd_alb" {
33 name = " ${ var . project } -${ var . venue } -httpd-alb"
4- internal = true
4+ # temporary switch until SPS tests are fixed
5+ # internal = true
6+ internal = false
57 load_balancer_type = " application"
68 security_groups = aws_security_group . ecs_alb_sg . id ]
7- subnets = . subnet_ids
9+ # temporary switch until SPS tests are fixed
10+ # subnets = local.subnet_ids
11+ subnets = . public_subnet_ids
812 enable_deletion_protection = false
913 preserve_host_header = true
1014 tags =
@@ -132,6 +136,7 @@ data "aws_ssm_parameter" "shared-services_security_group" {
132136 name = " arn:aws:ssm:${ data . aws_ssm_parameter . shared_service_region . value } :${ data . aws_ssm_parameter . shared_service_account_id . value } :parameter/unity/shared-services/network/httpd_security_group"
133137}
134138
139+ # lock down ecs alb to just shared services
135140resource "aws_vpc_security_group_ingress_rule" "ecs_alb_sg_ingress_rule" {
136141 security_group_id = . ecs_alb_sg . id
137142 from_port = 8080
@@ -140,6 +145,16 @@ resource "aws_vpc_security_group_ingress_rule" "ecs_alb_sg_ingress_rule" {
140145 referenced_security_group_id = . aws_ssm_parameter . shared-services_security_group . value
141146}
142147
148+ # temporary open until SPS tests are fixed
149+ # tfsec:ignore:AVD-AWS-0107
150+ resource "aws_vpc_security_group_ingress_rule" "ecs_alb_sg_ingress_rule_external" {
151+ security_group_id = . ecs_alb_sg . id
152+ from_port = 8080
153+ to_port = 8080
154+ ip_protocol = " tcp"
155+ cidr_ipv4 = " 0.0.0.0/0"
156+ }
157+
143158resource "aws_vpc_security_group_egress_rule" "ecs_sg_egress_rule" {
144159 security_group_id = . ecs_sg . id
145160 from_port = 0
0 commit comments