Outbound sg to 3306

adexltd · Sep 22, 2024 · 0ad60ab · 0ad60ab
1 parent c5f0f1b
commit 0ad60ab
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/terraform/alb.tf b/terraform/alb.tf
@@ -29,7 +29,7 @@ module "alb" {
 
       health_check = {
         enabled             = true
-        path                = "/health"
+        path                = "/"
         protocol            = "HTTPS"        # Customize this based on your needs
         matcher             = "200-299"      # HTTP status codes that indicate a healthy response
         interval            = 30             # Time in seconds between health checks

diff --git a/terraform/sg.tf b/terraform/sg.tf
@@ -53,6 +53,7 @@ resource "aws_security_group" "database" {
     cidr_blocks = ["0.0.0.0/0"]
     # cidr_blocks = local.vpc.vpc_cidr
     # security_groups = [aws_security_group.backend_asg.id]
+    security_groups = [aws_security_group.eb_instances.id] # Restrict access to EB instances only
   }
 
   egress {
@@ -63,3 +64,26 @@ resource "aws_security_group" "database" {
   }
   tags = module.naming.resources.rds.tags
 }
+
+
+
+#################################################
+# EC2
+#################################################
+resource "aws_security_group" "eb_instances" {
+  name        = "eb-instances-sg"
+  description = "Security group for Elastic Beanstalk instances"
+  vpc_id      = data.aws_vpc.adex_poc_default_vpc.id
+
+  # Allow outbound MySQL traffic to the RDS security group
+  egress {
+    from_port       = 3306
+    to_port         = 3306
+    protocol        = "tcp"
+    security_groups = [aws_security_group.database.id]
+  }
+
+  tags = {
+    Name = "EB Instances SG"
+  }
+}