Outbound sg to 3306

adexltd · Sep 22, 2024 · a506c6f · a506c6f
1 parent 0ad60ab
commit a506c6f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 9 deletions.
diff --git a/terraform/eb.tf b/terraform/eb.tf
@@ -57,6 +57,9 @@ module "elastic_beanstalk_environment" {
 
   env_vars = var.env_vars
 
+  # Attach the security group for EB instances
+  security_group_ids = [aws_security_group.eb_instances.id]
+
   extended_ec2_policy_document = data.aws_iam_policy_document.minimal_s3_permissions.json
   prefer_legacy_ssm_policy     = false
   prefer_legacy_service_policy = false

diff --git a/terraform/sg.tf b/terraform/sg.tf
@@ -70,20 +70,30 @@ resource "aws_security_group" "database" {
 #################################################
 # EC2
 #################################################
+# Security Group for Elastic Beanstalk Instances
 resource "aws_security_group" "eb_instances" {
-  name        = "eb-instances-sg"
+  name        = "${local.elastic_beanstalk_application.name}-sg"
   description = "Security group for Elastic Beanstalk instances"
   vpc_id      = data.aws_vpc.adex_poc_default_vpc.id
 
-  # Allow outbound MySQL traffic to the RDS security group
-  egress {
-    from_port       = 3306
-    to_port         = 3306
-    protocol        = "tcp"
-    security_groups = [aws_security_group.database.id]
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]  # Allow HTTP traffic
   }
 
-  tags = {
-    Name = "EB Instances SG"
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]  # Allow HTTPS traffic
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]  # Allow all outbound traffic
   }
 }