From a506c6fe12285efc63f8f5c389649a8efdb03f03 Mon Sep 17 00:00:00 2001 From: prashansa joshi Date: Sun, 22 Sep 2024 12:28:32 +0545 Subject: [PATCH] Outbound sg to 3306 --- terraform/eb.tf | 3 +++ terraform/sg.tf | 28 +++++++++++++++++++--------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/terraform/eb.tf b/terraform/eb.tf index f486b9b..6360967 100644 --- a/terraform/eb.tf +++ b/terraform/eb.tf @@ -57,6 +57,9 @@ module "elastic_beanstalk_environment" { env_vars = var.env_vars + # Attach the security group for EB instances + security_group_ids = [aws_security_group.eb_instances.id] + extended_ec2_policy_document = data.aws_iam_policy_document.minimal_s3_permissions.json prefer_legacy_ssm_policy = false prefer_legacy_service_policy = false diff --git a/terraform/sg.tf b/terraform/sg.tf index 0077a4e..0a195a3 100644 --- a/terraform/sg.tf +++ b/terraform/sg.tf @@ -70,20 +70,30 @@ resource "aws_security_group" "database" { ################################################# # EC2 ################################################# +# Security Group for Elastic Beanstalk Instances resource "aws_security_group" "eb_instances" { - name = "eb-instances-sg" + name = "${local.elastic_beanstalk_application.name}-sg" description = "Security group for Elastic Beanstalk instances" vpc_id = data.aws_vpc.adex_poc_default_vpc.id - # Allow outbound MySQL traffic to the RDS security group - egress { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - security_groups = [aws_security_group.database.id] + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Allow HTTP traffic } - tags = { - Name = "EB Instances SG" + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Allow HTTPS traffic + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] # Allow all outbound traffic } }