diff --git a/services/terraform/self-host/aws_lb.tf b/services/terraform/self-host/aws_lb.tf --- a/services/terraform/self-host/aws_lb.tf +++ b/services/terraform/self-host/aws_lb.tf @@ -78,7 +78,6 @@ } } - data "aws_acm_certificate" "keyserver_service" { domain = var.keyserver_domain_name statuses = ["ISSUED"] diff --git a/services/terraform/self-host/landing.tf b/services/terraform/self-host/landing.tf --- a/services/terraform/self-host/landing.tf +++ b/services/terraform/self-host/landing.tf @@ -139,7 +139,7 @@ resource "aws_lb" "landing_service" { load_balancer_type = "application" name = "landing-service-lb" - security_groups = [aws_security_group.lb_sg.id] + security_groups = [aws_security_group.landing_lb_sg.id] internal = false subnets = local.vpc_subnets @@ -163,6 +163,26 @@ } } +resource "aws_security_group" "landing_lb_sg" { + name = "landing-lb-sg" + description = "Security group for keyserver load balancer" + vpc_id = local.vpc_id + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + data "aws_acm_certificate" "landing_service" { domain = var.landing_domain_name statuses = ["ISSUED"] diff --git a/services/terraform/self-host/webapp.tf b/services/terraform/self-host/webapp.tf --- a/services/terraform/self-host/webapp.tf +++ b/services/terraform/self-host/webapp.tf @@ -139,7 +139,7 @@ resource "aws_lb" "webapp_service" { load_balancer_type = "application" name = "webapp-service-lb" - security_groups = [aws_security_group.lb_sg.id] + security_groups = [aws_security_group.webapp_lb_sg.id] internal = false subnets = local.vpc_subnets @@ -163,6 +163,26 @@ } } +resource "aws_security_group" "webapp_lb_sg" { + name = "web-lb-sg" + description = "Security group for keyserver load balancer" + vpc_id = local.vpc_id + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + data "aws_acm_certificate" "webapp_service" { domain = var.webapp_domain_name statuses = ["ISSUED"]