Skip to content

Commit 7219c84

Browse files
irvingpopirvingpop
authored
Disable public ipv4 on EC2 instances and update AMI (#182)
* Disable public ipv4 on EC2 instances and update AMI Signed-off-by: Irving Popovetsky <[email protected]> * Update providers Signed-off-by: Irving Popovetsky <[email protected]> * Update our ALB to be dualstack, supporting IPv4 and IPv6 Signed-off-by: Irving Popovetsky <[email protected]> --------- Signed-off-by: Irving Popovetsky <[email protected]>
1 parent e288f0b commit 7219c84

File tree

5 files changed

+35
-30
lines changed

5 files changed

+35
-30
lines changed

terraform/.terraform.lock.hcl

+17-18
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

terraform/alb.tf

+14-8
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,25 @@
11
# load balancer ARN arn:aws:acm:us-east-2:633607774026:certificate/8de9fd02-191c-485f-b952-e5ba32e90acb
22
################################################################################
3+
4+
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
35
resource "aws_security_group" "lb_security_group" {
46
name_prefix = "ecs"
57
vpc_id = data.aws_vpc.use2.id
68

79
# allow incoming traffic
810
ingress {
9-
from_port = 443
10-
to_port = 443
11-
protocol = "tcp"
12-
cidr_blocks = ["0.0.0.0/0"]
11+
from_port = 443
12+
to_port = 443
13+
protocol = "tcp"
14+
cidr_blocks = ["0.0.0.0/0"]
15+
ipv6_cidr_blocks = ["::/0"]
1316
}
1417
ingress {
15-
from_port = 80
16-
to_port = 80
17-
protocol = "tcp"
18-
cidr_blocks = ["0.0.0.0/0"]
18+
from_port = 80
19+
to_port = 80
20+
protocol = "tcp"
21+
cidr_blocks = ["0.0.0.0/0"]
22+
ipv6_cidr_blocks = ["::/0"]
1923
}
2024

2125
# allow all outgoing traffic
@@ -31,12 +35,14 @@ resource "aws_security_group" "lb_security_group" {
3135
}
3236
}
3337

38+
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
3439
resource "aws_lb" "ecs" {
3540
name_prefix = "oc"
3641
security_groups = [aws_security_group.lb_security_group.id]
3742

3843
load_balancer_type = "application"
3944
internal = false
45+
ip_address_type = "dualstack"
4046

4147
subnets = data.aws_subnets.use2.ids
4248

terraform/asg.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11

22
# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux
33
data "aws_ssm_parameter" "ecs_optimized_ami" {
4-
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended"
4+
name = "/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended"
55
}
66

77
# https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/latest
@@ -37,7 +37,7 @@ module "autoscaling" {
3737
{
3838
delete_on_termination = true
3939
device_index = 0
40-
associate_public_ip_address = true
40+
associate_public_ip_address = false
4141
security_groups = [module.autoscaling_sg.security_group_id]
4242
}
4343
]

terraform/pybot/main.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -108,5 +108,5 @@ resource "aws_lb_target_group" "pybot" {
108108
unhealthy_threshold = 2
109109
}
110110

111-
deregistration_delay = 300
111+
deregistration_delay = 10
112112
}

terraform/python_backend/main.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -145,5 +145,5 @@ resource "aws_lb_target_group" "python_backend" {
145145
unhealthy_threshold = 2
146146
}
147147

148-
deregistration_delay = 300
148+
deregistration_delay = 10
149149
}

0 commit comments

Comments
 (0)