Fix reference to shared security group

ooni · Mar 11, 2024 · 82eec4e · 82eec4e
1 parent 1c92020
commit 82eec4e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 34 deletions.
diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
@@ -279,6 +279,10 @@ module "ooniapi_frontend" {
   oonibackend_proxy_target_group_arn = module.ooni_backendproxy.alb_target_group_id
   oonidataapi_target_group_arn       = module.oonidataapi.alb_target_group_id
 
+  ooniapi_service_security_groups = [
+    module.ooniapi_cluster.web_security_group_id
+  ]
+
   stage            = local.stage
   dns_zone_ooni_io = local.dns_zone_ooni_io
 

diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf
@@ -2,43 +2,10 @@ locals {
   name = "ooni-tier0-api-frontend"
 }
 
-resource "aws_security_group" "ooniapi" {
-  description = "controls access to the application ELB"
-
-  vpc_id = var.vpc_id
-  name   = "${local.name}-sg"
-
-  ingress {
-    protocol    = "tcp"
-    from_port   = 80
-    to_port     = 80
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    protocol    = "tcp"
-    from_port   = 443
-    to_port     = 443
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port = 0
-    to_port   = 0
-    protocol  = "-1"
-
-    cidr_blocks = [
-      "0.0.0.0/0",
-    ]
-  }
-
-  tags = var.tags
-}
-
 resource "aws_alb" "ooniapi" {
   name            = local.name
   subnets         = var.subnet_ids
-  security_groups = [aws_security_group.ooniapi.id]
+  security_groups = var.ooniapi_service_security_groups
 
   tags = var.tags
 }

diff --git a/tf/modules/ooniapi_frontend/variables.tf b/tf/modules/ooniapi_frontend/variables.tf
@@ -27,3 +27,8 @@ variable "dns_zone_ooni_io" {
 variable "stage" {
   description = "dev, test, prod label for the stage"
 }
+
+variable "ooniapi_service_security_groups" {
+  description = "the shared web security group from the ecs cluster"
+  type        = list(string)
+}