etleap · pdnt · Apr 5, 2024 · Apr 5, 2024 · Apr 5, 2024
diff --git a/app.tf b/app.tf
@@ -140,6 +140,7 @@ resource "aws_lb" "app" {
   subnets            = var.enable_public_access ? [local.subnet_a_public_id, local.subnet_b_public_id] : [local.subnet_a_private_id, local.subnet_b_private_id]
   security_groups    = [aws_security_group.app.id]
   idle_timeout       = 300
+  drop_invalid_header_fields = true
 
   tags = {
     Name = "Etleap LB ${var.deployment_id}"

diff --git a/nat.tf b/nat.tf
@@ -84,7 +84,7 @@ resource "aws_security_group_rule" "nat-ingress" {
 
 resource "aws_eip" "nat" {
   count    = local.created_vpc_count
-  vpc      = true
+  domain   = "vpc"
 }
 
 resource "aws_eip_association" "nat" {

diff --git a/s3.tf b/s3.tf
@@ -8,13 +8,15 @@ resource "aws_s3_bucket" "intermediate" {
       logging
     ]
   }
+}
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = var.s3_kms_encryption_key
-        sse_algorithm     = var.s3_kms_encryption_key == null ? "AES256" : "aws:kms"
-      }
+resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_encryption" {
+  bucket = aws_s3_bucket.intermediate.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      kms_master_key_id = var.s3_kms_encryption_key
+      sse_algorithm     = var.s3_kms_encryption_key == null ? "AES256" : "aws:kms"
     }
   }
 }