Remmove port 443 listener and rules.

ministryofjustice · Sep 15, 2023 · 0596882 · 0596882
1 parent 9da2513
commit 0596882
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 51 deletions.
diff --git a/terraform/environments/data-and-insights-wepi/network.tf b/terraform/environments/data-and-insights-wepi/network.tf
@@ -28,15 +28,6 @@ resource "aws_security_group_rule" "tcp_5439_ingress_lb" {
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "tcp_443_ingress_lb" {
-  from_port                = 443
-  protocol                 = "TCP"
-  security_group_id        = aws_security_group.wepi_sg_allow_redshift.id
-  source_security_group_id = aws_security_group.redshift-data-lb.id
-  to_port                  = 443
-  type                     = "ingress"
-}
-
 resource "aws_security_group_rule" "tcp_5439_ingress_bastion" {
   from_port                = 5439
   protocol                 = "TCP"

diff --git a/terraform/environments/data-and-insights-wepi/redshift.tf b/terraform/environments/data-and-insights-wepi/redshift.tf
@@ -171,15 +171,6 @@ resource "aws_security_group_rule" "lb_tcp_5439_egress_redshift" {
   type              = "egress"
 }
 
-resource "aws_security_group_rule" "lb_tcp_443_egress_redshift" {
-  security_group_id = aws_security_group.redshift-data-lb.id
-  from_port         = 443
-  protocol          = "TCP"
-  cidr_blocks       = [data.aws_vpc.shared.cidr_block]
-  to_port           = 443
-  type              = "egress"
-}
-
 resource "aws_lb" "redshift-data" {
   #checkov:skip=CKV_AWS_91:  "Logging not required"
   #checkov:skip=CKV_AWS_150: "Deletion protection not required"
@@ -207,18 +198,6 @@ resource "aws_lb_listener" "redshift-data" {
   }
 }
 
-resource "aws_lb_listener" "redshift-data-ssl" {
-  load_balancer_arn = aws_lb.redshift-data.arn
-  port              = "443"
-  protocol          = "TCP"
-  tags              = local.tags
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.redshift-data-ssl.arn
-  }
-}
-
 resource "aws_lb_target_group" "redshift-data" {
   name        = "redshift-lb-tg-5439"
   port        = 5439
@@ -233,34 +212,13 @@ resource "aws_lb_target_group" "redshift-data" {
   }
 }
 
-resource "aws_lb_target_group" "redshift-data-ssl" {
-  name        = "redshift-lb-tg-443"
-  port        = 443
-  protocol    = "TCP"
-  target_type = "ip"
-  vpc_id      = data.aws_vpc.shared.id
-
-  health_check {
-    enabled  = true
-    port     = "443"
-    protocol = "TCP"
-  }
-}
-
 resource "aws_lb_target_group_attachment" "redshift-data" {
   for_each         = toset([for node in aws_redshift_cluster.wepi_redshift_cluster.cluster_nodes : node.private_ip_address])
   target_group_arn = aws_lb_target_group.redshift-data.arn
   target_id        = each.value
   port             = 5439
 }
 
-resource "aws_lb_target_group_attachment" "redshift-data-ssl" {
-  for_each         = toset([for node in aws_redshift_cluster.wepi_redshift_cluster.cluster_nodes : node.private_ip_address])
-  target_group_arn = aws_lb_target_group.redshift-data-ssl.arn
-  target_id        = each.value
-  port             = 443
-}
-
 resource "aws_route53_record" "redshift-lb-dns" {
   provider = aws.core-vpc
   name     = format("redshift.%s.%s", local.application_name, data.aws_route53_zone.inner.name)