require http tokens, make db non-public

ministryofjustice · Mar 27, 2024 · 21d3d90 · 21d3d90
1 parent 9799ca6
commit 21d3d90
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/terraform/environments/cdpt-ifs/database.tf b/terraform/environments/cdpt-ifs/database.tf
@@ -16,7 +16,7 @@ resource "aws_db_instance" "database" {
   snapshot_identifier       = local.application_data.accounts[local.environment].db_snapshot_identifier
   db_subnet_group_name      = aws_db_subnet_group.db.id
   final_snapshot_identifier = "final-snapshot-${formatdate("YYYYMMDDhhmmss", timestamp())}"
-  publicly_accessible       = true
+  publicly_accessible       = false
 }
 
 resource "aws_db_instance_role_association" "database" {

diff --git a/terraform/environments/cdpt-ifs/ecs.tf b/terraform/environments/cdpt-ifs/ecs.tf
@@ -260,7 +260,7 @@ resource "aws_launch_template" "ec2-launch-template" {
 
   metadata_options {
     http_endpoint = "enabled"
-    http_tokens   = "optional"
+    http_tokens   = "required"
   }
 
   iam_instance_profile {