From 928c7c2906c20e49ae043bfe3fce83cef5a5b6b6 Mon Sep 17 00:00:00 2001
From: Alistair Curtis <alistair.curtis@digital.justice.gov.uk>
Date: Fri, 29 Nov 2024 11:04:40 +0000
Subject: [PATCH] use awsvpc, fix sg group.

---
 terraform/environments/cdpt-chaps/ecs.tf | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/terraform/environments/cdpt-chaps/ecs.tf b/terraform/environments/cdpt-chaps/ecs.tf
index 11517cb6cfb..1788acf38ae 100644
--- a/terraform/environments/cdpt-chaps/ecs.tf
+++ b/terraform/environments/cdpt-chaps/ecs.tf
@@ -65,7 +65,7 @@ resource "aws_cloudwatch_log_group" "deployment_logs" {
 resource "aws_ecs_task_definition" "chaps_yarp_task_definition" {
   family                   = "chaps-yarp-family"
   requires_compatibilities = ["EC2"]
-  network_mode             = "bridge"
+  network_mode             = "awsvpc"
   execution_role_arn       = aws_iam_role.app_execution.arn
   task_role_arn            = aws_iam_role.app_task.arn
   memory                   = 2300
@@ -554,19 +554,11 @@ resource "aws_security_group" "chaps_combined_ecs_service" {
   }
 
   ingress {
-    description = "Allow HTTP traffic between chaps and chapsdotnet containers on :80 "
+    description = "Allow HTTP traffic between chaps and chapsdotnet containers in the same task "
     from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["172.19.80.0/20"] #this is the subnet of the chaps_nat_network 
-  }
-  
-  ingress {
-    description = "Allow HTTP traffic between chapsdotnet adn chaps containers on :8080"
-    from_port   = 8080
     to_port     = 8080
     protocol    = "tcp"
-    cidr_blocks = ["172.19.80.0/20"] 
+    security_groups = [aws_security_group.chaps_combined_ecs_service.id] # Refers to itself to allow traffic within the same task
   }
   
   # Allow all outbound traffic for both containers