remove SSH

Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>
ministryofjustice · Oct 16, 2024 · f0a576f · f0a576f
1 parent aec42ae
commit f0a576f
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 31 deletions.
diff --git a/terraform/environments/analytical-platform-ingestion/ec2-instances.tf b/terraform/environments/analytical-platform-ingestion/ec2-instances.tf
@@ -11,8 +11,6 @@ module "datasync_instance" {
   vpc_security_group_ids = [module.datasync_instance_security_group.security_group_id]
   private_ip             = local.environment_configuration.datasync_instance_private_ip
 
-  key_name = aws_key_pair.jacobwoffenden.key_name
-
   metadata_options = {
     http_endpoint               = "enabled"
     http_put_response_hop_limit = 1

diff --git a/terraform/environments/analytical-platform-ingestion/ec2-key-pairs.tf b/terraform/environments/analytical-platform-ingestion/ec2-key-pairs.tf
diff --git a/terraform/environments/analytical-platform-ingestion/network-load-balancers.tf b/terraform/environments/analytical-platform-ingestion/network-load-balancers.tf
@@ -20,14 +20,6 @@ module "datasync_activation_nlb" {
       target_type          = "ip"
       target_id            = local.environment_configuration.datasync_instance_private_ip
       deregistration_delay = 10
-    },
-    ssh = {
-      name_prefix          = "ssh-"
-      protocol             = "TCP"
-      port                 = 22
-      target_type          = "ip"
-      target_id            = local.environment_configuration.datasync_instance_private_ip
-      deregistration_delay = 10
     }
   }
 
@@ -38,13 +30,6 @@ module "datasync_activation_nlb" {
       forward = {
         target_group_key = "datasync"
       }
-    },
-    ssh = {
-      port     = 22
-      protocol = "TCP"
-      forward = {
-        target_group_key = "ssh"
-      }
     }
   }
 

diff --git a/terraform/environments/analytical-platform-ingestion/security-groups.tf b/terraform/environments/analytical-platform-ingestion/security-groups.tf
@@ -90,13 +90,10 @@ module "datasync_activation_nlb_security_group" {
   vpc_id = module.connected_vpc.vpc_id
 
   egress_cidr_blocks = ["${local.environment_configuration.datasync_instance_private_ip}/32"]
-  egress_rules       = ["http-80-tcp", "ssh-tcp"]
+  egress_rules       = ["http-80-tcp",]
 
-  ingress_cidr_blocks = [
-    "${data.external.external_ip.result["ip"]}/32",
-    "90.242.75.221/32" # @jacobwoffenden
-  ]
-  ingress_rules = ["http-80-tcp", "ssh-tcp"]
+  ingress_cidr_blocks = ["${data.external.external_ip.result["ip"]}/32"]
+  ingress_rules = ["http-80-tcp"]
 
   tags = local.tags
 }
@@ -181,10 +178,6 @@ module "datasync_instance_security_group" {
     {
       rule                     = "http-80-tcp"
       source_security_group_id = module.datasync_activation_nlb_security_group.security_group_id
-    },
-    {
-      rule                     = "ssh-tcp"
-      source_security_group_id = module.datasync_activation_nlb_security_group.security_group_id
     }
   ]