From e99ac766b0ff4515ad669497b5a63a28a2f30bcd Mon Sep 17 00:00:00 2001
From: Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk>
Date: Wed, 28 Aug 2019 14:36:58 +0100
Subject: Improve the from_port setting in various AWS security groups

Thanks to schmie for looking in to this.
---
 terraform/aws/backend/main.tf           | 10 +++++-----
 terraform/aws_using_ami/backend/main.tf | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf
index f0ecb1a..e9cc82f 100644
--- a/terraform/aws/backend/main.tf
+++ b/terraform/aws/backend/main.tf
@@ -131,28 +131,28 @@ resource "aws_security_group" "public_webserver" {
   vpc_id      = "${var.aws_vpc_id}"
 
   ingress {
-    from_port       = 0
+    from_port       = 80
     to_port         = 80
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 443
     to_port         = 443
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 8080
     to_port         = 8080
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 8443
     to_port         = 8443
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
@@ -165,7 +165,7 @@ resource "aws_security_group" "ssh_access_from_mini_environment_admin" {
   vpc_id      = "${var.aws_vpc_id}"
 
   ingress {
-    from_port = 0
+    from_port = 22
     to_port = 22
     protocol = "tcp"
     cidr_blocks = [
diff --git a/terraform/aws_using_ami/backend/main.tf b/terraform/aws_using_ami/backend/main.tf
index 7025cad..d93317d 100644
--- a/terraform/aws_using_ami/backend/main.tf
+++ b/terraform/aws_using_ami/backend/main.tf
@@ -96,28 +96,28 @@ resource "aws_security_group" "public_webserver" {
   vpc_id      = "${var.aws_vpc_id}"
 
   ingress {
-    from_port       = 0
+    from_port       = 80
     to_port         = 80
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 443
     to_port         = 443
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 8080
     to_port         = 8080
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   ingress {
-    from_port       = 0
+    from_port       = 8443
     to_port         = 8443
     protocol        = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
@@ -130,7 +130,7 @@ resource "aws_security_group" "ssh_access_from_mini_environment_admin" {
   vpc_id      = "${var.aws_vpc_id}"
 
   ingress {
-    from_port = 0
+    from_port = 22
     to_port = 22
     protocol = "tcp"
     cidr_blocks = [
-- 
cgit v1.2.3