chore: consolidate IPv4 and IPv6 sg rules into a new one (XPM-273)

ministryofjustice · Oct 3, 2024 · 5e094f3 · 5e094f3
1 parent 1faa96a
commit 5e094f3
Showing 1 changed file with 3 additions and 13 deletions.
diff --git a/terraform/environments/xhibit-portal/network-infrastructure.tf b/terraform/environments/xhibit-portal/network-infrastructure.tf
@@ -196,23 +196,13 @@ resource "aws_security_group_rule" "sms-outbound-importmachine" {
   depends_on               = [aws_security_group.sms_server]
 }
 
-resource "aws_security_group_rule" "sms-outbound-all-ipv4" {
-  description       = "allow all traffic to any IPv4 address"
+resource "aws_security_group_rule" "sms-outbound-all" {
+  description       = "allow all traffic to any IP address"
   type              = "egress"
   from_port         = 0
   to_port           = 0
   protocol          = "-1"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = aws_security_group.sms_server.id
-  depends_on        = [aws_security_group.sms_server]
-}
-
-resource "aws_security_group_rule" "sms-outbound-all-ipv6" {
-  description       = "allow all traffic to any IPv6 address"
-  type              = "egress"
-  from_port         = 0
-  to_port           = 0
-  protocol          = "-1"
   ipv6_cidr_blocks  = ["::/0"]
   security_group_id = aws_security_group.sms_server.id
   depends_on        = [aws_security_group.sms_server]
@@ -695,7 +685,7 @@ resource "aws_security_group_rule" "iisrelay-outbound-all" {
 }
 
 resource "aws_security_group_rule" "iisrelay-inbound-app" {
-  description              = "allow all"
+  description              = "allow all traffic from app_servers"
   type                     = "ingress"
   from_port                = 0
   to_port                  = 0