add alb security group

cat5inthecradle · cat5inthecradle · commit b4643ac4b864 · 2023-10-16T23:45:06.000-05:00
diff --git a/cicd/3-app/aiproxy/template.yml b/cicd/3-app/aiproxy/template.yml
@@ -38,13 +38,25 @@ Resources:
   LoadBalancer:
     Type: AWS::ElasticLoadBalancingV2::LoadBalancer
     Properties:
-      # TODO: add a security group?
+      SecurityGroups:
+        - !Ref LoadBalancerSecurityGroup
       Subnets:
         # TODO: This copies geocoder, but we should probably have a separate subnet for this service.
         - !ImportValue VPC-SubnetB
         - !ImportValue VPC-SubnetC
       Scheme: internet-facing
 
+  LoadBalancerSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: ELB Allowed Ports
+      VpcId: !ImportValue VPC
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+
   LoadBalancerListener:
     Type: AWS::ElasticLoadBalancingV2::Listener
     Properties:
