BATIAI-1010: Removing bad SG rules and unneeded Security Group lookup (…

…#8)

* BATIAI-1010: Removing bad SG rules and unneeded Security Group lookup

* BATIAI-1010: Removing redundant rule; we'll just use the existing 'ingress_cidrs' var

* BATIAI-1010: Updating changelog

CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.0.0] - 2022-02-15
+### Breaking
+- Removing the unneeded var nat_gateway_public_ip_cidrs
+- Removing the unneeded data.sg default_USSBA_fargate_security_group
+
 ## [3.0.0] - 2022-10-05
 ### Breaking
 - EFS drives are now encrypted, this will recreate any EFS drive created by this module, deleting the data

main.tf

@@ -141,15 +141,6 @@ resource "aws_security_group_rule" "ingress_prefix_list" {
   prefix_list_ids   = var.ingress_prefix_lists
   security_group_id = aws_security_group.alb_sg.id
 }
-resource "aws_security_group_rule" "ingress_gateway_nat" {
-  count             = length(var.nat_gateway_public_ip_cidrs) > 0 ? 1 : 0
-  type              = "ingress"
-  from_port         = 443
-  to_port           = 443
-  protocol          = "tcp"
-  cidr_blocks       = var.nat_gateway_public_ip_cidrs
-  security_group_id = data.aws_security_group.default_USSBA_fargate_security_group.id
-}
 
 data "aws_iam_policy_document" "fargate" {
   statement {
@@ -191,7 +182,3 @@ resource "aws_security_group_rule" "allow_fargate_into_efs" {
   security_group_id        = aws_security_group.efs.id
   source_security_group_id = module.gatus.security_group_id
 }
-
-data "aws_security_group" "default_USSBA_fargate_security_group" {
-  name = "${var.service_name}-alb"
-}

variables.tf

@@ -72,9 +72,3 @@ variable "kms_key_id" {
   description = "For encrypting the EFS drive; defaults to the aws managed efs key"
   type        = string
 }
-
-variable "nat_gateway_public_ip_cidrs" {
-  type        = list(any)
-  default     = []
-  description = "For allowing the nat gateway public ips to reach Gatus"
-}