Switch elasticache broker to use https

alphagov · Oct 18, 2023 · 6c2501f · 6c2501f
1 parent 79b793c
commit 6c2501f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 6 deletions.
diff --git a/manifests/cf-manifest/operations.d/730-elasticache-broker.yml b/manifests/cf-manifest/operations.d/730-elasticache-broker.yml
@@ -61,9 +61,9 @@
   path: /releases/-
   value:
     name: elasticache-broker
-    version: 0.1.22
-    url: https://s3-eu-west-1.amazonaws.com/gds-paas-build-releases/elasticache-broker-0.1.22.tgz
-    sha1: 4b1c88aac9513cc5f9907c0efb79b50a4a0746a4
+    version: 0.0.1697565425
+    url: https://s3-eu-west-1.amazonaws.com/gds-paas-build-releases/elasticache-broker-0.0.1697565425.tgz
+    sha1: d57871e133612d2970a57630820a89f0a3eb870d
 
 - type: replace
   path: /addons/name=loggregator_agent/exclude/jobs/-
@@ -95,6 +95,9 @@
             secrets_manager_path: elasticache-broker/((environment))
             region: "((terraform_outputs_region))"
             cache_subnet_group_name: ((terraform_outputs_elasticache_broker_subnet_group_name))
+            host: "0.0.0.0"
+            port: 443
+            tls: ((secrets_elasticache_broker_tls_cert))
             vpc_security_group_ids:
             - ((terraform_outputs_elasticache_broker_instances_security_group_id))
 
@@ -703,3 +706,15 @@
   value:
     name: secrets_elasticache_broker_admin_password
     type: password
+
+- type: replace
+  path: /variables/-
+  value:
+    name: secrets_elasticache_broker_tls_cert
+    type: certificate
+    update_mode: converge
+    options:
+      ca: broker_tls_ca
+      common_name: "elasticache-broker.service.cf.internal"
+      alternative_names:
+        - "elasticache-broker.service.cf.internal"
diff --git a/terraform/cloudfoundry/elasticache_broker.tf b/terraform/cloudfoundry/elasticache_broker.tf
@@ -13,16 +13,16 @@ resource "aws_elb" "elasticache_broker" {
   }
 
   health_check {
-    target              = "HTTP:80/healthcheck"
+    target              = "HTTP:443/healthcheck"
     interval            = var.health_check_interval
     timeout             = var.health_check_timeout
     healthy_threshold   = var.health_check_healthy
     unhealthy_threshold = var.health_check_unhealthy
   }
 
   listener {
-    instance_port      = 80
-    instance_protocol  = "http"
+    instance_port      = 443
+    instance_protocol  = "https"
     lb_port            = 443
     lb_protocol        = "https"
     ssl_certificate_id = data.aws_acm_certificate.system.arn