Adding security.txt file to the load balancer for Valentine (#28)

sylviamclaughlin · web-flow · commit f3b46d84eab8 · 2026-02-19T11:03:53.000-08:00
* Adding security.txt file to the load balancer

* Updating RDS version
diff --git a/terraform/aws/alb.tf b/terraform/aws/alb.tf
@@ -58,3 +58,34 @@ resource "aws_lb" "valentine" {
     "CostCentre" = var.billing_code
   }
 }
+
+# Serve security.txt as a fixed response from the ALB
+resource "aws_alb_listener_rule" "security_txt" {
+  listener_arn = aws_lb_listener.valentine_listener.arn
+  priority     = 1
+
+  action {
+    type = "fixed-response"
+
+    fixed_response {
+      content_type = "text/plain"
+      message_body = <<-EOT
+        Contact: mailto:ZZTBSCYBERS@tbs-sct.gc.ca
+        Contact: https://hackerone.com/tbs-sct/
+        Canonical: https://${replace(var.domain, "/^[^.]+\\./", "")}/.well-known/security.txt
+        Expires: 2026-03-02T12:00:00.000Z
+        Preferred-Languages: en, fr
+      EOT
+      status_code  = "200"
+    }
+  }
+
+  condition {
+    path_pattern {
+      values = ["/.well-known/security.txt"]
+    }
+  }
+  tags = {
+    "CostCentre" = var.billing_code
+  }
+}
diff --git a/terraform/aws/rds.tf b/terraform/aws/rds.tf
@@ -10,7 +10,7 @@ module "rds_cluster" {
 
   database_name  = "valentine"
   engine         = "aurora-postgresql"
-  engine_version = "14.15"
+  engine_version = "14.17"
   instance_class = "db.t3.medium"
   instances      = 1
   username       = "valentine"
