chore: limit ingress traffic and delete unnecessary permissions

hayk99 · hayk99 · commit 874024a1c6a7 · 2022-02-15T17:34:13.000+01:00
diff --git a/templates/CloudConnector.yaml b/templates/CloudConnector.yaml
@@ -149,16 +149,6 @@ Resources:
                   - "ecs:DescribeTaskDefinition"
                 Resource:
                   - "*"
-        - PolicyName: SecretsReader
-          PolicyDocument:
-            Version: "2012-10-17"
-            Statement:
-              - Effect: Allow
-                Action:
-                  - "kms:Decrypt"
-                  - "secretsmanager:GetSecretValue"
-                Resource:
-                  - "*"
         - PolicyName: ECRReader
           PolicyDocument:
             Version: "2012-10-17"
@@ -326,19 +316,11 @@ Resources:
       VpcId: !Ref VPC
       GroupName: !Sub "${AWS::StackName}-CloudConnector"
       GroupDescription: CloudConnector workload Security Group
-      SecurityGroupIngress:
-        - CidrIp: 0.0.0.0/0
-          IpProtocol: "tcp"
-          FromPort: 80
-          ToPort: 80
+      SecurityGroupEgress:
         - CidrIp: 0.0.0.0/0
           IpProtocol: "tcp"
           FromPort: 443
           ToPort: 443
-        - CidrIp: 0.0.0.0/0
-          IpProtocol: "tcp"
-          FromPort: 5000
-          ToPort: 5000
       Tags:
         - Key: Name
           Value: !Sub "${AWS::StackName}-CloudConnector"
