feat(report): Remove VPCSecurityGroup from EC2 instances

akash1810 · akash1810 · commit ac1ad44caa62 · 2025-11-28T15:31:55.000Z
The `VPCSecurityGroup` group allows ingress and egress to/from 0.0.0.0/0 on all protocols and ports.

The ASG is configured to launch instances in the VPC's private subnets (i.e. not routable from the internet)
and the launch template explicitly sets `AssociatePublicIpAddress` to false.

That is, there is no route from 0.0.0.0/0 to the EC2 instance;
`VPCSecurityGroup` being attached to the EC2 instance has no effect and can be removed.
diff --git a/report/conf/report.yaml b/report/conf/report.yaml
@@ -36,9 +36,6 @@ Parameters:
     - CODE
     - PROD
     Description: Environment name
-  VPCSecurityGroup:
-    Type: AWS::EC2::SecurityGroup::Id
-    Description: The default security group of the VPC
   VpcId:
     Type: AWS::EC2::VPC::Id
     Description: The VPC
@@ -268,7 +265,6 @@ Resources:
       InstanceType: !FindInMap [StageVariables, !Ref Stage, InstanceType]
       SecurityGroups:
       - !Ref InstanceSecurityGroup
-      - !Ref VPCSecurityGroup
       MetadataOptions:
         HttpTokens: required
       UserData:
