Merge pull request #254 from pagopa/feature/PN-17432

mbrachi · web-flow · commit 7b65d084ec33 · 2026-01-26T09:59:09.000+01:00
PN-17432: restrict SG connection only from ALB SG
diff --git a/scripts/aws/cfn/microservice.yml b/scripts/aws/cfn/microservice.yml
@@ -58,6 +58,10 @@ Parameters:
     Type: String
     Description: 'The DNS name used for SELC-PG rest API'
 
+  AlbSecurityGroup:
+    Type: String
+    Description: "Application load balancer security group"
+
   EcsDefaultSecurityGroup:
     Type: String
     Description: 'Default security group required by infrastructure'
@@ -570,6 +574,7 @@ Resources:
         ECSClusterName: !Ref ECSClusterName
         Subnets: !Ref VpcEgressSubnetsIds
         VpcId: !Ref VpcId
+        AlbSecurityGroup: !Ref AlbSecurityGroup
         EcsDefaultSecurityGroup: !Ref EcsDefaultSecurityGroup
         LoadBalancerListenerArn: !Ref ApplicationLoadBalancerListenerArn
         LoadbalancerRulePriority: !Ref MicroserviceNumber
