From 569d8229a5451b885705407715472ca8ed09f4e6 Mon Sep 17 00:00:00 2001
From: root <root@f90ffeba145c>
Date: Fri, 31 May 2024 08:27:32 +0000
Subject: [PATCH] 2.142.0

---
 aws_v2/modules/networking/nlb.tf | 17 +++++++++--------
 azure/azure_transient/main.tf    |  8 +-------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/aws_v2/modules/networking/nlb.tf b/aws_v2/modules/networking/nlb.tf
index c069eb2..678e8bc 100644
--- a/aws_v2/modules/networking/nlb.tf
+++ b/aws_v2/modules/networking/nlb.tf
@@ -81,13 +81,14 @@ resource "aws_subnet" "subnet_public_b" {
 }
 
 resource "aws_lb" "load_balancer" {
-  count              = var.public_deployment == true ? 0 : 1
-  name_prefix        = "CadoLB"
-  internal           = var.private_load_balancer
-  load_balancer_type = "application"
-  ip_address_type    = "ipv4"
-  subnets            = [local.subnet_a_id, local.subnet_b_id]
-  security_groups    = [aws_security_group.alb_security_group[0].id]
+  count                      = var.public_deployment == true ? 0 : 1
+  name_prefix                = "CadoLB"
+  internal                   = var.private_load_balancer
+  load_balancer_type         = "application"
+  drop_invalid_header_fields = true
+  ip_address_type            = "ipv4"
+  subnets                    = [local.subnet_a_id, local.subnet_b_id]
+  security_groups            = [aws_security_group.alb_security_group[0].id]
   tags = merge(
     var.tags,
     {
@@ -120,7 +121,7 @@ resource "aws_lb_listener" "load_balancer_listener" {
   load_balancer_arn = aws_lb.load_balancer[0].arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = var.certificate_arn
   default_action {
     type             = "forward"
diff --git a/azure/azure_transient/main.tf b/azure/azure_transient/main.tf
index 3444416..49e65d1 100644
--- a/azure/azure_transient/main.tf
+++ b/azure/azure_transient/main.tf
@@ -307,12 +307,6 @@ resource "random_string" "cado" {
   special = false
 }
 
-resource "azurerm_resource_group" "keyvault" {
-  name     = "cado-kv-rg-${data.azurerm_resource_group.group.name}"
-  location = data.azurerm_resource_group.group.location
-  tags     = var.tags
-}
-
 resource "azurerm_key_vault_access_policy" "bitbucket" {
   key_vault_id = azurerm_key_vault.keyvault.id
   tenant_id    = data.azurerm_client_config.current.tenant_id
@@ -359,7 +353,7 @@ resource "azurerm_key_vault_access_policy" "cado" {
 
 resource "azurerm_key_vault" "keyvault" {
   name                        = "cado-${random_string.cado.result}"
-  location                    = azurerm_resource_group.keyvault.location
+  location                    = data.azurerm_resource_group.group.location
   resource_group_name         = data.azurerm_resource_group.group.name
   enabled_for_disk_encryption = true
   tenant_id                   = data.azurerm_client_config.current.tenant_id