[terraform] Hide prod Tunnelbroker gRPC endpoint from the Internet

Summary: Addresses a part of [[ https://linear.app/comm/issue/ENG-9129/tunnelbroker-grpc-endpoints-are-public-and-unprotected | ENG-9129 ]]. This stops exposing publicly the Tunnelbroker gRPC endpoint. Test Plan: terraform plan for staging contains no changes, for prod removes the resource. Reviewers: will, kamil Reviewed By: will, kamil Subscribers: ashoat, tomek Differential Revision: https://phab.comm.dev/D13245
CommE2E · Sep 9, 2024 · f13d876 · f13d876
1 parent 5e6732e
commit f13d876
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/services/terraform/remote/service_tunnelbroker.tf b/services/terraform/remote/service_tunnelbroker.tf
@@ -301,6 +301,7 @@ resource "aws_lb_listener" "tunnelbroker_ws" {
 }
 
 resource "aws_lb_listener" "tunnelbroker_grpc" {
+  count             = local.is_staging ? 1 : 0
   load_balancer_arn = aws_lb.tunnelbroker.arn
   port              = local.tunnelbroker_config.grpc_port
   protocol          = "HTTPS"