Terraform changes for Automate HA based on EAP feedback

[karunesh-tech]

Description

Below are the terraform changes which will be covered as part of this story:
* Enable EBS/EFS encryption - config driven
* Application LB - select least outstanding request as algorithm
* Enabling ALB logs is vital for post-incident analysis - config driven
* Add - Consider using outbound rules in Security Groups
* EC2 instances are using the same Security Groups as the Load Balancer
* Remove - base_windows Security Group
* Restrict - base_linux Security Group with port 22 opened to the world - Check and plan accordingly
* Move to GP3 from GP2 for EBS storage - config driven
* Kibana - Es IP private - Wait for open search then do - As suggested in discussion - redirect using existing LB.
* Update the default AMI to latest Centos and test the same

Acceptance Criteria

Automate HA should work with these changes

[karunesh-tech]

• Open question
  • ' chefautomate cli uses hab 1.6.121 which is from 2020 - How to use latest
  • Bastion host -> Management host