Increases security center's root disk space size in prod

Also fixes tfsec issues

To be tagged v4.3.7

base/nessus/instance_security_center/elb.tf

@@ -8,6 +8,8 @@ resource "aws_alb" "security_center_internal" {
   subnets            = var.private_subnets
   load_balancer_type = "application"
 
+  drop_invalid_header_fields = true
+
   access_logs {
     bucket  = "xdr-elb-${var.environment}"
     enabled = true

base/nessus/instance_security_center/main.tf

@@ -37,10 +37,15 @@ resource "aws_instance" "security-center-instance" {
   lifecycle { ignore_changes = [ami, key_name, user_data, ebs_block_device] }
   #lifecycle { ignore_changes = [ ami, key_name, user_data ] }
 
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "optional" # tfsec:ignore:aws-ec2-enforce-http-token-imds required by salt s3 sources
+  }
+
   # These device definitions are optional, but added for clarity.
   root_block_device {
     volume_type           = "gp3"
-    volume_size           = "250"
+    volume_size           = var.environment == "prod" ? "500" : "250"
     delete_on_termination = true
     encrypted             = true
     kms_key_id            = data.aws_kms_key.ebs-key.arn