Merge pull request #421 from mdr-engineering/hotfix/ftd_MSOCI-2143_MinorTFSecFixes

Minor fixes for tfsec from deploying in mdr-test-c2

base/salt_master_inventory_role/user.tf

@@ -101,6 +101,7 @@ resource "aws_iam_user" "salt-master" {
   tags = merge(var.standard_tags, var.tags)
 }
 
+# tfsec:ignore:aws-iam-enforce-mfa No MFA for service account
 resource "aws_iam_group" "salt-master" {
   count = local.user_count
   name  = "salt-master"

base/splunk_servers/indexer_cluster/elb-private.tf

@@ -63,12 +63,13 @@ resource "aws_route53_record" "hec_pvt_cert_validation" {
 resource "aws_lb" "hec_pvt" {
   count = var.splunk_private_hec ? 1 : 0
 
-  tags               = merge(var.standard_tags, var.tags)
-  name               = "${var.prefix}-hec-private"
-  load_balancer_type = "application"
-  security_groups    = [aws_security_group.hec_pvt_elb_security_group[0].id]
-  subnets            = var.private_subnets
-  internal           = true
+  tags                       = merge(var.standard_tags, var.tags)
+  name                       = "${var.prefix}-hec-private"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.hec_pvt_elb_security_group[0].id]
+  subnets                    = var.private_subnets
+  internal                   = true
+  drop_invalid_header_fields = true
 }
 
 resource "aws_lb_listener" "hec_pvt_443" {