Update Load Balancers in CBA UAT to use HTTPS

[krisstanton]

Update: It turns out that the load balancer is part of ORCA and this problem is solved in ORCA v9.0.5. The ORCA upgrade relies on a newer Cumulus version (TBD on Verifying this)

The new points for this ticket are:

• [x] Complete the ORCA upgrades: https://github.com/NASA-IMPACT/csdap-cumulus/issues/355
• [x] Verify that a newly upgraded deployment follows the correct HTTPS configuration for the ORCA Load Balancers.
• [x] Verify that a newly upgraded deployment still functions correctly.
• • [x] Create a pull request for the code changes
• • [x] Deploy to UAT
• • [x] Run the Smoke Test in UAT
• • [x] Verify that the smoke test in UAT worked.
• • [x] Check the ORCA location to ensure the smoke test files made it to ORCA

OLDER Description and check boxes below

Update the Load Balancer in the CBA UAT AWS account (1686) to use HTTPS instead of HTTP To do this update, do the following:

• Make code changes to the correct Terraform file(s)
• Confirm the changes work in DEV without breaking anything
• • Deploy to DEV
• • Run the Smoke Test and verify the smoke test worked
• Create a pull request for the code changes
• Deploy to UAT
• Run the Smoke Test in UAT
• Verify that the smoke test in UAT worked.

For reference, here are the docs for this task

Migrate   HTTP Load Balancers to HTTPS (See )ANY DIT Documentation
    For every Load Balancer in the tenant account
            Add secure HTTPS Listener on port 443 (if not already present)
                Certificates from PrivateCA can be used for this, as described above
            Verify that the SSL Policy on the HTTPS Listener requires a minimum of TLS 1.2
                Recommend using "ELBSecurityPolicy-TLS13-1-2-2021-06"
            Remove any HTTP Listeners from the Load Balancer
    For every HTTP enabled service in the tenant account
        Verify that service enforces a minimum of TLS 1.2
            Certificates from PrivateCA can be used for this, as described above
            AppMesh with Envoy Proxy can be used to simplify this implementation for container based applications, as 
        described above
    Migrate ANY AWS auto-generated CloudFront.net domains (ex: dxxxxxx.cloudfront.net) to (dxxxxx.cloud.earthdata.nasa.gov)
        Request new Platform autogenerated URL via NASD
            dxxxxxx.cloudfront.net to dxxxxx.cloud.earthdata.nasa.gov
        Modify application code and integrations as necessary (SAML/SSO/Launchpad)
        Test in lower environments before migrating to production

Reference to Terraform tenant LoadBalancer example https://wiki.earthdata.nasa.gov/pages/viewpage.action?pageId=335709250 Scroll down to Tenant LoadBalancers and expand, Examples, click on Terraform

• [x] Final Confirmation after Smoke Test works is to browse into AWS and verify that the LoadBalancer's Listener is actually configured on HTTPS (instead of HTTP as it is now)

[krisstanton]

WIP Update: It turns out that the load balancer is part of ORCA and this problem is solved in ORCA v9.0.5. The ORCA upgrade relies on a newer Cumulus version (TBD on Verifying this)

See Updated Description at the top for list of tasks