Merge pull request #8978 from ministryofjustice/TM-805

[TM-805] OAS: added 3443 egress
ministryofjustice · Dec 6, 2024 · 06d63fd · 06d63fd
2 parents 7184395 + d586d9b
commit 06d63fd
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/terraform/environments/oas/application_variables.json b/terraform/environments/oas/application_variables.json
@@ -2,13 +2,13 @@
   "accounts": {
     "development": {
       "example_var": "dev-data",
-      "ec2amiid": "ami-03d0d0eb244802768",
+      "ec2amiid": "ami-09859dcb9823d3418",
       "ec2instancetype": "r5a.large",
       "bucketname": "laa-oracle-software",
       "orahomesize": "200",
-      "orahome_snapshot": "snap-000cca2e00ed8884c",
+      "orahome_snapshot": "snap-0bf30e49cb9bc2421",
       "stageesize": "150",
-      "stage_snapshot": "snap-0d80891d0e25558d6",
+      "stage_snapshot": "snap-09d54ad454edbd1cf",
       "managementcidr": "10.200.0.0/20",
       "outbound_access_cidr": "0.0.0.0/0",
       "inbound_cidr_lz": "10.202.0.0/20",

diff --git a/terraform/environments/oas/ec2.tf b/terraform/environments/oas/ec2.tf
@@ -148,6 +148,13 @@ resource "aws_security_group" "ec2" {
     to_port     = 443
     protocol    = "tcp"
     cidr_blocks = [local.application_data.accounts[local.environment].outbound_access_cidr]
+  }
+    egress {
+    description = "Allow telnet to Portal - MoJo"
+    from_port   = 3443
+    to_port     = 3443
+    protocol    = "tcp"
+    cidr_blocks = [local.application_data.accounts[local.environment].outbound_access_cidr]
   }
   egress {
     description = "access to the admin server"
@@ -234,9 +241,8 @@ resource "aws_iam_instance_profile" "ec2_instance_profile" {
 }
 
 resource "aws_iam_role" "ec2_instance_role" {
-  name                = "${local.application_name}-role"
-  managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
-  assume_role_policy  = <<EOF
+  name               = "${local.application_name}-role"
+  assume_role_policy = <<EOF
 {
     "Version": "2012-10-17",
     "Statement": [
@@ -252,6 +258,11 @@ resource "aws_iam_role" "ec2_instance_role" {
 EOF
 }
 
+resource "aws_iam_role_policy_attachment" "ec2_instance_role_attachment" {
+  role       = aws_iam_role.ec2_instance_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
 resource "aws_iam_role_policy" "ec2_instance_policy" {
   #tfsec:ignore:aws-iam-no-policy-wildcards
   name = "${local.application_name}-ec2-policy"