jitbit IP allowlisting (#4152)

* allow mojo official * add azure landing zone egress
ministryofjustice · Nov 27, 2023 · 0f8dc3a · 0f8dc3a
1 parent 78ef39c
commit 0f8dc3a
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/terraform/environments/delius-jitbit/lb.tf b/terraform/environments/delius-jitbit/lb.tf
@@ -34,21 +34,23 @@ resource "aws_security_group" "load_balancer_security_group" {
     from_port   = 443
     to_port     = 443
     cidr_blocks = [
-      "81.134.202.29/32", # MoJ Digital VPN
-      "35.176.93.186/32", # Global Protect VPN
-      # 3 below were provided by infra eng. in mojo team - unsure if we need entire range in link below.
-      # https://github.com/ministryofjustice/modernisation-platform-environments/blob/2a14db540a5946fe6d870b848f50778c4e8248b6/terraform/modules/ip_addresses/moj.tf#L16
-      "51.149.250.206/32", # Global Protect AWS VPC Public 1
-      "51.149.250.164/32", # Global Protect AWS VPC Public 2
-      "51.149.250.30/32",  # Global Protect AWS VPC Public 3
+      "81.134.202.29/32",  # MoJ Digital VPN
+      "35.176.93.186/32",  # Global Protect VPN
+      "51.149.250.0/24",   # mojo_aws_prod_byoip_cidr
       "10.184.0.0/16",     # Global Protect AWS VPC
       "217.33.148.210/32", # Digital studio
       "195.59.75.0/24",    # ARK internet (DOM1)
       "194.33.192.0/25",   # ARK internet (DOM1)
       "194.33.193.0/25",   # ARK internet (DOM1)
       "194.33.196.0/25",   # ARK internet (DOM1)
       "194.33.197.0/25",   # ARK internet (DOM1)
-
+      "194.33.249.0/29",   # ARK Corsham Internet Egress Vodafone mojo_arkc_internet_egress_vodafone
+      "51.149.249.32/29",  # ARK Farnborough Internet Egress Exponential-E mojo_arkf_internet_egress_exponential_e
+      "194.33.248.0/29",   # ARK Farnborough Internet Egress Vodafone mojo_arkf_internet_egress_vodafone
+      "20.49.214.199/32",  # Azure Landing Zone Egress
+      "20.49.214.228/32",  # Azure Landing Zone Egress
+      "20.26.11.71/32",    # Azure Landing Zone Egress
+      "20.26.11.108/32",   # Azure Landing Zone Egress
       # Route53 Healthcheck Access Cidrs
       # London Region not support yet, so metrics are not yet publised, can be enabled at later stage for Route53 endpoint monitor
       "15.177.0.0/18",     # GLOBAL Region