From 0f8dc3a1ddc843c39578c5fd2219722b64420bae Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 27 Nov 2023 10:38:39 +0000 Subject: [PATCH] jitbit IP allowlisting (#4152) * allow mojo official * add azure landing zone egress --- terraform/environments/delius-jitbit/lb.tf | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/terraform/environments/delius-jitbit/lb.tf b/terraform/environments/delius-jitbit/lb.tf index 1e6a073a4a8..426a336ad7d 100644 --- a/terraform/environments/delius-jitbit/lb.tf +++ b/terraform/environments/delius-jitbit/lb.tf @@ -34,13 +34,9 @@ resource "aws_security_group" "load_balancer_security_group" { from_port = 443 to_port = 443 cidr_blocks = [ - "81.134.202.29/32", # MoJ Digital VPN - "35.176.93.186/32", # Global Protect VPN - # 3 below were provided by infra eng. in mojo team - unsure if we need entire range in link below. - # https://github.com/ministryofjustice/modernisation-platform-environments/blob/2a14db540a5946fe6d870b848f50778c4e8248b6/terraform/modules/ip_addresses/moj.tf#L16 - "51.149.250.206/32", # Global Protect AWS VPC Public 1 - "51.149.250.164/32", # Global Protect AWS VPC Public 2 - "51.149.250.30/32", # Global Protect AWS VPC Public 3 + "81.134.202.29/32", # MoJ Digital VPN + "35.176.93.186/32", # Global Protect VPN + "51.149.250.0/24", # mojo_aws_prod_byoip_cidr "10.184.0.0/16", # Global Protect AWS VPC "217.33.148.210/32", # Digital studio "195.59.75.0/24", # ARK internet (DOM1) @@ -48,7 +44,13 @@ resource "aws_security_group" "load_balancer_security_group" { "194.33.193.0/25", # ARK internet (DOM1) "194.33.196.0/25", # ARK internet (DOM1) "194.33.197.0/25", # ARK internet (DOM1) - + "194.33.249.0/29", # ARK Corsham Internet Egress Vodafone mojo_arkc_internet_egress_vodafone + "51.149.249.32/29", # ARK Farnborough Internet Egress Exponential-E mojo_arkf_internet_egress_exponential_e + "194.33.248.0/29", # ARK Farnborough Internet Egress Vodafone mojo_arkf_internet_egress_vodafone + "20.49.214.199/32", # Azure Landing Zone Egress + "20.49.214.228/32", # Azure Landing Zone Egress + "20.26.11.71/32", # Azure Landing Zone Egress + "20.26.11.108/32", # Azure Landing Zone Egress # Route53 Healthcheck Access Cidrs # London Region not support yet, so metrics are not yet publised, can be enabled at later stage for Route53 endpoint monitor "15.177.0.0/18", # GLOBAL Region