Skip to content

Commit

Permalink
DACP: Update load balancer security group ips (#4854)
Browse files Browse the repository at this point in the history
* Update load balancer security group ips

* Update PostgreSQL engine version to 14.10
  • Loading branch information
matthewsearle01 authored Feb 5, 2024
1 parent 570f2a9 commit 182b3fe
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 10 deletions.
9 changes: 3 additions & 6 deletions terraform/environments/dacp/application_variables.json
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
{
"accounts": {
"development": {
"moj_ip": "81.134.202.29/32",
"db_name": "dacp_db_dev",
"identifier": "dacp-db-dev",
"db_username": "dbadmin",
"allocated_storage": "20",
"storage_type": "gp2",
"engine": "postgres",
"engine_version": "14.7",
"engine_version": "14.10",
"instance_class": "db.t3.micro",
"server_port_1": "80",
"lb_listener_protocol_1": "HTTP",
Expand All @@ -22,14 +21,13 @@
"tactical_products_db_secrets_arn": "5fWKaj"
},
"preproduction": {
"moj_ip": "81.134.202.29/32",
"db_name": "dacp_db_pre_prod",
"identifier": "dacp-db-pre-prod",
"db_username": "dbadmin",
"allocated_storage": "20",
"storage_type": "gp2",
"engine": "postgres",
"engine_version": "14.7",
"engine_version": "14.10",
"instance_class": "db.t3.micro",
"server_port_1": "80",
"lb_listener_protocol_1": "HTTP",
Expand All @@ -43,14 +41,13 @@
"tactical_products_db_secrets_arn": "AHK8Tj"
},
"production": {
"moj_ip": "81.134.202.29/32",
"db_name": "dacp_db_prod",
"identifier": "dacp-db-prod",
"db_username": "dbadmin",
"allocated_storage": "20",
"storage_type": "gp2",
"engine": "postgres",
"engine_version": "14.7",
"engine_version": "14.10",
"instance_class": "db.t3.micro",
"server_port_1": "80",
"lb_listener_protocol_1": "HTTP",
Expand Down
19 changes: 15 additions & 4 deletions terraform/environments/dacp/load_balancer.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,22 @@ resource "aws_security_group" "dacp_lb_sc" {
vpc_id = data.aws_vpc.shared.id

ingress {
description = "allow access on HTTPS for the MOJ VPN"
description = "allow access on HTTPS for the Dom1 Cisco VPN"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [local.application_data.accounts[local.environment].moj_ip]
cidr_blocks = ["194.33.192.1/32"]
}

// whitelist all IPs from the tacticalproducts prod load balancer security group
ingress {
description = "allow access on HTTPS for the Global Protect VPN"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["35.176.93.186/32"]
}

// whitelist user IPs
ingress {
from_port = 443
to_port = 443
Expand All @@ -30,7 +38,10 @@ resource "aws_security_group" "dacp_lb_sc" {
"93.56.171.15/32",
"213.121.161.124/32",
"188.172.252.34/32",
"194.33.197.0/25"
"194.33.197.0/25",
"18.169.147.172/32",
"18.130.148.126/32",
"35.176.148.126/32"
]
}

Expand Down

0 comments on commit 182b3fe

Please sign in to comment.