From 182b3fed485fefde51136101e5f4daf9fb4244e7 Mon Sep 17 00:00:00 2001
From: Matthew Searle <65017209+matthewsearle01@users.noreply.github.com>
Date: Mon, 5 Feb 2024 15:30:58 +0000
Subject: [PATCH] DACP: Update load balancer security group ips (#4854)

* Update load balancer security group ips

* Update PostgreSQL engine version to 14.10
---
 .../dacp/application_variables.json           |  9 +++------
 terraform/environments/dacp/load_balancer.tf  | 19 +++++++++++++++----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/terraform/environments/dacp/application_variables.json b/terraform/environments/dacp/application_variables.json
index 800d68bb54b..2467b318431 100644
--- a/terraform/environments/dacp/application_variables.json
+++ b/terraform/environments/dacp/application_variables.json
@@ -1,14 +1,13 @@
 {
   "accounts": {
     "development": {
-      "moj_ip": "81.134.202.29/32",
       "db_name": "dacp_db_dev",
       "identifier": "dacp-db-dev",
       "db_username": "dbadmin",
       "allocated_storage": "20",
       "storage_type": "gp2",
       "engine": "postgres",
-      "engine_version": "14.7",
+      "engine_version": "14.10",
       "instance_class": "db.t3.micro",
       "server_port_1": "80",
       "lb_listener_protocol_1": "HTTP",
@@ -22,14 +21,13 @@
       "tactical_products_db_secrets_arn": "5fWKaj"
     },
     "preproduction": {
-      "moj_ip": "81.134.202.29/32",
       "db_name": "dacp_db_pre_prod",
       "identifier": "dacp-db-pre-prod",
       "db_username": "dbadmin",
       "allocated_storage": "20",
       "storage_type": "gp2",
       "engine": "postgres",
-      "engine_version": "14.7",
+      "engine_version": "14.10",
       "instance_class": "db.t3.micro",
       "server_port_1": "80",
       "lb_listener_protocol_1": "HTTP",
@@ -43,14 +41,13 @@
       "tactical_products_db_secrets_arn": "AHK8Tj"
     },
     "production": {
-      "moj_ip": "81.134.202.29/32",
       "db_name": "dacp_db_prod",
       "identifier": "dacp-db-prod",
       "db_username": "dbadmin",
       "allocated_storage": "20",
       "storage_type": "gp2",
       "engine": "postgres",
-      "engine_version": "14.7",
+      "engine_version": "14.10",
       "instance_class": "db.t3.micro",
       "server_port_1": "80",
       "lb_listener_protocol_1": "HTTP",
diff --git a/terraform/environments/dacp/load_balancer.tf b/terraform/environments/dacp/load_balancer.tf
index 251853d6c1c..8c162a5e5c9 100644
--- a/terraform/environments/dacp/load_balancer.tf
+++ b/terraform/environments/dacp/load_balancer.tf
@@ -4,14 +4,22 @@ resource "aws_security_group" "dacp_lb_sc" {
   vpc_id      = data.aws_vpc.shared.id
 
   ingress {
-    description = "allow access on HTTPS for the MOJ VPN"
+    description = "allow access on HTTPS for the Dom1 Cisco VPN"
     from_port   = 443
     to_port     = 443
     protocol    = "tcp"
-    cidr_blocks = [local.application_data.accounts[local.environment].moj_ip]
+    cidr_blocks = ["194.33.192.1/32"]
   }
 
-  // whitelist all IPs from the tacticalproducts prod load balancer security group
+  ingress {
+    description = "allow access on HTTPS for the Global Protect VPN"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["35.176.93.186/32"]
+  }
+
+  // whitelist user IPs
   ingress {
     from_port = 443
     to_port   = 443
@@ -30,7 +38,10 @@ resource "aws_security_group" "dacp_lb_sc" {
       "93.56.171.15/32",
       "213.121.161.124/32",
       "188.172.252.34/32",
-      "194.33.197.0/25"
+      "194.33.197.0/25",
+      "18.169.147.172/32",
+      "18.130.148.126/32",
+      "35.176.148.126/32"
     ]
   }