diff --git a/terraform/environments/dacp/ec2_bastion_linux.tf b/terraform/environments/dacp/ec2_bastion_linux.tf index 51e7dae5ccf..0e018555d5a 100644 --- a/terraform/environments/dacp/ec2_bastion_linux.tf +++ b/terraform/environments/dacp/ec2_bastion_linux.tf @@ -8,8 +8,8 @@ module "bastion_linux" { } # s3 - used for logs and user ssh public keys bucket_name = "bastion-example" - bucket_versioning = true - bucket_force_destroy = true + # bucket_versioning = true + # bucket_force_destroy = true # public keys public_key_data = local.public_key_data.keys[local.environment] # logs diff --git a/terraform/environments/dacp/load_balancer.tf b/terraform/environments/dacp/load_balancer.tf index 8c162a5e5c9..26ab63d176f 100644 --- a/terraform/environments/dacp/load_balancer.tf +++ b/terraform/environments/dacp/load_balancer.tf @@ -73,45 +73,137 @@ resource "aws_security_group" "lb_sc_pingdom" { to_port = 443 protocol = "tcp" cidr_blocks = [ + "94.75.211.73/32", + "94.75.211.74/32", + "94.247.174.83/32", + "96.47.225.18/32", + "103.10.197.10/32", + "103.47.211.210/32", + "104.129.24.154/32", + "104.129.30.18/32", + "107.182.234.77/32", + "108.181.70.3/32", + "148.72.170.233/32", + "148.72.171.17/32", + "151.106.52.134/32", + "159.122.168.9/32", + "162.208.48.94/32", + "162.218.67.34/32", + "162.253.128.178/32", + "168.1.203.46/32", + "169.51.2.18/32", + "169.54.70.214/32", + "169.56.174.151/32", + "172.241.112.86/32", + "173.248.147.18/32", + "173.254.206.242/32", + "174.34.156.130/32", + "175.45.132.20/32", + "178.162.206.244/32", "178.255.152.2/32", - "185.180.12.65/32", + "178.255.153.2/32", + "179.50.12.212/32", + "184.75.208.210/32", + "184.75.209.18/32", + "184.75.210.90/32", + "184.75.210.226/32", + "184.75.214.66/32", + "184.75.214.98/32", + "185.39.146.214/32", + "185.39.146.215/32", + "185.70.76.23/32", + "185.93.3.65/32", + "185.136.156.82/32", "185.152.65.167/32", - "82.103.139.165/32", - "82.103.136.16/32", + "185.180.12.65/32", + "185.246.208.82/32", + "188.172.252.34/32", + "190.120.230.7/32", + "196.240.207.18/32", "196.244.191.18/32", - "151.106.52.134/32", - "185.136.156.82/32", - "169.51.2.18/32", + "196.245.151.42/32", + "199.87.228.66/32", + "200.58.101.248/32", + "201.33.21.5/32", + "207.244.80.239/32", + "209.58.139.193/32", + "209.58.139.194/32", + "209.95.50.14/32", + "212.78.83.12/32", + "212.78.83.16/32" + ] + } +} + +resource "aws_security_group" "lb_sc_pingdom_2" { + name = "load balancer Pingdom security group 2" + description = "control Pingdom access to the load balancer" + vpc_id = data.aws_vpc.shared.id + + // Allow all European Pingdom IP addresses + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = [ + "5.172.196.188/32", + "13.232.220.164/32", + "23.22.2.46/32", + "23.83.129.219/32", + "23.92.127.2/32", + "23.106.37.99/32", + "23.111.152.74/32", + "23.111.159.174/32", + "37.252.231.50/32", + "43.225.198.122/32", + "43.229.84.12/32", "46.20.45.18/32", - "89.163.146.247/32", - "89.163.242.206/32", + "46.246.122.10/32", + "50.2.185.66/32", + "50.16.153.186/32", + "52.0.204.16/32", + "52.24.42.103/32", + "52.48.244.35/32", + "52.52.34.158/32", + "52.52.95.213/32", + "52.52.118.192/32", + "52.57.132.90/32", "52.59.46.112/32", "52.59.147.246/32", - "52.57.132.90/32", - "82.103.145.126/32", - "85.195.116.134/32", - "178.162.206.244/32", - "5.172.196.188/32", - "185.70.76.23/32", - "37.252.231.50/32", + "52.62.12.49/32", + "52.63.142.2/32", + "52.63.164.147/32", + "52.63.167.55/32", + "52.67.148.55/32", + "52.73.209.122/32", + "52.89.43.70/32", + "52.194.115.181/32", + "52.197.31.124/32", + "52.197.224.235/32", + "52.198.25.184/32", + "52.201.3.199/32", "52.209.34.226/32", "52.209.186.226/32", "52.210.232.124/32", - "52.48.244.35/32", - "23.92.127.2/32", - "159.122.168.9/32", - "94.75.211.73/32", - "94.75.211.74/32", - "185.246.208.82/32", - "185.93.3.65/32", - "108.181.70.3/32", - "94.247.174.83/32", - "185.39.146.215/32", - "185.39.146.214/32", - "178.255.153.2/32", - "23.106.37.99/32", - "212.78.83.16/32", - "212.78.83.12/32" + "54.68.48.199/32", + "54.70.202.58/32", + "54.94.206.111/32", + "64.237.49.203/32", + "64.237.55.3/32", + "66.165.229.130/32", + "66.165.233.234/32", + "72.46.130.18/32", + "72.46.131.10/32", + "76.72.167.154/32", + "76.72.172.208/32", + "76.164.234.106/32", + "76.164.234.130/32", + "82.103.136.16/32", + "82.103.139.165/32", + "82.103.145.126/32", + "85.195.116.134/32", + "89.163.146.247/32", + "89.163.242.206/32", ] } } @@ -119,11 +211,11 @@ resource "aws_security_group" "lb_sc_pingdom" { resource "aws_lb" "dacp_lb" { name = "dacp-load-balancer" load_balancer_type = "application" - security_groups = [aws_security_group.dacp_lb_sc.id, aws_security_group.lb_sc_pingdom.id] + security_groups = [aws_security_group.dacp_lb_sc.id, aws_security_group.lb_sc_pingdom.id, aws_security_group.lb_sc_pingdom_2.id] subnets = data.aws_subnets.shared-public.ids enable_deletion_protection = false internal = false - depends_on = [aws_security_group.dacp_lb_sc, aws_security_group.lb_sc_pingdom] + depends_on = [aws_security_group.dacp_lb_sc, aws_security_group.lb_sc_pingdom, aws_security_group.lb_sc_pingdom_2] } resource "aws_lb_target_group" "dacp_target_group" {