Merge pull request #6347 from ministryofjustice/NIT-1300-jitbit-updat…

…e-rds-certificates NIT-1253 upgrade development environment to rds-ca-rsa2048-g1 CA
ministryofjustice · Jun 3, 2024 · 3d3ed28 · 3d3ed28
2 parents 1bb2a7c + c0f4d2e
commit 3d3ed28
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 10 deletions.
diff --git a/terraform/environments/delius-jitbit/application_variables.json b/terraform/environments/delius-jitbit/application_variables.json
@@ -8,6 +8,7 @@
       "db_auto_minor_version_upgrade": "true",
       "db_allow_major_version_upgrade": "false",
       "db_backup_window": "03:00-06:00",
+      "db_ca_cert_identifier": "rds-ca-rsa2048-g1",
       "db_retention_period": "15",
       "db_maintenance_window": "mon:00:00-mon:03:00",
       "db_instance_class": "db.t3.xlarge",
@@ -34,6 +35,7 @@
       "db_auto_minor_version_upgrade": "true",
       "db_allow_major_version_upgrade": "false",
       "db_backup_window": "03:00-06:00",
+      "db_ca_cert_identifier": "rds-ca-rsa2048-g1",
       "db_retention_period": "15",
       "db_maintenance_window": "mon:00:00-mon:03:00",
       "db_instance_class": "db.t3.xlarge",
@@ -60,6 +62,7 @@
       "db_auto_minor_version_upgrade": "true",
       "db_allow_major_version_upgrade": "false",
       "db_backup_window": "03:00-06:00",
+      "db_ca_cert_identifier": "rds-ca-2019",
       "db_retention_period": "15",
       "db_maintenance_window": "mon:00:00-mon:03:00",
       "db_instance_class": "db.t3.xlarge",
@@ -86,6 +89,7 @@
       "db_auto_minor_version_upgrade": "true",
       "db_allow_major_version_upgrade": "false",
       "db_backup_window": "03:00-06:00",
+      "db_ca_cert_identifier": "rds-ca-2019",
       "db_retention_period": "15",
       "db_maintenance_window": "mon:00:00-mon:03:00",
       "db_instance_class": "db.t3.xlarge",
@@ -112,6 +116,7 @@
       "db_auto_minor_version_upgrade": "true",
       "db_allow_major_version_upgrade": "false",
       "db_backup_window": "03:00-06:00",
+      "db_ca_cert_identifier": "rds-ca-2019",
       "db_retention_period": "15",
       "db_maintenance_window": "mon:00:00-mon:03:00",
       "db_instance_class": "db.t3.xlarge",

diff --git a/terraform/environments/delius-jitbit/lb.tf b/terraform/environments/delius-jitbit/lb.tf
@@ -51,11 +51,6 @@ resource "aws_security_group" "load_balancer_security_group" {
       "54.228.16.0/26",    # eu-west-1 Region
       "107.23.255.0/26",   # us-east-1 Region
       "54.243.31.192/26",  # us-east-1 Region
-      "195.59.75.0/24",    # ARK internet (DOM1)
-      "194.33.192.0/25",   # ARK internet (DOM1)
-      "194.33.193.0/25",   # ARK internet (DOM1)
-      "194.33.196.0/25",   # ARK internet (DOM1)
-      "194.33.197.0/25",   # ARK internet (DOM1)
       local.internal_security_group_cidrs
     ]))
 

diff --git a/terraform/environments/delius-jitbit/rds.tf b/terraform/environments/delius-jitbit/rds.tf
@@ -51,6 +51,7 @@ resource "aws_db_instance" "jitbit" {
 
   # tflint-ignore: aws_db_instance_default_parameter_group
   parameter_group_name        = "default.sqlserver-se-15.0"
+  ca_cert_identifier          = local.application_data.accounts[local.environment].db_ca_cert_identifier
   deletion_protection         = local.application_data.accounts[local.environment].db_deletion_protection
   delete_automated_backups    = local.application_data.accounts[local.environment].db_delete_automated_backups
   skip_final_snapshot         = local.skip_final_snapshot

diff --git a/terraform/environments/delius-jitbit/sandbox_lb.tf b/terraform/environments/delius-jitbit/sandbox_lb.tf
@@ -47,11 +47,6 @@ resource "aws_security_group" "load_balancer_security_group_sandbox" {
       "54.228.16.0/26",    # eu-west-1 Region
       "107.23.255.0/26",   # us-east-1 Region
       "54.243.31.192/26",  # us-east-1 Region
-      "195.59.75.0/24",    # ARK internet (DOM1)
-      "194.33.192.0/25",   # ARK internet (DOM1)
-      "194.33.193.0/25",   # ARK internet (DOM1)
-      "194.33.196.0/25",   # ARK internet (DOM1)
-      "194.33.197.0/25",   # ARK internet (DOM1)
       local.internal_security_group_cidrs
     ])
 

diff --git a/terraform/environments/delius-jitbit/sandbox_rds.tf b/terraform/environments/delius-jitbit/sandbox_rds.tf
@@ -40,6 +40,7 @@ resource "aws_db_instance" "jitbit_sandbox" {
 
   # tflint-ignore: aws_db_instance_default_parameter_group
   parameter_group_name        = "default.sqlserver-se-15.0"
+  ca_cert_identifier          = local.application_data.accounts["sandbox"].db_ca_cert_identifier
   deletion_protection         = local.application_data.accounts["sandbox"].db_deletion_protection
   delete_automated_backups    = local.application_data.accounts["sandbox"].db_delete_automated_backups
   skip_final_snapshot         = local.application_data.accounts["sandbox"].db_skip_final_snapshot