Merge remote-tracking branch 'origin/NIT-887_global_protect' into lda…

…p-datarefresh-NIT859

terraform/environments/delius-core/modules/environment_all_components/weblogic_alb.tf

@@ -26,6 +26,24 @@ resource "aws_vpc_security_group_ingress_rule" "delius_core_frontend_alb_ingress
   cidr_ipv4         = "81.134.202.29/32" # MoJ Digital VPN
 }
 
+resource "aws_vpc_security_group_ingress_rule" "delius_core_frontend_alb_ingress_https_allowlist_gp" {
+  security_group_id = aws_security_group.delius_frontend_alb_security_group.id
+  description       = "access into delius core frontend alb over https"
+  from_port         = "443"
+  to_port           = "443"
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "35.176.93.186/32" # Global Protect VPN
+}
+
+resource "aws_vpc_security_group_ingress_rule" "delius_core_frontend_alb_ingress_http_allowlist_gp" {
+  security_group_id = aws_security_group.delius_frontend_alb_security_group.id
+  description       = "access into delius core frontend alb over http (will redirect)"
+  from_port         = "80"
+  to_port           = "80"
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "35.176.93.186/32" # Global Protect VPN
+}
+
 resource "aws_vpc_security_group_egress_rule" "delius_core_frontend_alb_egress_to_service" {
   security_group_id            = aws_security_group.delius_frontend_alb_security_group.id
   description                  = "access delius core frontend service from alb"

terraform/environments/delius-jitbit/lb.tf

@@ -35,6 +35,7 @@ resource "aws_security_group" "load_balancer_security_group" {
     to_port     = 443
     cidr_blocks = [
       "81.134.202.29/32",  # MoJ Digital VPN
+      "35.176.93.186/32",  # Global Protect VPN
       "217.33.148.210/32", # Digital studio
       "195.59.75.0/24",    # ARK internet (DOM1)
       "194.33.192.0/25",   # ARK internet (DOM1)