Skip to content

Commit

Permalink
Dacp update pingdom ips (#5297)
Browse files Browse the repository at this point in the history
* update pingdom ips

* remove tactical products secrets reference from application_variables.json

* remove providers.tf as no longer need to connect to tactical products account

* revert deletion of tactical products provider
  • Loading branch information
matthewsearle01 authored Mar 11, 2024
1 parent 963991d commit e9bd75b
Show file tree
Hide file tree
Showing 4 changed files with 129 additions and 42 deletions.
9 changes: 3 additions & 6 deletions terraform/environments/dacp/application_variables.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@
"support_team": "DTS Legacy Apps Support Team",
"support_email": "[email protected]",
"rds_port": "5432",
"domain_name": "modernisation-platform.service.justice.gov.uk",
"tactical_products_db_secrets_arn": "5fWKaj"
"domain_name": "modernisation-platform.service.justice.gov.uk"
},
"preproduction": {
"db_name": "dacp_db_pre_prod",
Expand All @@ -37,8 +36,7 @@
"support_team": "DTS Legacy Apps Support Team",
"support_email": "[email protected]",
"rds_port": "5432",
"domain_name": "modernisation-platform.service.justice.gov.uk",
"tactical_products_db_secrets_arn": "AHK8Tj"
"domain_name": "modernisation-platform.service.justice.gov.uk"
},
"production": {
"db_name": "dacp_db_prod",
Expand All @@ -57,8 +55,7 @@
"support_team": "DTS Legacy Apps Support Team",
"support_email": "[email protected]",
"rds_port": "5432",
"domain_name": "divorce-section-search.service.justice.gov.uk",
"tactical_products_db_secrets_arn": "VQasvo"
"domain_name": "divorce-section-search.service.justice.gov.uk"
}
}
}
4 changes: 2 additions & 2 deletions terraform/environments/dacp/ec2_bastion_linux.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ module "bastion_linux" {
}
# s3 - used for logs and user ssh public keys
bucket_name = "bastion-example"
bucket_versioning = true
bucket_force_destroy = true
# bucket_versioning = true
# bucket_force_destroy = true
# public keys
public_key_data = local.public_key_data.keys[local.environment]
# logs
Expand Down
156 changes: 124 additions & 32 deletions terraform/environments/dacp/load_balancer.tf
Original file line number Diff line number Diff line change
Expand Up @@ -73,57 +73,149 @@ resource "aws_security_group" "lb_sc_pingdom" {
to_port = 443
protocol = "tcp"
cidr_blocks = [
"94.75.211.73/32",
"94.75.211.74/32",
"94.247.174.83/32",
"96.47.225.18/32",
"103.10.197.10/32",
"103.47.211.210/32",
"104.129.24.154/32",
"104.129.30.18/32",
"107.182.234.77/32",
"108.181.70.3/32",
"148.72.170.233/32",
"148.72.171.17/32",
"151.106.52.134/32",
"159.122.168.9/32",
"162.208.48.94/32",
"162.218.67.34/32",
"162.253.128.178/32",
"168.1.203.46/32",
"169.51.2.18/32",
"169.54.70.214/32",
"169.56.174.151/32",
"172.241.112.86/32",
"173.248.147.18/32",
"173.254.206.242/32",
"174.34.156.130/32",
"175.45.132.20/32",
"178.162.206.244/32",
"178.255.152.2/32",
"185.180.12.65/32",
"178.255.153.2/32",
"179.50.12.212/32",
"184.75.208.210/32",
"184.75.209.18/32",
"184.75.210.90/32",
"184.75.210.226/32",
"184.75.214.66/32",
"184.75.214.98/32",
"185.39.146.214/32",
"185.39.146.215/32",
"185.70.76.23/32",
"185.93.3.65/32",
"185.136.156.82/32",
"185.152.65.167/32",
"82.103.139.165/32",
"82.103.136.16/32",
"185.180.12.65/32",
"185.246.208.82/32",
"188.172.252.34/32",
"190.120.230.7/32",
"196.240.207.18/32",
"196.244.191.18/32",
"151.106.52.134/32",
"185.136.156.82/32",
"169.51.2.18/32",
"196.245.151.42/32",
"199.87.228.66/32",
"200.58.101.248/32",
"201.33.21.5/32",
"207.244.80.239/32",
"209.58.139.193/32",
"209.58.139.194/32",
"209.95.50.14/32",
"212.78.83.12/32",
"212.78.83.16/32"
]
}
}

resource "aws_security_group" "lb_sc_pingdom_2" {
name = "load balancer Pingdom security group 2"
description = "control Pingdom access to the load balancer"
vpc_id = data.aws_vpc.shared.id

// Allow all European Pingdom IP addresses
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [
"5.172.196.188/32",
"13.232.220.164/32",
"23.22.2.46/32",
"23.83.129.219/32",
"23.92.127.2/32",
"23.106.37.99/32",
"23.111.152.74/32",
"23.111.159.174/32",
"37.252.231.50/32",
"43.225.198.122/32",
"43.229.84.12/32",
"46.20.45.18/32",
"89.163.146.247/32",
"89.163.242.206/32",
"46.246.122.10/32",
"50.2.185.66/32",
"50.16.153.186/32",
"52.0.204.16/32",
"52.24.42.103/32",
"52.48.244.35/32",
"52.52.34.158/32",
"52.52.95.213/32",
"52.52.118.192/32",
"52.57.132.90/32",
"52.59.46.112/32",
"52.59.147.246/32",
"52.57.132.90/32",
"82.103.145.126/32",
"85.195.116.134/32",
"178.162.206.244/32",
"5.172.196.188/32",
"185.70.76.23/32",
"37.252.231.50/32",
"52.62.12.49/32",
"52.63.142.2/32",
"52.63.164.147/32",
"52.63.167.55/32",
"52.67.148.55/32",
"52.73.209.122/32",
"52.89.43.70/32",
"52.194.115.181/32",
"52.197.31.124/32",
"52.197.224.235/32",
"52.198.25.184/32",
"52.201.3.199/32",
"52.209.34.226/32",
"52.209.186.226/32",
"52.210.232.124/32",
"52.48.244.35/32",
"23.92.127.2/32",
"159.122.168.9/32",
"94.75.211.73/32",
"94.75.211.74/32",
"185.246.208.82/32",
"185.93.3.65/32",
"108.181.70.3/32",
"94.247.174.83/32",
"185.39.146.215/32",
"185.39.146.214/32",
"178.255.153.2/32",
"23.106.37.99/32",
"212.78.83.16/32",
"212.78.83.12/32"
"54.68.48.199/32",
"54.70.202.58/32",
"54.94.206.111/32",
"64.237.49.203/32",
"64.237.55.3/32",
"66.165.229.130/32",
"66.165.233.234/32",
"72.46.130.18/32",
"72.46.131.10/32",
"76.72.167.154/32",
"76.72.172.208/32",
"76.164.234.106/32",
"76.164.234.130/32",
"82.103.136.16/32",
"82.103.139.165/32",
"82.103.145.126/32",
"85.195.116.134/32",
"89.163.146.247/32",
"89.163.242.206/32",
]
}
}

resource "aws_lb" "dacp_lb" {
name = "dacp-load-balancer"
load_balancer_type = "application"
security_groups = [aws_security_group.dacp_lb_sc.id, aws_security_group.lb_sc_pingdom.id]
security_groups = [aws_security_group.dacp_lb_sc.id, aws_security_group.lb_sc_pingdom.id, aws_security_group.lb_sc_pingdom_2.id]
subnets = data.aws_subnets.shared-public.ids
enable_deletion_protection = false
internal = false
depends_on = [aws_security_group.dacp_lb_sc, aws_security_group.lb_sc_pingdom]
depends_on = [aws_security_group.dacp_lb_sc, aws_security_group.lb_sc_pingdom, aws_security_group.lb_sc_pingdom_2]
}

resource "aws_lb_target_group" "dacp_target_group" {
Expand Down
2 changes: 0 additions & 2 deletions terraform/environments/dacp/providers.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
provider "aws" {
region = "eu-west-2"
# access_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
# secret_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
alias = "tacticalproducts"
}

0 comments on commit e9bd75b

Please sign in to comment.