Merge pull request #6851 from ministryofjustice/apex-oas-int

Add OAS LZ cidr range to APEX
ministryofjustice · Jul 4, 2024 · f1cfbce · f1cfbce
2 parents 024f91f + 907eed4
commit f1cfbce
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/terraform/environments/apex/application_variables.json b/terraform/environments/apex/application_variables.json
@@ -51,7 +51,8 @@
       "alb_target_5xx_alarm_threshold": "1",
       "alb_elb_5xx_alarm_threshold": "10",
       "alb_target_4xx_alarm_threshold": "10",
-      "alb_elb_4xx_alarm_threshold": "10"
+      "alb_elb_4xx_alarm_threshold": "10",
+      "oas_lz_cidr": "10.202.4.85/32"
     },
     "test": {
       "example_var": "test-data"

diff --git a/terraform/environments/apex/ec2.tf b/terraform/environments/apex/ec2.tf
@@ -91,6 +91,16 @@ resource "aws_vpc_security_group_ingress_rule" "db_workspace" {
   to_port           = 1521
 }
 
+# This is a temp rule whilst OAS resides in LZ
+resource "aws_vpc_security_group_ingress_rule" "oas_lz" {
+  security_group_id = aws_security_group.database.id
+  description       = "Allow OAS in LZ to access APEX"
+  cidr_ipv4         = local.application_data.accounts[local.environment].oas_lz_cidr
+  from_port         = 1521
+  ip_protocol       = "tcp"
+  to_port           = 1521
+}
+
 resource "aws_vpc_security_group_egress_rule" "db_outbound" {
   security_group_id = aws_security_group.database.id
   cidr_ipv4         = "0.0.0.0/0"