From b42e86aa4d7cfaec39d9f0311bca9eefef913647 Mon Sep 17 00:00:00 2001 From: SahidKhan89 Date: Mon, 2 Oct 2023 14:05:44 +0100 Subject: [PATCH] CC-2117: Added rule for inbound connectivity from Cloud Platform --- .../environments/ccms-ebs/application_variables.json | 4 ++++ .../ccms-ebs/ccms-ec2-security_groups.tf | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/terraform/environments/ccms-ebs/application_variables.json b/terraform/environments/ccms-ebs/application_variables.json index 115982afad6..1a4e07d51ce 100644 --- a/terraform/environments/ccms-ebs/application_variables.json +++ b/terraform/environments/ccms-ebs/application_variables.json @@ -45,6 +45,7 @@ "lz_aws_workspace_prod_subnet_env": "10.200.16.0/20", "lz_aws_workspace_nonprod_prod": "10.200.0.0/19", "lz_aws_appstream_subnet_a_b": "10.200.32.0/23", + "cloud_platform_subnet": "172.20.0.0/16", "lz_ftp_bucket_environment": "development", "lz_domain_name": "*.dev.legalservices.gov.uk", "mp_aws_subnet_env": "10.200.0.0/20", @@ -125,6 +126,7 @@ "lz_ftp_bucket_environment": "uat", "lz_domain_name": "*.uat.legalservices.gov.uk", "mp_aws_subnet_env": "10.200.0.0/20", + "cloud_platform_subnet": "172.20.0.0/16", "ebs_default_iops": 12000, "webgate_no_instances": 2, "webgate_default_iops": 3000, @@ -200,6 +202,7 @@ "lz_ftp_bucket_environment": "staging", "lz_domain_name": "*.stg.legalservices.gov.uk", "mp_aws_subnet_env": "10.200.0.0/20", + "cloud_platform_subnet": "172.20.0.0/16", "ebs_default_iops": 32000, "webgate_no_instances": 2, "webgate_default_iops": 3000, @@ -275,6 +278,7 @@ "lz_ftp_bucket_environment": "production", "lz_domain_name": "*.legalservices.gov.uk", "mp_aws_subnet_env": "10.200.0.0/20", + "cloud_platform_subnet": "172.20.0.0/16", "ebs_default_iops": 32000, "webgate_no_instances": 2, "webgate_default_iops": 3000, diff --git a/terraform/environments/ccms-ebs/ccms-ec2-security_groups.tf b/terraform/environments/ccms-ebs/ccms-ec2-security_groups.tf index d7ea5456d6f..a4a1ebb2bcf 100644 --- a/terraform/environments/ccms-ebs/ccms-ec2-security_groups.tf +++ b/terraform/environments/ccms-ebs/ccms-ec2-security_groups.tf @@ -66,6 +66,18 @@ resource "aws_security_group_rule" "ingress_traffic_ebsdb" { cidr_blocks = [data.aws_vpc.shared.cidr_block, local.application_data.accounts[local.environment].lz_aws_subnet_env, local.application_data.accounts[local.environment].lz_aws_workspace_nonprod_prod, local.application_data.accounts[local.environment].lz_aws_appstream_subnet_a_b] } +#### Temp, Below block seperated out rule due to design of the way rules are looped and restrictions on the limit of AWS rules per SG +resource "aws_security_group_rule" "ingress_traffic_ebsdb_152x" { + security_group_id = aws_security_group.ec2_sg_ebsdb.id + type = "ingress" + description = "In: Oracle Net Listener for Cloud Platform" + protocol = "tcp" + from_port = 1521 + to_port = 1522 + cidr_blocks = [local.application_data.accounts[local.environment].cloud_platform_subnet] +} + + resource "aws_security_group_rule" "egress_traffic_ebsdb_sg" { for_each = local.application_data.ec2_sg_egress_rules security_group_id = aws_security_group.ec2_sg_ebsdb.id