From ebd50cd97bec7abae478796755e780dfd6a0540b Mon Sep 17 00:00:00 2001 From: James MacBeth <56261600+jamesmacbeth-unilink@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:15:23 +0100 Subject: [PATCH 1/2] Allow Unilink VPN IPs to access delius frontend --- .../delius-core/modules/delius_environment/alb_frontend.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/delius-core/modules/delius_environment/alb_frontend.tf b/terraform/environments/delius-core/modules/delius_environment/alb_frontend.tf index 98eb2406105..9a9b5abb138 100644 --- a/terraform/environments/delius-core/modules/delius_environment/alb_frontend.tf +++ b/terraform/environments/delius-core/modules/delius_environment/alb_frontend.tf @@ -27,7 +27,7 @@ resource "aws_vpc_security_group_ingress_rule" "delius_core_frontend_alb_ingress } resource "aws_vpc_security_group_ingress_rule" "delius_core_frontend_alb_ingress_https_global_protect_allowlist" { - for_each = toset(local.moj_ips) + for_each = toset(local.all_ingress_ips) security_group_id = aws_security_group.delius_frontend_alb_security_group.id description = "access into delius core frontend alb over https" from_port = "443" From 40bd9bb1da64ac47a710398568adaefc6ee8dda1 Mon Sep 17 00:00:00 2001 From: James MacBeth Date: Mon, 10 Jun 2024 14:33:11 +0100 Subject: [PATCH 2/2] Updated Unilink VPN IP address ranges --- .../modules/delius_environment/locals.tf | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/terraform/environments/delius-core/modules/delius_environment/locals.tf b/terraform/environments/delius-core/modules/delius_environment/locals.tf index 0ee1201ea5e..553142debca 100644 --- a/terraform/environments/delius-core/modules/delius_environment/locals.tf +++ b/terraform/environments/delius-core/modules/delius_environment/locals.tf @@ -23,18 +23,12 @@ locals { moj_ips = concat(module.ip_addresses.moj_cidrs.trusted_moj_digital_staff_public, module.ip_addresses.moj_cidrs.trusted_moj_enduser_internal, module.ip_addresses.moj_cidrs.trusted_mojo_public) unilink_ips = [ - "194.75.210.216/29", # Unilink AOVPN - "83.98.63.176/29", # Unilink AOVPN - "78.33.10.50/31", # Unilink AOVPN - "78.33.10.52/30", # Unilink AOVPN - "78.33.10.56/30", # Unilink AOVPN - "78.33.10.60/32", # Unilink AOVPN - "78.33.32.99/32", # Unilink AOVPN - "78.33.32.100/30", # Unilink AOVPN - "78.33.32.104/30", # Unilink AOVPN - "78.33.32.108/32", # Unilink AOVPN - "217.138.45.109/32", # Unilink AOVPN - "217.138.45.110/32", # Unilink AOVPN + "78.33.10.48/28", # Unilink AOVPN (CF) + "78.33.32.96/28", # Unilink AOVPN (CF) + "83.98.63.176/29", # Unilink AOVPN (Newcastle) + "80.209.165.232/32", # Unilink AOVPN (Newcastle) + "217.138.45.109/32", # Unilink AOVPN (London) + "217.138.45.110/32", # Unilink AOVPN (London) ] all_ingress_ips = concat(local.moj_ips, local.unilink_ips)