diff options
| author | Christopher Baines <mail@cbaines.net> | 2018-07-05 11:42:08 +0100 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2018-07-05 11:42:08 +0100 |
| commit | 0b2df284100db9c03dcdc290f99091f199fb5eef (patch) | |
| tree | 40671c319b62bc3e715bf5aa844a582d688e521f | |
| parent | f6d74559eafa515bdef2afbf547b95a7ff751daf (diff) | |
| download | govuk-mini-environment-admin-0b2df284100db9c03dcdc290f99091f199fb5eef.tar govuk-mini-environment-admin-0b2df284100db9c03dcdc290f99091f199fb5eef.tar.gz | |
Improve the public ip address handling
Support multiple addresses to handle the GOV.UK PaaS, which has
multiple egress points.
| -rw-r--r-- | app/models/backends/terraform_aws/backend_methods.rb | 12 | ||||
| -rw-r--r-- | terraform/aws/backend/main.tf | 8 |
2 files changed, 12 insertions, 8 deletions
diff --git a/app/models/backends/terraform_aws/backend_methods.rb b/app/models/backends/terraform_aws/backend_methods.rb index ca2bd83..cc5ca62 100644 --- a/app/models/backends/terraform_aws/backend_methods.rb +++ b/app/models/backends/terraform_aws/backend_methods.rb @@ -27,18 +27,20 @@ module Backends::TerraformAws::BackendMethods end def backend_terraform_variables - public_ip_address = ENV[ - 'GOVUK_MINI_ENVIRONMENT_ADMIN_PUBLIC_IP_ADDRESS' - ] + public_ip_addresses = ENV[ + 'GOVUK_MINI_ENVIRONMENT_ADMIN_PUBLIC_IP_ADDRESSES' + ].split(',') - raise 'missing public ip address' if public_ip_address.nil? + raise 'missing public ip addresses' if public_ip_addresses.nil? + + egress_cidr_blocks = public_ip_addresses.map { |x| "#{x}/32" } common_terraform_variables.merge( aws_vpc_id: vpc_id, ssh_public_key: ssh_public_key, backend_slug: label.parameterize, mini_environment_admin_guix_public_key: guix_public_key, - mini_environment_admin_public_ip_address: public_ip_address + mini_environment_admin_egress_cidr_blocks: egress_cidr_blocks ) end diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf index fff5444..45d660f 100644 --- a/terraform/aws/backend/main.tf +++ b/terraform/aws/backend/main.tf @@ -66,8 +66,8 @@ variable "mini_environment_admin_guix_public_key" { type = "string" } -variable "mini_environment_admin_public_ip_address" { - type = "string" +variable "mini_environment_admin_egress_cidr_blocks" { + type = "list" } variable "backend_slug" { @@ -168,7 +168,9 @@ resource "aws_security_group" "ssh_access_from_mini_environment_admin" { from_port = 0 to_port = 22 protocol = "tcp" - cidr_blocks = ["${var.mini_environment_admin_public_ip_address}/32"] + cidr_blocks = [ + "${var.mini_environment_admin_egress_cidr_blocks}" + ] } } |