Use the public-load-balancer module for frontend #138
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richardTowers
force-pushed
the
use-public-lb-module-for-frontend
branch
from
29483bc
to
84dfd22
Compare
This reduces a big chunk of duplication, and will make my next
refactoring a little bit easier.
I did some terraform state moves to get a better feel for what this will
actually do. One thing is that the public-load-balancer module doesn't
restrict the ALB by the office IPs:
```
-/+ resource "aws_security_group_rule" "alb_from_any_https" {
~ cidr_blocks = [ # forces replacement
- "213.86.153.212/32",
- "213.86.153.213/32",
- "213.86.153.214/32",
- "213.86.153.235/32",
- "213.86.153.236/32",
- "213.86.153.237/32",
- "85.133.67.244/32",
+ "0.0.0.0/0",
]
+ description = "frontend ALB allows requests from CIDRs list over HTTPS"
```
... not sure if we want to sort that out before we merge this.
richardTowers
force-pushed
the
use-public-lb-module-for-frontend
branch
from
84dfd22
to
fd2ecad
Compare
This is more consistent with what was there before I refactored it to use the public load balancer module. In the long run, I don't think frontend needs a public load balancer - it's just got one for now because we haven't got router running yet. So having the office IPs passed in directly is fine for now.
sengi
approved these changes
Jan 19, 2021
I'll be able to remove one set of these variables when I inline modules/apps/frontend. I don't know where we got to with our Network ACL thinking? There was something tricky about it I think? Anyway, good enough for now :) |
|
Yeah, I've only myself to blame for not finishing the ugly network ACL thing to be fair. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
This reduces a big chunk of duplication, and will make my next
refactoring a little bit easier.
I did some terraform state moves to get a better feel for what this will
actually do. It looks like most of the resources will need replacing, but
for the most part the changes look quite small.
See the terraform plan in concourse for more details on what this will do.