Overview

With the move to a new office, the Element 84 External IP has changed:

As such, security groups and ACLs will need to be updated accordingly to grant access.

Which application is targeted?

Bastion access will need to be updated.

Is your feature request related to a problem? Please describe.

Failure to update the appropriate security groups will prevent expected connectivity between the office and GoPhillyGo resources.

Work Performed

Cloudformation Changes

• Traverse to Cloudformation > Stacks > VPC-24f053d8a472e0d1fa9a945797ce
• Click Change Sets, then click the Create change set button
• Keep the radio button for Use current template selected, then click Next
• Update the OfficeCidr parameter to 50.243.53.17/32, then click Next
• Scroll to the bottom of the Configure Stack Options page without changing anything and click Next
• Review proposed changes, then click Submit
• Wait for the change set to finish being created, then review changes to ensure only the sgBastion security group will be modified: no other changes will be made
• Click Execute Change Set
• Keep the following behaviours selected, then click Execute Change Set:
  • Behavior on provisioning failure: Roll back all stack resources
  • Delete newly created resources during a rollback: Use deletion policy
• Ensure the stack status reaches UPDATE_COMPLETE
• Conducted testing as follows to ensure connectivity:
  • Hopped onto the PHL VPN
  • Successfully telnet'd to BastionHost (54.174.122.108) on port 5000, 22, and 5601

Manual Changes

• None: the sgBastion security group is managed through Cloudformation.

WAF & Shield

• Reviewed WAF & Shield to confirm no ACLs in place use the OLD external IP

1Password

• Updated the OfficeCidr variable entry within default.yml (located in 1Password as GoPhillyGo - default.yml) to reflect the new office IP

Post Implementation Notes

The Cloudformation change set was deployed successfully, changes are immediate. No other post-implementation work needed.