Update Security Groups - Element 84 External IP Changes
JN-Hernandez opened this issue · comments
JN Hernández (they/them) commented
Overview
With the move to a new office, the Element 84 External IP has changed:
Office | IP Address |
---|---|
Old | 66.212.12.106/32 |
New | 50.243.53.17/32 |
As such, security groups and ACLs will need to be updated accordingly to grant access.
Which application is targeted?
Bastion access will need to be updated.
Is your feature request related to a problem? Please describe.
Failure to update the appropriate security groups will prevent expected connectivity between the office and GoPhillyGo resources.
JN Hernández (they/them) commented
Work Performed
Cloudformation Changes
- Traverse to
Cloudformation
>Stacks
>VPC-24f053d8a472e0d1fa9a945797ce
- Click
Change Sets
, then click theCreate change set
button - Keep the radio button for
Use current template
selected, then clickNext
- Update the
OfficeCidr
parameter to50.243.53.17/32
, then clickNext
- Scroll to the bottom of the Configure Stack Options page without changing anything and click
Next
- Review proposed changes, then click
Submit
- Wait for the change set to finish being created, then review changes to ensure only the
sgBastion
security group will be modified: no other changes will be made - Click
Execute Change Set
- Keep the following behaviours selected, then click
Execute Change Set
:- Behavior on provisioning failure: Roll back all stack resources
- Delete newly created resources during a rollback: Use deletion policy
- Ensure the stack status reaches
UPDATE_COMPLETE
- Conducted testing as follows to ensure connectivity:
- Hopped onto the
PHL VPN
- Successfully telnet'd to
BastionHost (54.174.122.108)
on port 5000, 22, and 5601
- Hopped onto the
Manual Changes
- None: the
sgBastion
security group is managed through Cloudformation.
WAF & Shield
- Reviewed WAF & Shield to confirm no ACLs in place use the OLD external IP
1Password
- Updated the
OfficeCidr
variable entry withindefault.yml
(located in 1Password asGoPhillyGo - default.yml
) to reflect the new office IP
Post Implementation Notes
The Cloudformation change set was deployed successfully, changes are immediate. No other post-implementation work needed.