From 53be71fc77163163e8027fdb2d9a4900077c1150 Mon Sep 17 00:00:00 2001 From: Mike Bell Date: Fri, 19 Apr 2024 10:54:52 +0100 Subject: [PATCH 1/2] Add runbook for prisoner content hub --- ...ating-prisoner-content-hub-waf.html.md.erb | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 runbooks/source/updating-prisoner-content-hub-waf.html.md.erb diff --git a/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb b/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb new file mode 100644 index 00000000..52f7279b --- /dev/null +++ b/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb @@ -0,0 +1,20 @@ +--- +title: Updating Prisoner Content Hub WAF +weight: 60 +last_reviewed_on: 2024-04-19 +review_in: 6 months +--- + +# Updating Prisoner Content Hub WAF + +Every so often the Prisoner Content Hub require their WAF IP allowlist updating. This is a bespoke job and not fully #gitops + +1. Log in to AWS Console +2. Goto Parameter Store - ensure your in eu-west-2 +3. Search for "prisoner" +4. Select the correct `ip-allow-list` parameter store (per environment) +5. Add or remove the IP address from the JSON object and save +6. Log in to Concourse +7. Run the `infrastructure-account` plan pipeline - you should see the `aws_wafv2_ip_set` have pending updates +8. Run the `infrastructure-account` apply pipeline +9. Confirm the changes by going to WAF & Shield, select Web ACLs, click on the correct environment, select Rules and search for the IP address. From 06bde024c276625977ab34116d4831857980fff3 Mon Sep 17 00:00:00 2001 From: Steve Williams <105657964+sj-williams@users.noreply.github.com> Date: Fri, 19 Apr 2024 10:59:20 +0100 Subject: [PATCH 2/2] Update runbooks/source/updating-prisoner-content-hub-waf.html.md.erb --- runbooks/source/updating-prisoner-content-hub-waf.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb b/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb index 52f7279b..0c6b4a4a 100644 --- a/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb +++ b/runbooks/source/updating-prisoner-content-hub-waf.html.md.erb @@ -10,7 +10,7 @@ review_in: 6 months Every so often the Prisoner Content Hub require their WAF IP allowlist updating. This is a bespoke job and not fully #gitops 1. Log in to AWS Console -2. Goto Parameter Store - ensure your in eu-west-2 +2. Goto Parameter Store - ensure you're in eu-west-2 3. Search for "prisoner" 4. Select the correct `ip-allow-list` parameter store (per environment) 5. Add or remove the IP address from the JSON object and save