Tdrd 339 automated or semi automated workflow for blocking i ps with malicious activity #579
Conversation
Need IP in CIDR notation
There was a problem hiding this comment.
Looks good. Just one comment.
Once this is deployed should document the process for blocking an IP address. Should go into the: https://github.com/nationalarchives/tdr-dev-documentation-internal/tree/main/manual repo; and link to it from the BAU documentation
root_locals.tf
Outdated
| @@ -60,6 +60,8 @@ locals { | |||
|
|
|||
| ip_allowlist = concat(local.developer_ip_list, local.trusted_ip_list) | |||
|
|
|||
| ip_blocked_list = "" | |||
There was a problem hiding this comment.
Will the intention be to hardcode the ip address into the Terraform? Given this is a public repo, I'm not sure what the privacy implications are about this. The other IP addresses are stored in the tdr-configurations repo which is private.
I'd check with probably Kurtis about hardcoding an IP address into a public Github reop.
| @@ -60,6 +60,8 @@ locals { | |||
|
|
|||
| ip_allowlist = concat(local.developer_ip_list, local.trusted_ip_list) | |||
|
|
|||
| ip_blocked_list = module.tdr_configuration.terraform_config["ip_blocked_list"] | |||
There was a problem hiding this comment.
Bit confused. From this PR: https://github.com/nationalarchives/da-terraform-configurations/pull/47 these are in the da-terraform_configurations not the tdr_configuration.
There was a problem hiding this comment.
The source for tdr_configuration is da-terraform-configurations
module "tdr_configuration" {
source = "./da-terraform-configurations"
project = "tdr"
}
ian-hoyle
deleted the
TDRD-339-Automated-or-semi-automated-workflow-for-blocking-IPs-with-malicious-activity
branch
No description provided.