Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PLT-503: Add test and sandbox environments to DPC WAF plan and apply #128

Merged
merged 8 commits into from
Sep 23, 2024
Merged

PLT-503: Add test and sandbox environments to DPC WAF plan and apply #128

merged 8 commits into from
Sep 23, 2024

Conversation

gfreeman-navapbc
Copy link
Contributor

🎫 Ticket

https://jira.cms.gov/browse/PLT-503

🛠 Changes

Adds test and sbx environments to the DPC WAF configuration

ℹ️ Context

These are changes made as a part of the overall WAF migration work.

🧪 Validation

Once this is applied, we should see the Web ACL configurations show up with the placeholder IP sets. We'll need to manually update them in AWS, and then reapply once we remove the association with the security group on ingress.

@gfreeman-navapbc gfreeman-navapbc requested a review from a team as a code owner September 17, 2024 18:45
ildesenesence
ildesenesence approved these changes Sep 17, 2024
View reviewed changes
Copy link
Contributor

@ildesenesence ildesenesence left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious what impact our engineers should actually see with this - seems like this is just setting up the skeleton for rules to be capable of being applied, but isn't actually applying rules? I haven't followed this all the way back to the current WAF configuration to verify that.

gsf
gsf requested changes Sep 17, 2024
View reviewed changes
Copy link
Member

@gsf gsf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The api-waf service will need to be updated to not create and associate IP sets on sandbox.

@gfreeman-navapbc
Copy link
Contributor Author

gfreeman-navapbc commented Sep 17, 2024
edited
Loading

Curious what impact our engineers should actually see with this - seems like this is just setting up the skeleton for rules to be capable of being applied, but isn't actually applying rules? I haven't followed this all the way back to the current WAF configuration to verify that.

See https://github.com/CMSgov/ab2d-bcda-dpc-platform/tree/main/terraform/modules/firewall
and https://github.com/CMSgov/ab2d-bcda-dpc-platform/tree/main/terraform/services/api-waf

@ildesenesence

@gfreeman-navapbc gfreeman-navapbc merged commit 77ab794 into main Sep 23, 2024
13 checks passed
@gfreeman-navapbc gfreeman-navapbc deleted the gfreeman_PLT-503_dpc_test_and_sbx_waf branch September 23, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsf gsf gsf approved these changes

@ildesenesence ildesenesence ildesenesence approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gfreeman-navapbc @gsf @ildesenesence