D12960.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D12960.diff
View Options

	diff --git a/services/terraform/self-host/aws-deploy.sh b/services/terraform/self-host/aws-deploy.sh
	--- a/services/terraform/self-host/aws-deploy.sh
	+++ b/services/terraform/self-host/aws-deploy.sh
	@@ -34,6 +34,16 @@
	exit 1
	fi

	+# Get the current public IP address
	+ip_address="$(curl -s ipv4.wtfismyip.com/text)"
	+if [[ -z "$ip_address" ]]; then
	+ echo "Failed to retrieve IP address. Exiting."
	+ exit 1
	+fi
	+
	+# Grab resource info from AWS
	+keyserver_lb_sg_id="$(aws ec2 describe-security-groups --filters "Name=group-name,Values=lb-sg" --query "SecurityGroups[0].GroupId" --output text)"
	+
	convert_seconds() {
	total_seconds="$1"
	minutes="$((total_seconds / 60))"
	@@ -64,30 +74,44 @@
	done
	}

	-disable_lb_traffic() {
	+disable_general_lb_traffic() {
	+ # disables general ip access
	aws ec2 revoke-security-group-ingress \
	- --group-id "$(aws ec2 describe-security-groups --filters "Name=group-name,Values=lb-sg" --query "SecurityGroups[0].GroupId" --output text)" \
	+ --group-id "$keyserver_lb_sg_id" \
	--protocol tcp \
	--port 443 \
	--cidr 0.0.0.0/0 > /dev/null
	+
	+ # enables traffic only for ip calling aws deploy script
	+ aws ec2 authorize-security-group-ingress \
	+ --group-id "$keyserver_lb_sg_id" \
	+ --protocol tcp \
	+ --port 443 \
	+ --cidr "${ip_address}/32" > /dev/null
	}

	enable_lb_traffic() {
	aws ec2 authorize-security-group-ingress \
	- --group-id "$(aws ec2 describe-security-groups --filters "Name=group-name,Values=lb-sg" --query "SecurityGroups[0].GroupId" --output text)" \
	+ --group-id "$keyserver_lb_sg_id" \
	--protocol tcp \
	--port 443 \
	--cidr 0.0.0.0/0 > /dev/null
	+
	+ # disables personal ip address ingress rule as no longer necessary
	+ aws ec2 revoke-security-group-ingress \
	+ --group-id "$keyserver_lb_sg_id" \
	+ --protocol tcp \
	+ --port 443 \
	+ --cidr "${ip_address}/32" > /dev/null
	}

	# Stop all primary and secondary tasks and disable traffic to load balancer
	echo "Disabling traffic to load balancer"
	-disable_lb_traffic
	+disable_general_lb_traffic

	http_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 5 "$health_check_url")
	if [[ "$http_code" -eq 000 ]]; then
	echo "Error: Health check timed out trying to access keyserver domain at ${health_check_url}."
	- echo "Ensure terraform variable allowed_ip is properly configured and run terraform apply"

	echo "Re-enabling traffic to load balancer until domain is accessible and migration script is rerun"
	enable_lb_traffic
	diff --git a/services/terraform/self-host/aws_lb.tf b/services/terraform/self-host/aws_lb.tf
	--- a/services/terraform/self-host/aws_lb.tf
	+++ b/services/terraform/self-host/aws_lb.tf
	@@ -10,13 +10,6 @@
	cidr_blocks = ["0.0.0.0/0"]
	}

	- ingress {
	- from_port = 443
	- to_port = 443
	- protocol = "tcp"
	- cidr_blocks = [for ip in var.allowed_ips : "${ip}/32"]
	- }
	-
	egress {
	from_port = 0
	to_port = 0

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 23, 10:07 AM (18 h, 18 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2570191
Default Alt Text: D12960.diff (2 KB)

D12960.diffNo OneTemporaryActions

D12960.diffView Options

File Metadata

Event Timeline

D12960.diff
No OneTemporary
Actions

D12960.diff
View Options