Merge pull request #216 from mdr-engineering/feature/bp_MSOCI-1779_portal_waf

Improves Portal WAF Admin IPs

base/customer_portal/vars.tf

@@ -39,4 +39,12 @@ variable "public_subnets" {
 variable "proxy_public_ip" {
   type = string
   
-}
+}
+
+variable "admin_remote_ipset" {
+  type = list(object(
+    {
+      value = string
+      type  = string
+    }))
+}

base/customer_portal/waf.tf

@@ -17,44 +17,6 @@ locals {
       type    = "IPV4"
     },
   ]
-
-# 73.10.53.113/32 Rick Page Home
-# 99.151.37.185/32 Wesley Leonard Home
-# 104.9.149.90/32 Greg Rivas Home
-# 100.4.76.3/32 Brandon Naughton Home
-# 170.248.173.247/32 AFS site
-# 170.248.173.245/32 AFS site
-# 70.120.41.230/32 Will Ledesma Home
-  admin_remote_ipset = [
-    {
-      "value" = "73.10.53.113/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "99.151.37.185/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "104.9.149.90/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "100.4.76.3/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "170.248.173.247/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "170.248.173.245/32"
-      type    = "IPV4"
-    },
-    {
-      "value" = "70.120.41.230/32"
-      type    = "IPV4"
-    },
-  ]
   waf_prefix = "portal"
 }
 
@@ -62,7 +24,7 @@ module "regional_waf" {
   source             = "../../submodules/waf_owasp_top10"
   waf_prefix         = local.waf_prefix
   blacklisted_ips    = local.blacklisted_ips
-  admin_remote_ipset = local.admin_remote_ipset
+  admin_remote_ipset = var.admin_remote_ipset
 }
 
 resource "aws_wafregional_web_acl_association" "portal_alb_waf" {