Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DPC-4259] Add lambda for syncing ip address set #2269

Merged
merged 62 commits into from
Oct 8, 2024
Merged

[DPC-4259] Add lambda for syncing ip address set #2269

merged 62 commits into from
Oct 8, 2024

Conversation

ashley-weaver
Copy link
Contributor

@ashley-weaver ashley-weaver commented Sep 17, 2024
edited
Loading

🎫 Ticket

https://jira.cms.gov/browse/DPC-4259

🛠 Changes

Adds lamdba to keep IP sets in sync on AWS.

ℹ️ Context

By default, the production DPC API is not open to the public network. Organizations must provide IP addresses for inclusion in DPC's network allowlist so that they can access the DPC API.

We are currently storing these IP addresses in the database, but they are not automatically synced to the AWS WAF IP Set for functional purposes.

🧪 Validation

main_test.go includes an integration test that updates the WAF set, verifies the update, and then resets it.

@ashley-weaver ashley-weaver requested a review from a team October 7, 2024 14:01
@ashley-weaver ashley-weaver marked this pull request as ready for review October 7, 2024 14:02
MEspositoE14s
MEspositoE14s approved these changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@MEspositoE14s MEspositoE14s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two quick points but otherwise looks good to me.

  • Can we add a read me or something that tells people they have to setup credentials from CloudTamer before they can run make test locally?
  • Definitely outside the scope of this ticket, but we should consider another ticket to create a shared library so we don't have duplicate code in all three of our lambdas. The stuff we use to connect to AWS, get secrets and connect to the DB is repeated in all of them.

@ashley-weaver
Copy link
Contributor Author

  • Definitely outside the scope of this ticket, but we should consider another ticket to create a shared library so we don't have duplicate code in all three of our lambdas. The stuff we use to connect to AWS, get secrets and connect to the DB is repeated in all of them.

Agreed on pulling the AWS/DB out into a common directory; I tried to make this work, but I wasn't able to.

@ashley-weaver ashley-weaver merged commit bacc6cf into main Oct 8, 2024
9 checks passed
@ashley-weaver ashley-weaver deleted the aweaver/ip-sync-lambda branch October 8, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MEspositoE14s MEspositoE14s MEspositoE14s approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ashley-weaver @MEspositoE14s