MLPAB-1733 - Make the public access toggle include redirects and mock…

… onelogin (#969) * update targets for ur job * remove private ingress when public ingress is added * update lock
ministryofjustice · Jan 18, 2024 · 2e482bb · 2e482bb
1 parent 8ba3074
commit 2e482bb
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 31 deletions.
diff --git a/.github/workflows/dispatch_manage_public_access_ur_environment.yml b/.github/workflows/dispatch_manage_public_access_ur_environment.yml
@@ -66,5 +66,8 @@ jobs:
           TF_WORKSPACE: ur
           TF_VAR_pagerduty_api_key: ${{ secrets.pagerduty_api_key }}
         run: |
-          terraform apply -lock-timeout=300s  -input=false -auto-approve -var public_access_enabled=${{ inputs.public_access_enabled }} -target 'module.eu_west_1[0].module.app.aws_security_group_rule.app_loadbalancer_public_access_ingress[0]'
+          terraform apply -lock-timeout=300s  -input=false -auto-approve -var public_access_enabled=${{ inputs.public_access_enabled }} \
+            -target 'module.eu_west_1[0].module.app.aws_security_group_rule.app_loadbalancer_public_access_ingress[0]' \
+            -target 'module.eu_west_1[0].module.app.aws_security_group_rule.app_loadbalancer_public_access_ingress_port_80[0]' \
+            -target 'module.eu_west_1[0].module.mock_onelogin[0].aws_security_group_rule.mock_onelogin_loadbalancer_public_access_ingress[0]' \
         working-directory: ./terraform/environment
diff --git a/terraform/environment/.terraform.lock.hcl b/terraform/environment/.terraform.lock.hcl
diff --git a/terraform/environment/region/modules/app/alb.tf b/terraform/environment/region/modules/app/alb.tf
@@ -155,6 +155,7 @@ data "aws_ip_ranges" "route53_healthchecks" {
 }
 
 resource "aws_security_group_rule" "app_loadbalancer_port_80_redirect_ingress" {
+  count             = var.public_access_enabled ? 0 : 1
   description       = "Port 80 ingress for redirection to port 443"
   type              = "ingress"
   from_port         = 80
@@ -166,6 +167,7 @@ resource "aws_security_group_rule" "app_loadbalancer_port_80_redirect_ingress" {
 }
 
 resource "aws_security_group_rule" "app_loadbalancer_ingress" {
+  count             = var.public_access_enabled ? 0 : 1
   description       = "Port 443 ingress from the allow list to the application load balancer"
   type              = "ingress"
   from_port         = 443