Look into VPN Self Signed Certificates with AKID

[ben851]

Description

As a developer of notify, I don't want to spend $400 per environment per month for private certificate authorities.

WHY are we building?

AWS deprecated self signed certificates for VPN forcing us to use private certificate authorities. We may have misunderstood however and it may have just been deprecating self signed certs that don't have AKID.

WHAT are we building?

Look into recreating VPN with AKID self signed cert and see if it still works

VALUE created by our solution

We don't have to spend $$$ on PCA

Acceptance Criteria

• [x] VPN works with AKID Self Signed Certs
• [x] We don't have any alerts from AWS
• [x] PCA's are deleted

QA Steps

• [x] Verify there's no PCAs in the CPN cert
• [x] verify that we can still log into k9s on dev
• [x] Verify there are no warnings in AWS trusted advisor related to the VPN

[ben851]

Dev deployed with self signed certs. Waiting a few days to see if we get any alerts from AWS

[P0NDER0SA]

We will check this one on Tuesday until after Souvenir day

[ben851]

PR to review. https://github.com/cds-snc/notification-terraform/pull/1643/

Sat in dev working all last week with no issues

[ben851]

Deployed this to staging yesterday, and it works!

[ben851]

Released to prod, seems to be working

[ben851]

@Pond to QA

[P0NDER0SA]

Pond needs QA steps :(

[pond]

I don't know who you intended to reference but it isn't me. I have nothing to do with this project or task. Perhaps you meant @P0NDER0SA ?

[P0NDER0SA]

QA'ed! moving to done.