Closed carrb-moj closed 1 year ago
@seanprivett can they just use an S3 bucket in our long term storage account
Accounts will be created soon. The IP addresses I have been given are as per an email@ " Ok, so for the first rule I believe Brian is wanting to be able to access the environment on port 443 from an MoJ Digital Macbook connected to Global protect. To be honest, I think this is unnecessary as he should be able to access any EC2 instance stood up in the environment via SSM. I would skip this for now and I'll check with Brian when he is back.
"gp_to_read_ims_extraction_data": {"
"action": "PASS",
"source_ip": "
"destination_ip": "
"destination_port": "443",
"protocol": "TCP"
},
If you think the rule might make sense instead of SSM then the two VPN ranges are: (81.134.202.29/32 - mojvpn and 35.176.93.186/32 - global-protect)
For the second rule:
"mercury_to_upload_ims_extraction_data": {"
"action": "PASS",
"source_ip": "mercury azure IPs",
"destination_ip": "
"destination_port": "443",
"protocol": "TCP"
},
The team needs connectivity between the new environment on the mod-platform and the azure Mercury subnets on the Fix and Go Azure environment. The two Azure subnets are:
10.40.54.0/24 - NOMS-Live/PP-Mercury 10.40.55.0/24 - NOMS-Live/PD-Mercury "
I will look at these once the environments have been created
Environments created. The names are slightly different to those listed above as I checked and this was the name provided to me. They may not be long lasting so this may not be an issue.
hmpps-intelligence-management-development hmpps-intelligence-management-production
Code amended and pushed with the firewall changes.
The IP addresses are already covered in production (a /16 one) so waiting to confirm if this is needed in development. If it is some additional work will be needed to do this. Will know more on Monday next week.
In the meantime the original pull request has been removed.
Currently I have had no response so I will close this.
Environment details
Mercury Data Extraction
Temporary environment to facilitate date extraction from the Mercury application (hosted in Azure) to the replacement application (Manage Intelligence) hosted in the Cloud Platform
DPS-SOCT-TECH
Environments
Tags
Networking options
Subnet sets
Firewall rules
How do users connect to the application?
Connectivity to other applications or external parties
The Mercury application, which is hosted on VMs within Azure needs to be able to copy files to an S3 bucket in this environment.
Additional features
Other information
Definition of done