Data source for the CircleCI IP addresses

[andyshinn]

Would be helpful to have a data source that provides the IP addresses from https://circleci.com/docs/2.0/ip-ranges/ with attributes for the different ranges and all combined.

I currently do something like for ip in $(dig +short jobs.knownips.circleci.com); do aws ec2 authorize-security-group-ingress --group-id sg-018b811ddb76d3134 --protocol tcp --port 22 --cidr "${ip}/32" --region us-east-2; done. Would be nice to do this in Terraform.

[ghost]

This is how I've solved it without needing this specific provider.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.46.0"
    }
    dns = {
      source  = "hashicorp/dns"
      version = "3.2.4"
    }
  }
}

provider "aws" {
  <your config here>
}

# this provider can be left empty
provider "dns" {}

data "dns_a_record_set" "circleci" {
  host = "jobs.knownips.circleci.com"
}

resource "aws_security_group" "circleci" {
  name        = "circleci"
  vpc_id      = aws_vpc.main.id
}

resource "aws_security_group_rule" "circleci" {
  security_group_id = aws_security_group.circleci.id

  protocol    = "tcp"
  type        = "ingress"
  to_port     = <yourport>
  from_port   = <yourport>
  cidr_blocks = [for k, v in data.dns_a_record_set.circleci.addrs : "${v}/32"]
  description = "Allow CircleCI"
}

[andyshinn]

Cool, i didn't even think to check if there was a generic DNS lookup provider!