Open gwright99 opened 1 month ago
@schaluva -- thoughts on the proposal above?
While working on the solution, I realized I was using the wrong value to control SSH security ingress rules. I was using var.sg_ingress_rules
instead of var.sg_ssh_cidrs
. Fixed.
Background
Reported by a client with the following characteristics:
The Problem
Client could not connect to the ALB, despite the VPN being active and functional. The problem ended up being due to an assumption I made while populating `local.alb_ingress_cidrs':
How to Fix
The client confirmed that the problem was resolved once they added their VPN CIDR to the
[data.aws_vpc.preexisting.cidr_block]
(_i.e.[data.aws_vpc.preexisting.cidr_block, VIPN_CIDR_HERE
]_).I think it would make sense to leverage the pre-existing
sg_ingress_cidrs
value in terraform.tfvar and append this into thelocal.alb_ingress_cidrs
array generated for non-public implementations.