Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QOLDEV-908] move WAF stack to global region #557

Merged
merged 5 commits into from
Jul 9, 2024
Merged

[QOLDEV-908] move WAF stack to global region #557

merged 5 commits into from
Jul 9, 2024

Conversation

ThrawnCA
Copy link
Contributor

@ThrawnCA ThrawnCA commented Jul 8, 2024
edited
Loading

  • WAFv2 resources are required to be in the us-east-1 region, but CloudFormation exports cannot cross regions, so use the SSM Parameter Store to pass necessary values.

@ThrawnCA
[QOLDEV-908] move CloudFront stacks to global region
614307a 
- CloudFront is meant to be managed globally, and WAFv2 resources are required to be in the us-east-1 region
@ThrawnCA ThrawnCA requested a review from a team July 8, 2024 04:06
duttonw
duttonw reviewed Jul 8, 2024
View reviewed changes
vars/cloudfront.var.yml Outdated Show resolved Hide resolved
duttonw
duttonw requested changes Jul 8, 2024
View reviewed changes
Copy link
Member

@duttonw duttonw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsure if this will work when cfn cloudfront is made in sydney.

@ThrawnCA
[QOLDEV-908] replace CloudFormation import with Parameter Store
665df90 
- Move CloudFront distribution back to the original region, but pass the Web ACL ID via SSM Parameter Store
so we can cross regions
@ThrawnCA ThrawnCA changed the title [QOLDEV-908] move CloudFront stacks to global region [QOLDEV-908] move WAF stack to global region Jul 8, 2024
duttonw
duttonw approved these changes Jul 8, 2024
View reviewed changes
vars/cloudfront.var.yml Outdated Show resolved Hide resolved
vars/cloudfront.var.yml
CmsOrigin: "{{ CmsOrigin }}"
WebACLId: "{{ Environment }}CKANWebACLId"
WebACLId: "{{ lookup('aws_ssm', '/config/CKAN/' + Environment + '/common/waf_acl_id', region='us-east-1') }}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a way to make this lookup on cfn template. But you do need to give different param string per env for it to work. See repo site-myqldgovau iam.cfn.yml file in the .GitHub/aws folder

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now I would probably choose to keep the style consistent with other templates in this repo.

@duttonw
Copy link
Member

duttonw commented Jul 8, 2024

Do update the pr message per the changes

@ThrawnCA ThrawnCA merged commit 4c69b46 into develop Jul 9, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@duttonw duttonw duttonw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ThrawnCA @duttonw