Merge branch 'main' into fix/365-remove-unused-endpoints

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## [1.7.1](https://github.com/bcgov/nr-forests-access-management/compare/v1.7.0...v1.7.1) (2023-10-16)
+
+
+### Bug Fixes
+
+* [#938](https://github.com/bcgov/nr-forests-access-management/issues/938) Remove unnecessary flows from nsgs based on security reviews. ([#960](https://github.com/bcgov/nr-forests-access-management/issues/960)) ([6614d74](https://github.com/bcgov/nr-forests-access-management/commit/6614d74e3e0f3c351df0ec78b162bd9d20d8a1d3))
+* incorrect swapped action ([#965](https://github.com/bcgov/nr-forests-access-management/issues/965)) ([1976022](https://github.com/bcgov/nr-forests-access-management/commit/19760228422e2f260651b6cc50583e48476ebfa5))
+
+
+### Miscellaneous
+
+* swap out unmaintained action ([#961](https://github.com/bcgov/nr-forests-access-management/issues/961)) ([b30fdf9](https://github.com/bcgov/nr-forests-access-management/commit/b30fdf9ad73842bf42cf22082931c8d485d6a456))
+* Update actions/upload-artifact action to v3 ([#967](https://github.com/bcgov/nr-forests-access-management/issues/967)) ([9b70fe0](https://github.com/bcgov/nr-forests-access-management/commit/9b70fe091912a66c01f508f71d0a9a7f249a8ac6))
+* update checkout action for node 12 deprecation ([#962](https://github.com/bcgov/nr-forests-access-management/issues/962)) ([75894bc](https://github.com/bcgov/nr-forests-access-management/commit/75894bc8d261991ed3739e6c8ae91b8a0198328c))
+
 ## [1.7.0](https://github.com/bcgov/nr-forests-access-management/compare/v1.6.0...v1.7.0) (2023-10-10)
 
 

infrastructure/server/network_security_groups.tf

@@ -9,40 +9,16 @@ resource "aws_security_group" "fam_app_sg" {
         managed-by = "terraform"
     }
 
-    ingress {
-        from_port = 0
-        to_port = 0
-        protocol = "-1"
-        cidr_blocks = ["10.10.32.0/20", "10.10.128.0/20"]
-        description = "Central VPC Traffic Inbound from Web subnets"
-    }
-
-    ingress {
-        from_port = 0
-        to_port = 0
-        protocol = "-1"
-        cidr_blocks = ["10.10.0.0/19", "10.10.96.0/19"]
-        description = "Central VPC Traffic Inbound from App subnets"
-    }
-
-    ingress {
-        from_port = 0
-        to_port = 0
-        protocol = "-1"
-        cidr_blocks = ["10.10.64.0/21", "10.10.72.0/21"]
-        description = "Central VPC Traffic Inbound from Mgmt subnets"
-    }
-
-    egress {
-        from_port = 0
-        to_port = 0
-        protocol = "-1"
-        cidr_blocks = ["0.0.0.0/0"]
-        description = "Allow All Outbound Traffic"
-    }
+}
 
+resource "aws_vpc_security_group_egress_rule" "fam_app_sg_outbound" {
+  security_group_id = aws_security_group.fam_app_sg.id
+  cidr_ipv4   = "0.0.0.0/0"
+  ip_protocol = "-1"
+  description = "Allow All Outbound Traffic"
 }
 
+
 resource "aws_security_group" "fam_data_sg" {
     name = "fam_data_sg"
     description = "FAM custom security group for data tier."
@@ -70,52 +46,9 @@ resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_postgres" {
   description = "Allow traffic to database from FAM application tier (lambdas)."
 }
 
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_web_a" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.32.0/20"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from Web-a"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_web_b" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.128.0/20"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from Web-b"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_app_a" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.0.0/19"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from App-a"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_app_b" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.96.0/19"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from App-b"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_mgmt_a" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.64.0/21"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from Mgmt-a"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "fam_data_sg_central_mgmt_b" {
-  security_group_id = aws_security_group.fam_data_sg.id
-  cidr_ipv4   = "10.10.72.0/21"
-  ip_protocol = "-1"
-  description = "Central VPC Traffic Inbound from Mgmt-b"
-}
-
 resource "aws_vpc_security_group_egress_rule" "fam_data_sg_outbound" {
   security_group_id = aws_security_group.fam_data_sg.id
   cidr_ipv4   = "0.0.0.0/0"
   ip_protocol = "-1"
   description = "Allow All Outbound Traffic"
 }
-

terraform/tools/terragrunt.hcl

@@ -28,16 +28,16 @@ generate "tools_tfvars" {
     prod = "${local.common_vars.inputs.idp_logout_chain_prod_url}"
     tools = "${local.common_vars.inputs.idp_logout_chain_tools_url}"
   }
-  front_end_redirect_path = "https://d3d7kmp8kmi5ix.cloudfront.net"
+  front_end_redirect_path = "https://fam-tools.nrs.gov.bc.ca"
   fam_callback_urls = [
-    "https://d3d7kmp8kmi5ix.cloudfront.net/authCallback",
+    "https://fam-tools.nrs.gov.bc.ca/authCallback",
     "http://localhost:5173/authCallback",
     "http://localhost:8000/docs/oauth2-redirect",
     "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/"
   ]
   fam_logout_urls = [
-    "${local.common_vars.inputs.idp_logout_chain_dev_url}https://d3d7kmp8kmi5ix.cloudfront.net",
-    "${local.common_vars.inputs.idp_logout_chain_dev_url}http://localhost:5173"
+    "${local.common_vars.inputs.idp_logout_chain_tools_url}https://fam-tools.nrs.gov.bc.ca",
+    "${local.common_vars.inputs.idp_logout_chain_tools_url}http://localhost:5173"
   ]
   fam_console_idp_name = "DEV-IDIR"
   forest_client_api_base_url = "https://nr-forest-client-api-test.api.gov.bc.ca"

version.txt

@@ -1 +1 @@
-1.7.0
+1.7.1