Internal NGINX ingress via VPC Endpoint: Terraform workflow

[sj-williams]

Background

Following firebreak investigation into providing AWS private networked access to CP applications via VPC endpoint and internal NGINX deployment (private subnets only), this ticket is to look at creating and managing the required resources via Terraform.

• ingress controller module should be adapted to enable optional internal NLB deployment with associated ClassName.

• VPC endpoint service Terraform code/module for provisioning the endpoint service in CP VPC for above internal NLB and approval of consumer endpoint connection request

• Required Terraform code for associated consumer endpoint which a user would need to provision in consumer VPC.

• Additional 'productionized' configurations - ie Security Groups, allowed prinipal scoping for endpoint service, private DNS (?), logging at endpoint level, ingress controller logging. What else?

Additional info

Firebreak issue:

Private LoadBalancer for VPC bound EKS application access - https://github.com/ministryofjustice/cloud-platform/issues/5617

Proposed user journey

Approach

Which part of the user docs does this impact

Communicate changes

• [ ] post for #cloud-platform-update
• [ ] Weeknotes item
• [ ] Show the Thing/P&A All Hands/User CoP
• [ ] Announcements channel

Questions / Assumptions

Definition of done

• [ ] readme has been updated
• [ ] user docs have been updated
• [ ] another team member has reviewed
• [ ] smoke tests are green
• [ ] prepare demo for the team

Reference

How to write good user stories