Skip to main content

Updating Prisoner Content Hub WAF

Every so often, the Prisoner Content Hub require their WAF IP allowlist updating. This is a bespoke job and not fully #gitops

Note: When adding an IP range e.g. /28, it must start with the first address in the range. 10.0.0.50/28 is not valid, however 10.0.0.48/28 is since it’s the start of the block.

  1. Log in to AWS Console
  2. Go to Parameter Store - ensure you’re in eu-west-2
  3. Search for “prisoner”
  4. Select the correct ip-allow-list parameter store (per environment)
  5. Add or remove the IP address from the JSON object and save
  6. Log in to Concourse
  7. Run the infrastructure-account plan pipeline - you should see the aws_wafv2_ip_set have pending updates
  8. Run the infrastructure-account apply pipeline
  9. Confirm the changes by going to WAF & Shield, select Web ACLs, click on the correct environment, select Rules and search for the IP address.
This page was last reviewed on 6 May 2025. It needs to be reviewed again on 6 November 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 6 November 2025 by the page owner #cloud-platform. This might mean the content is out of date.