Skip to main content

Updating Prisoner Content Hub WAF

Every so often, the Prisoner Content Hub require their WAF IP allowlist updating. This is a bespoke job and not fully #gitops

Note: When adding an IP range e.g. /28, it must start with the first address in the range. 10.0.0.50/28 is not valid, however 10.0.0.48/28 is since it’s the start of the block.

  1. Log in to AWS Console
  2. Go to Parameter Store - ensure you’re in eu-west-2
  3. Search for “prisoner”
  4. Select the correct ip-allow-list parameter store (per environment)
  5. Add or remove the IP address from the JSON object and save
  6. Log in to Concourse
  7. Run the infrastructure-account plan pipeline - you should see the aws_wafv2_ip_set have pending updates
  8. Run the infrastructure-account apply pipeline
  9. Confirm the changes by going to WAF & Shield, select Web ACLs, click on the correct environment, select Rules and search for the IP address.
This page was last reviewed on 24 November 2025. It needs to be reviewed again on 24 May 2026 by the page owner #cloud-platform-notify .
This page was set to be reviewed before 24 May 2026 by the page owner #cloud-platform-notify. This might mean the content is out of date.