Updating Prisoner Content Hub WAF
Every so often, the Prisoner Content Hub require their WAF IP allowlist updating. This is a bespoke job and not fully #gitops
Note: When adding an IP range e.g.
/28
, it must start with the first address in the range.10.0.0.50/28
is not valid, however10.0.0.48/28
is since it’s the start of the block.
- Log in to AWS Console
- Go to Parameter Store - ensure you’re in eu-west-2
- Search for “prisoner”
- Select the correct
ip-allow-list
parameter store (per environment) - Add or remove the IP address from the JSON object and save
- Log in to Concourse
- Run the
infrastructure-account
plan pipeline - you should see theaws_wafv2_ip_set
have pending updates - Run the
infrastructure-account
apply pipeline - Confirm the changes by going to WAF & Shield, select Web ACLs, click on the correct environment, select Rules and search for the IP address.
This page was last reviewed on 6 May 2025.
It needs to be reviewed again on 6 November 2025
by the page owner #cloud-platform
.
This page was set to be reviewed before 6 November 2025
by the page owner #cloud-platform.
This might mean the content is out of date.