From 16a29f7eff3c57f72d05038936871ff8efbbeb2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Wed, 15 Jan 2025 14:53:19 +0100
Subject: [PATCH] Increase the width of the allowed IP netmask

* Add note for future work
---
 tf/environments/prod/main.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index 300a9e0..887cf18 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -165,7 +165,11 @@ module "oonipg" {
   db_allocated_storage     = "50"
   db_max_allocated_storage = null
 
-  allow_cidr_blocks     = module.network.vpc_subnet_private[*].cidr_block
+  # TODO: fix this to further restrict to only our subnets
+  # In order to do this we need to change the launch template of the ECS service
+  # to deploy them specifically inside of the two allocated subnets as opposed
+  # to picking a random IP in side of the full /8
+  allow_cidr_blocks     = ["10.0.0.0/8"]
   allow_security_groups = []
 
   tags = merge(