This message was deleted.
# atlantis-communitys
Slackbot
03/06/2023, 1:59 PMThis message was deleted.
r
RB
03/06/2023, 2:08 PMYou'd need to exclude the github webhook ips from needing the vpn to hit the lb, id imagine
π 1
d
Dylan Page
03/06/2023, 3:29 PMYes that's what we do, Github has a provider to pull down their IP ranges to whitelist in the ALB
π 1
Dylan Page
03/06/2023, 3:30 PM Copy code
################################################
# Get github IP range information for use w/ atlantis webhooks
################################################
provider "github" {}
data "github_ip_ranges" "github_cidrs" {}Dylan Page
03/06/2023, 3:31 PMand then
Copy code
# AWS doesn't support ipv6 so we have to filter them out
# <https://discuss.hashicorp.com/t/how-to-filter-out-ip4-and-ip6-subnets/22556/2>
ipv4_github_hooks = [for cidr in data.github_ip_ranges.github_cidrs.hooks : cidr if length(regexall("\\:", cidr)) == 0]Dylan Page
03/06/2023, 3:31 PMand pass
local.ipv4_github_hooksπ 1
p
Pradeep Reddy
03/06/2023, 4:07 PMCool, Thanks.
w
wby
03/06/2023, 5:02 PM@Dylan Page if it helps, looks like they have a
hooks_ipv4d
Dylan Page
03/06/2023, 5:08 PM@wby oh nice, that must be new!
Dylan Page
03/06/2023, 5:08 PMThis TF hasn't been touched in two years lmao
w
wby
03/06/2023, 5:12 PMI only came across it when I was checking out the structure to try to implement something similar.. thanks for the pointers and reminder that this existed
π 1
l
Luiz Silva
03/07/2023, 4:24 PMYou need to allow the github ranges inside your Security Group, I had the same issue, but with AWS Firewall. If you have your atlantis running inside the cluster you can run this command inside the pod and see the CIDR range of github
ssh -vvv -T <http://github.com|github.com>π 1