Title
p
Pradeep Reddy
03/06/2023, 1:59 PMHi , we are trying to have atlantis on AWS eks and alb endpoint as github webhook. But eks , alb , everything is behind our company's vpn. Anyone know how to configure GitHub webhook with alb which is behind vpn?
r
RB
03/06/2023, 2:08 PMYou'd need to exclude the github webhook ips from needing the vpn to hit the lb, id imagine
π 1
d
Dylan Page
03/06/2023, 3:29 PMYes that's what we do, Github has a provider to pull down their IP ranges to whitelist in the ALB
π 1
################################################
# Get github IP range information for use w/ atlantis webhooks
################################################
provider "github" {}
data "github_ip_ranges" "github_cidrs" {}and then
# AWS doesn't support ipv6 so we have to filter them out
# <https://discuss.hashicorp.com/t/how-to-filter-out-ip4-and-ip6-subnets/22556/2>
ipv4_github_hooks = [for cidr in data.github_ip_ranges.github_cidrs.hooks : cidr if length(regexall("\\:", cidr)) == 0]and pass
local.ipv4_github_hooksπ 1
p
Pradeep Reddy
03/06/2023, 4:07 PMCool, Thanks.
w
wby
03/06/2023, 5:02 PM@Dylan Page if it helps, looks like they have a
hooks_ipv4d
Dylan Page
03/06/2023, 5:08 PM@wby oh nice, that must be new!
This TF hasn't been touched in two years lmao
w
wby
03/06/2023, 5:12 PMI only came across it when I was checking out the structure to try to implement something similar.. thanks for the pointers and reminder that this existed
π 1
l
Luiz Silva
03/07/2023, 4:24 PMYou need to allow the github ranges inside your Security Group, I had the same issue, but with AWS Firewall. If you have your atlantis running inside the cluster you can run this command inside the pod and see the CIDR range of github
ssh -vvv -T <http://github.com|github.com>π 1