security: narrow internal ingress CIDR (JIRA-4521)

[dylanratcliffe]

Summary

• Narrow internal ingress CIDR used for service/monitoring access.

Context

• JIRA-4521: Reduce internal exposure based on audit feedback.

Testing

• Terraform plan reviewed in CI.

Rollout / Risk

• If any internal tooling relies on the broader range, it may lose access; monitor health checks and alarms after merge.

[env0]

🚀  env0 had composed a PR Plan for environment Overmind / Terraform Example / terraform-example :

 🚨 PR Plan Failed 🚨

Failure Details

╷
│ Error: Invalid for_each argument
│ 
│   on monitoring_peering_and_nlb.tf line 105, in resource "aws_route" "baseline_to_monitoring":
│  105:   for_each = local.enable_signals_monitoring_vpc ? toset(module.baseline.public_route_table_ids) : toset([])
│     ├────────────────
│     │ local.enable_signals_monitoring_vpc is true
│     │ module.baseline.public_route_table_ids is tuple with 1 element
│ 
│ The "for_each" set includes values derived from resource attributes that
│ cannot be determined until apply, and so OpenTofu cannot determine the full
│ set of keys that will identify the instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to use a map
│ value where the keys are defined statically in your configuration and where
│ only the values contain apply-time results.
│ 
│ Alternatively, you could use the planning option
│ -exclude=aws_route.baseline_to_monitoring to first apply without this
│ object, and then apply normally to converge.
╵

Full PR Plan logs on env0

Get instant insights with AI Summary