Secure Lower QMR Environments

[dwhitestratiform]

Description

The team has been requested to restrict lower environments to be restricted from public access and to require using cms vpn to access.

This pull request utilizes the cmcs waf plugin to apply standard firewall rules used at cms. See this link to see standard rules inherited from the plugin.

In addition to the inherited rules a new rule is applied in this PR named "vpn-only" that its default action is to restrict all access with the exception to the IP's defined in the qmr dev account ip set.

In addition the ui serverless.yaml is where we can conditionally set if the environment is restricted. Currently it's set to a default value of restricted, with dev (master) and val also restricted and prod unrestricted per requirements of qmr being accessible to state users.

Related ticket(s)

---

How to test

in a new cognito browser session visit the application endpoint for this branch both on VPN and not on VPN to confirm access or lack there of when not on VPN.

Important updates

development environments will not be accessible unless on VPN.

---

Author checklist

• I have performed a self-review of my code
• I have added thorough tests, if necessary
• I have updated relevant documentation, if necessary

---

convert to a different template: test → val | val → prod

[codeclimate]

Code Climate has analyzed commit 20cc32e and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (90% is the threshold).

This pull request will bring the total coverage in the repository to 73.1% (0.0% change).

View more on Code Climate.