Restrict access to InternalSecurityGroup. #253
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow only the following sources to connect to InternalSecurityGroup on tcp and udp: InternalSecurityGroup, WebSecurityGroup, BOSHSecurityGroup. The current configuration (InternalSecurityGroup is open to all sources on every port) causes amazon trusted advisor to raise a red warning. Signed-off-by: Simon Jones <simon@cloudcredo.com>
|
Hi there! We use Pivotal Tracker to provide visibility into what our team is working on. A story for this issue has been automatically created. The current status is as follows:
This comment, as well as the labels on the issue, will be automatically updated as the status in Tracker changes. |
|
This looks good, thanks! I'm assuming you've tried it yourself? |
|
@vito We have yes, we successfully updated our existing cloud formation using this template, our concourse remains completely functional & in doing so we have removed the existing alert in Trusted Advisor. |
|
Thanks! |
vito
added a commit
that referenced
this pull request
Apr 11, 2018
vmware-archive/fly#201 Submodule src/github.com/concourse/fly f9d92f5..2be951a: > Merge branch 'govau-unmarshalstrict' > Merge pull request #214 from alepee/patch-1 Submodule src/gopkg.in/yaml.v2 e4d366fc..5420a8b6: > Use underlying float precision when formatting floats (#353) > Fix typo in tab error message (#208). > Fix misspell of precede in ported code (#216) > Fix type on Marshal docs (#206). > Fixed typos in docstrings (#179). > Drop unnecessary explicit timestamp tags. > Fix broken test from last merge. > increment non-zero scanner error lines (#319) > Convert int to float when explicitly tagged. > Encode and decode arrays. > Fix edge case when decoding MinInt as -0b. > Remove mention of non-existent examples folder. > Fix curious assumption from the original C reader. > Ensure scanner has data before checking for blanks. > Drop invalid simple key assertion. > Improve map stabilization logic. > Fix unstable map key ordering (#195). > Merge pull request #336 from rogpeppe/025-go.mod > Merge pull request #335 from rogpeppe/024-merge-devel > Merge pull request #253 from heldtogether/patch-1 > Merge pull request #308 from rogpeppe/016-revert-v2-PR273 > Merge pull request #273 from rogpeppe/006-timestamps > Merge pull request #299 from rogpeppe/009-gofmt > Merge pull request #281 from houshengbo/fix-incorrect-line-number > Correct documentation for Marshal (#287) > Merge pull request #289 from rliebz/null-fix > Replace LICENSE text with actual license (#274) > Merge pull request #272 from rogpeppe/005-cleaner-tag-scan > Merge pull request #103 from andreychernih/bugfix/non-specific-tags > Merge pull request #271 from rogpeppe/004-embedded-example > Merge pull request #94 from mvo5/feature/embeded-structs-example > Merge pull request #264 from hiveminded/v2 > Merge pull request #262 from wupeka/v2 > Remove unreachable code to fix go vet (#249) > Fix dead URL for yaml specification (#240) > Tighten restrictions on float decoding (#171) > Fix decode test for Go 1.8 (#217) > Fix unmarshaler handling of empty strings. > new license in the README file (#189)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed on Slack (https://concourseci.slack.com/archives/general/p1452624733008350) we would like to tighten our security group rules for the internal security group. Further to the discussion, it appears we needed to add access from the WebSecurityGroup as well as those mentioned.
Allow only the following sources to connect to InternalSecurityGroup on tcp and udp: InternalSecurityGroup, WebSecurityGroup, BOSHSecurityGroup.
The current configuration (InternalSecurityGroup is open to all sources on every port) causes amazon trusted advisor to raise a red warning.
Signed-off-by: Simon Jones simon@cloudcredo.com