aws-app-mesh-examples icon indicating copy to clipboard operation
aws-app-mesh-examples copied to clipboard

Published 20 hours ago verified publisher icon aws

Ingress to the database is open from 0.0.0.0/0 on all ports

Open alexpulver opened this issue 4 years ago • 3 comments

Is there a reason to open ingress to the database from 0.0.0.0/0 on all ports? It doesn't seem to be needed, since there is an explicit reference to yelb-app-server security group.

https://github.com/aws/aws-app-mesh-examples/blob/197023518523d8f46393e6066137327da91cb9b2/blogs/ecs-service-connectivity/yelb/deployments/platformdeployment/AWS/ECS/yelb-cloudformation-ECS-AppMesh-deployment.yaml#L517-L530

alexpulver avatar Sep 17 '20 07:09 alexpulver

This could be a good resource https://www.stratoscale.com/blog/cloud/aws-security-groups-5-best-practices/ to resolve the issue.

ganeshbch avatar Oct 20 '20 20:10 ganeshbch

@alexpulver You are correct, allowing all is not required for that security group. I'm currently working with the blog owner to correct that and a few other issues with this example.

bcelenza avatar Oct 28 '20 20:10 bcelenza

@rajal-amzn @herrhound @jamsajones @bcelenza any chance this code can be updated?

alexpulver avatar Sep 12 '21 20:09 alexpulver