sevenseconds icon indicating copy to clipboard operation
sevenseconds copied to clipboard
verified publisher icon zalando-stups

Disallow accessing internal EC2 instances which have a public IP

Open hjacobs opened this issue 9 years ago • 0 comments

Apparently you can assign a public IP to EC2 instances in the "internal" (private) subnets. Nobody should do this, but it's technically possible. This will allow sending data to private EC2 instances (e.g. via UDP), but the route back will not work (due to NAT).

We should configure ACLs appropriately to avoid this.

hjacobs avatar May 19 '16 13:05 hjacobs