search

IBM / cis-integration

The goal of this project is to automate CIS integration for IBM Cloud application platforms. We will produce a command-line tool that customers can use to simplify this process.
Apache License 2.0
3 stars 0 forks source link

Automate ACL rule creation on VPC instance #3

Closed Chris-Springstead closed 3 years ago

Chris-Springstead commented 3 years ago

Need to automate the creation of ACL rules on VPC. This will limit the incoming traffic to just Cloudflare and internal communication. The complete list of ACL rules can be found here https://github.com/Cloud-Schematics/multizone-secure-iks-with-cis##cis.

Chris-Springstead commented 3 years ago

After some discussion the plan for the ACL rule creation has changed. We originally planned to create these rules on the users VPC but have ultimately decided not to and instead check their existing network ACL for the correct rules. If the correct rules are not present we then will provide a warning to the user stating which rules are missing so they know what they need to add.

In addition, it's possible in the future that we can provide the functionality to add these rules if the user wishes but some more discussion will be needed here.