Restrict and harden Azure security groups policy for monitoring (exporters in particular)

SUSE / ha-sap-terraform-deployments

Automated SAP/HA Deployments in Public/Private Clouds

GNU General Public License v3.0

122 stars 88 forks source link

Restrict and harden Azure security groups policy for monitoring (exporters in particular) #195

Open ayoub-belarbi opened 5 years ago

ayoub-belarbi commented 5 years ago

Right now we allow inbound access from all ips to the exporters in Azure, we should improve that to only allow access from other nodes since we don't need access to the exporters from outside world. Only the monitoring node need that.

Example can be found here: https://github.com/SUSE/ha-sap-terraform-deployments/blob/c4b149ad4c6cff0e3152ae635a6aa8b473daf823/azure/network.tf#L405

NiteshSngh commented 1 year ago

Try to extend the range of ha-exporter from 9002 to further.