S3 interface endpoint to manage STNO page privately would boost security of the solution.

aws-solutions / network-orchestration-for-aws-transit-gateway

The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. It creates a web interface to help control, audit, and approve (transit) network changes.

https://aws.amazon.com/solutions/implementations/serverless-transit-network-orchestrator/

Apache License 2.0

110 stars 48 forks source link

S3 interface endpoint to manage STNO page privately would boost security of the solution. #51

Closed l4h1n closed 1 year ago

l4h1n commented 2 years ago

Is your feature request related to a problem? Please describe. I find the STNO console page provided through cloudfront as insecure. It doesn't leverage MFA or WAF and the page is "public" just behind a password.

Describe the feature you'd like An S3 interface endpoint can be leveraged and linked with a private R53 zone so that STNO can be managed from a VPC or On-Premises

Additional context A feature to choose between public and private management would also add value.

tbelmega commented 1 year ago

We added a WAF to the AppSync API in release v3.1. I hope that addresses you concern. The page is still publicly accessible via CloudFront, but the critical part from a security perspective is the API, not the UI.