Ingress to the database is open from 0.0.0.0/0 on all ports

aws / aws-app-mesh-examples

AWS App Mesh is a service mesh that you can use with your microservices to manage service to service communication.

MIT No Attribution

862 stars 396 forks source link

Ingress to the database is open from 0.0.0.0/0 on all ports #344

Open alexpulver opened 4 years ago

alexpulver commented 4 years ago

Is there a reason to open ingress to the database from 0.0.0.0/0 on all ports? It doesn't seem to be needed, since there is an explicit reference to yelb-app-server security group.

https://github.com/aws/aws-app-mesh-examples/blob/197023518523d8f46393e6066137327da91cb9b2/blogs/ecs-service-connectivity/yelb/deployments/platformdeployment/AWS/ECS/yelb-cloudformation-ECS-AppMesh-deployment.yaml#L517-L530

ganeshbch commented 3 years ago

This could be a good resource https://www.stratoscale.com/blog/cloud/aws-security-groups-5-best-practices/ to resolve the issue.

bcelenza commented 3 years ago

@alexpulver You are correct, allowing all is not required for that security group. I'm currently working with the blog owner to correct that and a few other issues with this example.

alexpulver commented 3 years ago

@rajal-amzn @herrhound @jamsajones @bcelenza any chance this code can be updated?