search

guardian / machine-images

DEPRECATED: Scripts for building machine images (principally AMIs)
34 stars 7 forks source link

adds option to allow public access to intances #110

Closed tsop14 closed 8 years ago

tsop14 commented 8 years ago

Adds option to give public access to instances.

Makes parameter names generic. Removes default, expired SSL certificate id.

sihil commented 8 years ago

👎 This doesn't explain the motivation for making the instances public.

If this is for access to the individual instances then I'd strongly suggest that a bastion host is more appropriate. Making instances publicly accessible with out good reason should be thought of as an anti-pattern.

/cc @adamnfish

adamnfish commented 8 years ago

Yep agreed, good spot. @tsop14 let's chat about what the use case is for this, see if we can help out.

mchv commented 8 years ago

@sihil @adamnfish we associate public ip addresses to most of our instances including elasticsearch and restrict access based on security groups rather than through network config. Regarding bastion host I think that is generally a bad trade-off as it bring a lot of complexity without providing more security. If you can secure access of a host, why not directly securing all the hosts?

tsop14 commented 8 years ago

This doesn't explain the motivation for making the instances public.

Access was added to see logs during set up to help with debugging. This isn't needed any more so removing public access with an update. Thanks!

adamnfish commented 8 years ago

@mchv I'd hope the increase in complexity is relatively minor, we can chat with some of the teams that have implemented this pattern to see how they've found it.

Certainly, securing a host who's sole purpose is to pass on ssh connections is much easier than securing a host that e.g. runs a database. It also means there's only one place where a misconfigured security group is a problem. This reduces the attack surface and the burden of ensuring integrity. This is particularly true for database instances, and particularly^2 when those databases have often had known vulnerabilities in their default configuration. This means as well as being much easier to secure, the consequences of failure are drastically reduced.

Teams are (of course) allowed to use public IP addresses but what we're talking about with this PR is guiding best practices via this piece of shared infrastructure.

mchv commented 8 years ago

@adamnfish let discuss about this.