Closed ctindall closed 4 years ago
Hi @ctindall, thanks very much for sharing this information. I discussed your findings with the person responsible for engineering and overseeing our cloud solutions, @lee-lethean. At this time we do not feel any changes are justified, but we appreciate your report. We feel these are generally minor security risks, and changing the deployment configuration to adapt some of these changes would create a lot of unnecessary difficulty.
Please tag me @valiant1x to reopen this issue.
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename:
./server/aws/vpc.yaml
line number(s): [172]
resource(s):
Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration
severity: warning
filename:
./server/aws/vpc.yaml
line number(s): [63, 77]
resource(s):
EC2 Subnet should not have MapPublicIpOnLaunch set to true
severity: warning
filename:
./server/aws/nodes.yaml
line number(s): [206, 180]
resource(s):
Resource found with an explicit name, this disallows updates that require replacement of this resource
severity: warning
filename:
./server/aws/nodes.yaml
line number(s): [152]
resource(s):
Security Groups found with ingress cidr that is not /32