axch
commented
7 years ago Is this concern relevant while the instances are on their own VPCs?
Open riastradh-probcomp opened 7 years ago
axch
commented
7 years ago Is this concern relevant while the instances are on their own VPCs?
When we have multiple EC2 instances running jupyter notebooks, they should not be able to talk to each other by default. The jupyter notebook servers listen on port 8888 for connections from the elastic load balancer (which handles HTTPS so the EC2 instances don't have to, and so we can use a wildcard certificate for them). One instance should not be able to listen to the traffic to another instance and thereby, e.g., harvest passwords. Maybe Amazon guarantees this is how it works anyway even in the face of arp poisoning, or maybe each instance will need its own private subnet. This requires a little research.