Making CIDR Block for SSH Configuration Optional and Outbound Traffic Configurable

Question

Making CIDR Block for SSH Configuration Optional and Outbound Traffic Configurable

MatthiasScholz opened this issue 4 years ago · 4 comments

Currently the CIDR blocks for incoming SSH access is mandatory.

Especially with the introduction of the AWS System Manager Session Manager an alternative administrative access is available. This would allow to reduce the access for SSH access and increase the security.

Furthermore module users might have the use case to limit the outbound traffic traffic as well.

Source Code References:

Answer 1 · 2021-01-06T15:23:00.000Z

I think there may be some confusion here... As indicated in multiple places in the docs, the Terraform code in the root folder (i.e., terraform-aws-nomad/main.tf) and the examples folder are all example code. They are intentionally examples that are designed for easy testing and learning, but are NOT meant to be used directly in prod. The code to use in prod is the code in modules, the vast majority of which already allows you to configure the CIDR blocks allowed to access the cluster.

Answer 2 · 2021-01-07T19:00:05.000Z

Sorry for being incomplete in the issue description. Indeed the main intention was making the CIDR block in the module configurable. Changing the main.tf on the root level was a side effect due to testing attempt.

-> The issue description got update to better fit the intention.

Answer 3 · 2021-01-08T08:52:30.000Z

Understood, thanks!

Answer 4 · 2021-02-01T21:56:46.000Z

PR #85 merged. Closing issues as it has been resolved.