renproject/darknode-cli

Make AWS SSH security group CIDR configurable

11qu1d opened this issue · 0 comments

Hi, i noticed the below in the Terraform template:

// SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

If there is no other use apart from the initial setup and maintenance, SSH should not be exposed to the wider internet.

It would be nice to have an option to change that to another custom CIDR block.

Thank you