Skip to content

Commit eb6418d

Browse files
committed
chore: remove SSH ingress rules
The worker and controller security groups included a rule to allow ingress SSH traffic from anywhere. I am temporarily removing the permissive rules for security purposes. Eventually I plan to implement functionality to create a bastion host that will serve as the entry point to the worker and controller instances.
1 parent 1d4e351 commit eb6418d

File tree

2 files changed

+1
-16
lines changed

2 files changed

+1
-16
lines changed

modules/controller/main.tf

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -74,15 +74,6 @@ resource "aws_security_group" "controller" {
7474
vpc_id = var.vpc_id
7575
}
7676

77-
resource "aws_security_group_rule" "ssh" {
78-
cidr_blocks = ["0.0.0.0/0"]
79-
from_port = 22
80-
protocol = "TCP"
81-
security_group_id = aws_security_group.controller.id
82-
to_port = 22
83-
type = "ingress"
84-
}
85-
8677
resource "aws_security_group_rule" "ingress" {
8778
from_port = 9200
8879
protocol = "TCP"

modules/worker/main.tf

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ data "aws_security_group" "controller" {
2222
id = var.security_group_id
2323
}
2424

25+
# Allows the workers to gossip with the controller on :9201
2526
resource "aws_security_group_rule" "controller" {
2627
from_port = 9201
2728
protocol = "TCP"
@@ -39,13 +40,6 @@ resource "aws_security_group" "worker" {
3940
to_port = 0
4041
}
4142

42-
ingress {
43-
cidr_blocks = ["0.0.0.0/0"]
44-
from_port = 22
45-
protocol = "TCP"
46-
to_port = 22
47-
}
48-
4943
ingress {
5044
cidr_blocks = ["0.0.0.0/0"]
5145
from_port = 9202

0 commit comments

Comments
 (0)