mirror of
https://github.com/nickpoida/og-aws.git
synced 2025-02-13 10:21:57 +00:00
Added note about using Source Security Groups (#144)
* Added note about using Source Security Groups * Updated based on suggestions
This commit is contained in:
Jaanus Torp
Thanos Baskous
parent
9c454eef00
commit
2668a662f8
1 changed files with 1 additions and 0 deletions
|
|
@ -1147,6 +1147,7 @@ VPCs, Network Security, and Security Groups
|
|||
- You expose a smaller surface area for attack compared to exposing separate (potentially authenticated) services over the public internet.
|
||||
- e.g. A bug in the YAML parser used by the Ruby on Rails admin site is much less serious when the admin site is only visible to the private network and accessed through VPN.
|
||||
- Another common pattern (especially as deployments get larger, security or regulatory requirements get more stringent, or team sizes increase) is to provide a [bastion host](https://www.pandastrike.com/posts/20141113-bastion-hosts) behind a VPN through which all SSH connections need to transit.
|
||||
- 🔹Consider using other security groups as sources for security group rules instead of using CIDRs — that way, all hosts in the source security group and only hosts in that security group are allowed access. This is a much more dynamic and secure way of managing security group rules.
|
||||
|
||||
### VPC and Network Security Gotchas and Limitations
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue