Remove AWS security rule allowing ICMP packets to nodes

* Deny ICMP packets for consistency across Typhoon clusters on
various clouds and because there isn't much need to allow them
This commit is contained in:
Dalton Hubble 2018-08-21 21:16:16 -07:00
parent da5d2c5321
commit bbf2c13eef
3 changed files with 4 additions and 40 deletions

View File

@ -4,6 +4,10 @@ Notable changes between versions.
## Latest ## Latest
#### AWS
* Remove firewall rule allowing ICMP packets to nodes
#### Bare-Metal #### Bare-Metal
* Remove `controller_networkds` and `worker_networkds` variables. Use Container Linux Config snippets [#277](https://github.com/poseidon/typhoon/pull/277) * Remove `controller_networkds` and `worker_networkds` variables. Use Container Linux Config snippets [#277](https://github.com/poseidon/typhoon/pull/277)

View File

@ -11,16 +11,6 @@ resource "aws_security_group" "controller" {
tags = "${map("Name", "${var.cluster_name}-controller")}" tags = "${map("Name", "${var.cluster_name}-controller")}"
} }
resource "aws_security_group_rule" "controller-icmp" {
security_group_id = "${aws_security_group.controller.id}"
type = "ingress"
protocol = "icmp"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "controller-ssh" { resource "aws_security_group_rule" "controller-ssh" {
security_group_id = "${aws_security_group.controller.id}" security_group_id = "${aws_security_group.controller.id}"
@ -217,16 +207,6 @@ resource "aws_security_group" "worker" {
tags = "${map("Name", "${var.cluster_name}-worker")}" tags = "${map("Name", "${var.cluster_name}-worker")}"
} }
resource "aws_security_group_rule" "worker-icmp" {
security_group_id = "${aws_security_group.worker.id}"
type = "ingress"
protocol = "icmp"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "worker-ssh" { resource "aws_security_group_rule" "worker-ssh" {
security_group_id = "${aws_security_group.worker.id}" security_group_id = "${aws_security_group.worker.id}"

View File

@ -11,16 +11,6 @@ resource "aws_security_group" "controller" {
tags = "${map("Name", "${var.cluster_name}-controller")}" tags = "${map("Name", "${var.cluster_name}-controller")}"
} }
resource "aws_security_group_rule" "controller-icmp" {
security_group_id = "${aws_security_group.controller.id}"
type = "ingress"
protocol = "icmp"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "controller-ssh" { resource "aws_security_group_rule" "controller-ssh" {
security_group_id = "${aws_security_group.controller.id}" security_group_id = "${aws_security_group.controller.id}"
@ -217,16 +207,6 @@ resource "aws_security_group" "worker" {
tags = "${map("Name", "${var.cluster_name}-worker")}" tags = "${map("Name", "${var.cluster_name}-worker")}"
} }
resource "aws_security_group_rule" "worker-icmp" {
security_group_id = "${aws_security_group.worker.id}"
type = "ingress"
protocol = "icmp"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "worker-ssh" { resource "aws_security_group_rule" "worker-ssh" {
security_group_id = "${aws_security_group.worker.id}" security_group_id = "${aws_security_group.worker.id}"