Skip to content

v1.1.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 05 Mar 16:34
· 11 commits to main since this release
1.1.0
9f7e8a3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Make allow_all_egress a variable @dlacosteGFM (#126)

What changes in this PR?

  • Default change is nothing (with this PR applied, nobody would have to change anything)
  • Makes a new parameter allow_all_egress which defaults to false
  • When creating the security group for the EFS volume, this line makes the security-group have an "allow egress to 0.0.0.0/0" rule entry. This PR makes that a configurable parameter instead

Why make this change?

  • EFS doesn't actually do egress, so this really makes no impact difference at all
  • ...but during a security audit we have a dangling "why do you allow egress to 0.0.0.0/0 on this?" question with no really good answer (so let's get rid of it as it doesn't do anything anyways)

References

  • PCI DSS 3.2.1 rule 1.1.7 - Requirement to review firewall and router rule sets every 6 months
  • PCI DSS 3.2.1 rule 1.2.1 - Restrict inbound and outbound traffic to that which is necessary for the environment

Contributors

dlacosteGFM
Assets 2
Loading