You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For ingress traffic from the internet what I usually do is to limit ALB traffic to CloudFront's public IP space. There might be legitimate use cases where you want to allow 0.0.0.0/0 so just use this check as a guideline for all other use cases where it's not desired.
https://github.com/cesar-rodriguez/terrascan/blob/b4e8922a7a388a3f0351c9b0ae52d8d95cf7a95f/terrascan/checks/security_group.py#L53
Per
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-update-security-groups.html load balancers need a source of
0.0.0.0/0
for public traffic. This test also fails for instances running VPN services, such as OpenVPN. Is there another recommended way of opening public ingress for legitimate traffic for HTTP, HTTPS, and other network protocols like OpenVPN?The text was updated successfully, but these errors were encountered: