Rerouted from temp-dev to research dev, built-in AccessFrom to cluster to prevent ssh access from everywhere #69
Conversation
Start_cluster: Uses AccessFrom to users local IP to restrict access to the cluster from ssh to just them. More for security checks, we don't use ssh access anyway. Readme: Added in SSO login issues whilst in pcluster env All other file changes due to redirection of config files to a new s3 bucket.
|
Not sure this It's present here as a parameter of the Cloud Formation Stack: But contradicts itself here in the security group settings: |
|
|
||
| # FIXME: control error codes better, avoiding counterintuitive ones: i.e authed within a different account: | ||
| # ERROR: The configuration parameter 'vpc_id' generated the following errors: | ||
| # The vpc ID 'vpc-7d2b2e1a' does not exist |
There was a problem hiding this comment.
Where does that copy-pasted VPC error come from? :-S
Also, the code above makes it seem like that error management is solved?
There was a problem hiding this comment.
If a dev user runs through the Tothill account, I don't have access to that VPC.
There was a problem hiding this comment.
I think this is still on the TODO list, or maybe I write something up in the troubleshooting section of the Readme.
I just started the download of the gridss hg38 refdata into an efs system and regretting not prioritising that as a morning task so now looking for things to do...
… Place additional errors in the readme rather than try control them from the script.
…ting to 0.0.0.0/0
This has been resolved in 3e95d38 with @victorskl suggestion |
Start_cluster:
Uses AccessFrom to users local IP to restrict access to the cluster from ssh to just them. More for security checks, we don't use ssh access anyway.
Readme:
Added in SSO login issues whilst in pcluster env
All other file changes due to redirection of config files to a new s3 bucket.