[ https://issues.apache.org/jira/browse/SPARK-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicholas Chammas updated SPARK-2528: ------------------------------------ Description: {{spark-ec2}} configures EC2 security groups with ports [open to the world | https://github.com/apache/spark/blob/9c73822a08848a0cde545282d3eb1c3f1a4c2a82/ec2/spark_ec2.py#L280]. This is an unnecessary security risk, even for a short-lived cluster. Wherever possible, it would be better if, when launching a new cluster, {{spark-ec2}} detects the host's external IP address (e.g. via {{icanhazip.com}}) and grants access specifically to that IP address. was: {{spark-ec2}} configures EC2 security groups with ports [open to the world | https://github.com/apache/spark/blob/master/ec2/spark_ec2.py#L280]. This is an unnecessary security risk, even for a short-lived cluster. Wherever possible, it would be better if, when launching a new cluster, {{spark-ec2}} detects the host's external IP address (e.g. via {{icanhazip.com}}) and grants access specifically to that IP address. > spark-ec2 security group permissions are too open > ------------------------------------------------- > > Key: SPARK-2528 > URL: https://issues.apache.org/jira/browse/SPARK-2528 > Project: Spark > Issue Type: Bug > Components: EC2 > Affects Versions: 1.0.0 > Reporter: Nicholas Chammas > Priority: Minor > > {{spark-ec2}} configures EC2 security groups with ports [open to the world | > https://github.com/apache/spark/blob/9c73822a08848a0cde545282d3eb1c3f1a4c2a82/ec2/spark_ec2.py#L280]. > This is an unnecessary security risk, even for a short-lived cluster. > Wherever possible, it would be better if, when launching a new cluster, > {{spark-ec2}} detects the host's external IP address (e.g. via > {{icanhazip.com}}) and grants access specifically to that IP address. -- This message was sent by Atlassian JIRA (v6.2#6252)