I noticed these inbound rules on the scalr.vpc-router security group which Scalr creates for VPC Router instances deployed in AWS:
Type Protocol Port Range Source All TCP TCP 0 - 65535 <VPC CIDR> Custom TCP Rule TCP 8008 - 8013 0.0.0.0/0 All UDP UDP 0 - 65535 <VPC CIDR> HTTPS TCP 443 0.0.0.0/0 HTTP TCP 80 0.0.0.0/0 This looks like the actual code which creates the security group: https://github.com/Scalr/scalr/blob/66bd5c221bd661aa15d536d2899c0f304192aa3b/app/src/Scalr/UI/Controller/Tools/Aws/Vpc.php#L298 Are these hard-coded inbound rules that open ports 80, 443, and 8008-8013 entirely to the outside intended for situations where a Scalr server sits in the private subnet behind the VPC Router? Otherwise, these rules appear to be unnecessarily permissive. I changed the rules for those ports to only allow traffic from the external IP of my Scalr server's endpoint host, and things worked fine. I.e., could launch and terminate machines in the private subnet w/o apparent issue. Is it possible to customize the security group created for VPC Routers in the Scalr, rather than doing so afterwards in AWS? -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
