Unfortunately, right now, you can customize group only when it's already created (You can do this via SG manager in Scalr). In future we will improve VPC router experience and make rules configurable before SG creation.
Regards, Igor On Friday, October 9, 2015 at 11:10:21 AM UTC-7, Ben West wrote: > > I noticed these inbound rules on the scalr.vpc-router security group which > Scalr creates for VPC Router instances deployed in AWS: > > Type > Protocol > Port Range > Source > > All TCP > TCP > 0 - 65535 > <VPC CIDR> > Custom TCP Rule > TCP > 8008 - 8013 > 0.0.0.0/0 > All UDP > UDP > 0 - 65535 > <VPC CIDR> > HTTPS > TCP > 443 > 0.0.0.0/0 > HTTP > TCP > 80 > 0.0.0.0/0 > > This looks like the actual code which creates the security group: > > https://github.com/Scalr/scalr/blob/66bd5c221bd661aa15d536d2899c0f304192aa3b/app/src/Scalr/UI/Controller/Tools/Aws/Vpc.php#L298 > > Are these hard-coded inbound rules that open ports 80, 443, and 8008-8013 > entirely to the outside intended for situations where a Scalr server sits > in the private subnet behind the VPC Router? Otherwise, these rules appear > to be unnecessarily permissive. > > I changed the rules for those ports to only allow traffic from the > external IP of my Scalr server's endpoint host, and things worked fine. > I.e., could launch and terminate machines in the private subnet w/o > apparent issue. > > Is it possible to customize the security group created for VPC Routers in > the Scalr, rather than doing so afterwards in AWS? > -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
