Skip to content

v0.21.0
Compare
Choose a tag to compare
@github-actions github-actions released this 21 Jul 23:20
· 48 commits to main since this release
0.21.0
4cc97b3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
adding a feature to customize the egress rule @haidargit (#54)

what

  • Added 4 new variables egress_source_port, egress_dest_port, egress_protocol, and allowed_egress_cidr_blocks for the "aws_security_group_rule" "egress" resource.
  • By default, the egress rule 0.0.0.0/0 will be created. If user is expected to restrict outbound traffic, they can specify the required values.

why

  • We propose this PR because there are scenarios where users may want to restrict outbound traffic from their DocDB instances.
  • if the DocDB cluster is only used internally and do not need to communicate with wide systems or network, users may want to customize the egress rule for 0.0.0.0/0. By providing the option to customize the egress rule, we are giving users a control over their security posture (compliance). For example, our docdb may only connected with internal applications inside the aws eks cluster, or users may integrate their cloud resources with a third party, such as Prisma Cloud or maybe use tfsec as their security scanner, which prompts users to kindly avoid 0.0.0.0/0 for security best practices.

references

  • This PR will help to cover the minimum egress exposure of the security group, including: #34

Thank you

Contributors

haidargit
Assets 2
Loading