Enhance Cluster security
Hello,
The AWS Security Group created by the Qovery cluster raise critical security error based on standard NIST cybersecurity framework.
CRITICAL
This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control fails if any of the rules in a security group allow ingress traffic from 0.0.0.0/0 or ::/0 for those ports.
Related requirements: NIST.800-53.r5 AC-4, NIST.800-53.r5 AC-4(21), NIST.800-53.r5 CA-9(1), NIST.800-53.r5 CM-2, NIST.800-53.r5 CM-2(2), NIST.800-53.r5 CM-7, NIST.800-53.r5 SC-7, NIST.800-53.r5 SC-7(11), NIST.800-53.r5 SC-7(16), NIST.800-53.r5 SC-7(21), NIST.800-53.r5 SC-7(4), NIST.800-53.r5 SC-7(5)
We can change it manually but like qovery cluster is managed and automated I expect to have an automatic enforced security group.
What do you think ?
Please authenticate to join the conversation.
Upvoters
Status
β Done
Board
π‘ Feature Request
Date
Over 2 years ago
Author
MickaΓ«l G.
Subscribe to post
Get notified by email when there are changes.
Upvoters
Status
β Done
Board
π‘ Feature Request
Date
Over 2 years ago
Author
MickaΓ«l G.
Subscribe to post
Get notified by email when there are changes.