security: narrow internal ingress CIDR (JIRA-4521) [with knowledge file]#547
security: narrow internal ingress CIDR (JIRA-4521) [with knowledge file]#547dylanratcliffe wants to merge 2 commits into
Conversation
|
Caution [High Risk] CIDR narrowing will block the fraud-detection VPC from the regulated feed and internal health paths The This will cut off the live PCI-scoped feed on port Caution [High Risk] Narrowing the port 9090 ingress CIDR will block the approved fraud-detection feed path and expose a PCI-violating public-endpoint fallback The change to Once applied, the approved peering path from fraud-detection to the feed will be blocked. Because the same API server also has a public endpoint ( SignalsRoutine → Multiple AWS SNS topic subscription resources showing unusual infrequent updates at 2 events/week for the last 5 months, with one related resource at 1 event/week for the last 3 months, which is rare compared to typical patterns. Additional Change Details: |
Summary
.overmind/knowledge/cross-vpc-regulated-feed.mddocumenting the cross-VPC dependency this change affects.Context
Testing
Rollout / Risk