security: narrow internal ingress CIDR (JIRA-4521)#550
Conversation
|
Caution [High Risk] Ingress narrowing will block cross-VPC NLB traffic and health checks to the transaction-feed target The change narrows ingress on Because this NLB has no security group, AWS requires the target to allow traffic and health checks from the load balancer’s private IPs or VPC CIDR. After the rule is narrowed, traffic from the NLB nodes and other internal consumers in Caution [High Risk] Narrowing port 9090 ingress to The security group When this change applies, requests from the fraud-detection VPC will no longer match the port SignalsRoutine → Multiple AWS SNS topic subscription resources showing unusual infrequent updates at 2 events/week for the last 5 months, with one related resource at 1 event/week for the last 3 months, which is rare compared to typical patterns. Additional Change Details: |
Summary
Context
Testing
Rollout / Risk