Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update DenyEC2InstancesWithoutEncryptionInTransit #23

Merged
merged 5 commits into from
Sep 27, 2022
Merged

Update DenyEC2InstancesWithoutEncryptionInTransit #23

merged 5 commits into from
Sep 27, 2022

Conversation

Nuru
Copy link
Contributor

@Nuru Nuru commented Sep 26, 2022
edited
Loading

what

  • Update DenyEC2InstancesWithoutEncryptionInTransit policy with current list of instances
  • Move policies requiring template parameters to separate sub-directories
  • Fix DenyS3InNonSelectedRegion policy
  • Replace DenyRegionUsage policy with DenyRegions and RestrictToSpecifiedRegions policies

why

  • Previous policy was missing a lot of instance types that provide encryption in transit, such as c6i, c7g, and g5 to name a few
  • Allow people to include catalog/*.yaml without needing to specify any parameters
  • The DenyS3InNonSelectedRegion policy was completely broken, having no effect
  • The DenyRegionUsage policy was confusing, because it took a parameter called regions_lockdown which was a list of regions to allow. The new policies let you choose to either whitelist or blacklist regions.

references

@Nuru Nuru added the minor New features that do not break anything label Sep 26, 2022
@Nuru Nuru requested a review from aknysh September 26, 2022 23:36
@Nuru Nuru requested review from a team as code owners September 26, 2022 23:36
aknysh
aknysh previously approved these changes Sep 26, 2022
View reviewed changes
@Nuru
Copy link
Contributor Author

Nuru commented Sep 27, 2022

/test all

@Nuru
Copy link
Contributor Author

Nuru commented Sep 27, 2022

/test all

@Nuru Nuru merged commit 60dea75 into master Sep 27, 2022
mcalhoun
mcalhoun reviewed Sep 27, 2022
View reviewed changes
catalog/ec2-policies.yaml
Comment on lines +77 to +85
# updated 2022-09-26
- c5a.12xlarge
- c5a.16xlarge
- c5a.24xlarge
- c5a.2xlarge
- c5a.4xlarge
- c5a.8xlarge
- c5a.large
- c5a.xlarge
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason you updated these to the specific instance types rather than the wildcard?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcalhoun mcalhoun mcalhoun left review comments

@aknysh aknysh aknysh approved these changes

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland was automatically assigned from cloudposse/contributors

@RothAndrew RothAndrew Awaiting requested review from RothAndrew RothAndrew was automatically assigned from cloudposse/contributors

@nitrocode nitrocode Awaiting requested review from nitrocode

@osterman osterman Awaiting requested review from osterman

Assignees
No one assigned
Labels
minor New features that do not break anything
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Nuru @mcalhoun @aknysh