This repository has been archived by the owner on Jan 4, 2024. It is now read-only.
Restricting access to ALB prevents the website service from reaching the product service #52
Comments
|
I do have a fix for this where I add the natgw ips to the alb sg. I had an issue with a merge conflict in my pr and have not gotten back to it but I do expect to send a pr with the fix in the next few days. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The ALB portion of security-groups.yaml mentions that access to the ALB can be restricted by changing the CIDR, wide open by default. However, if that is changed it breaks the website service from accessing the product service because the request comes from the ECS hosts via the NAT Gateways which will not be allowed.
While the NAT Gateway addresses can be subsequently manually added to the ALB SG it would be more convenient to support that change in the configuration.
The text was updated successfully, but these errors were encountered: