Should ssh_port = 22 always be provisioned and exposed? #636
-
After using this terraform script, I found that the
The first block is always true, so default I mean to change to something like this?
I can create an issue as well and fix it ;) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
I understood why it's there, it's because of the rescue image which forces us to use port 22. However, you can close this port afterward, after the cluster is deployed, by applying this rule via extra_firewall_rules = [
# Close the SSH port 22
{
direction = "in"
protocol = "tcp"
port = "22"
source_ips = ["255.255.255.254/32"] # no source IPs allowed
destination_ips = [] # Won't be used for this rule
}
] |
Beta Was this translation helpful? Give feedback.
I understood why it's there, it's because of the rescue image which forces us to use port 22. However, you can close this port afterward, after the cluster is deployed, by applying this rule via
extra_firewall_rules
, it will replace it.