Reputation: 4479
Is there any risk from the outside to open up all traffic to instance without public ip?
We have a vpc 4 tunnels form 4 different location, and a nat for internet access. Inside this vpc is an instance with no public ip address. Everything communicates by private ip.
Since its okay if every internal machine has access to it, is it OK for me to allow all traffic from 0.0.0.0/0?
Is there any risk to it from the outside?
Upvotes: 0
Views: 81
Answers (1)
Reputation: 3404
A security best practice is to block all traffic and explicitly allow only traffic to known services from certain locations. (This is how EC2 security groups function.) It may seem ok now but if an instance were to have a public IP address at some point in the future it could potentially open your entire VPC up to the world. I highly recommend that you restrict the traffic.
Upvotes: 2
Related Questions
- Is it necessary to set public ip on ec2 instance behind internet facing ELB in AWS?
- EC2 instances should not have a public IP address | AWS Foundational Security Best Practices
- Can an instance with public IP in private subnet receive internet traffic?
- Can someone connect/discover my AWS service/instance locally (using a private addresses)?
- EC2 instance in a public subnet has no public IP
- Why does it matter if my EC2 instance is publicly available?
- How safe is to use public subnet?
- Public IP address for outgoing traffic AWS
- Access Internet from AWS VPC instance without public IP address
- Accessing an EC2 instance launched into a VPC without public IP address?