6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"I want to copy files to AWS ec2 using buildspec.yml file, the 22 port is open for all the traffic. How to restrict the 22nd port for only codebuild?\",\"text\":\"

I want to ssh to the aws ec2 server on port 22. The port is open for all traffic. I want to restrict the traffic for only aws codebuild pipeline. How I can do this?

\\n

I want to ssh to the aws ec2 server on port 22. The port is open for all traffic. I want to restrict the traffic for only aws codebuild pipeline. How I can do this?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"muhammad adil\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","amazon-ec2",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/amazon-ec2/1","children":"amazon-ec2"}]}],["$","span","ssh",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ssh/1","children":"ssh"}]}],["$","span","pipeline",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/pipeline/1","children":"pipeline"}]}],["$","span","aws-codebuild",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/aws-codebuild/1","children":"aws-codebuild"}]}],["$","span","aws-pipeline",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/aws-pipeline/1","children":"aws-pipeline"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://graph.facebook.com/267368567605336/picture?type=large","alt":"muhammad adil","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/13132546/muhammad-adil","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"muhammad adil"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",49]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"I want to copy files to AWS ec2 using buildspec.yml file, the 22 port is open for all the traffic. How to restrict the 22nd port for only codebuild?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I want to ssh to the aws ec2 server on port 22. The port is open for all traffic. I want to restrict the traffic for only aws codebuild pipeline. How I can do this?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",527]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","76854851",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://lh5.googleusercontent.com/-ev8ZUFZbJSw/AAAAAAAAAAI/AAAAAAAASnA/ZJFdeGVE4ZE/photo.jpg?sz=256","alt":"Vasyl Herman","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/11724269/vasyl-herman","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Vasyl Herman"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",474]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

It's advaisable using AWS Systems Manager run command versus scp and ssh commands directly to the instance. Update the CodeBuild project role with the necessary permissions. Store files in a private S3 Bucket. To restrict access leverage IAM or resouse based Policies with conditions.

https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-cli.html

Notes:
\nThere is no way to restrict SG ingress rule to allow CodeBuild servise. It just doesn't make sense. Even if you get a pool of IPs used by CodeBuild service it doesn't look like a secure solution.

VPC hosted CodeBuild instance? Maybe... But still not the most secure and as flexible as ssm connection.

VPC Endpoints for CodeBuild? It works another way around.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","4565700",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4565700","className":"text-blue-600 hover:underline","children":"How to specify the private SSH-key to use when executing shell command on Git?"}]}],["$","li","21095054",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21095054","className":"text-blue-600 hover:underline","children":"SSH Key - Still asking for password and passphrase"}]}],["$","li","3596260",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3596260","className":"text-blue-600 hover:underline","children":"git remote add with other SSH port"}]}],["$","li","7475223",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7475223","className":"text-blue-600 hover:underline","children":"mysql_config not found when installing mysqldb python interface"}]}],["$","li","7881469",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7881469","className":"text-blue-600 hover:underline","children":"Change key pair for ec2 instance"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

I want to copy files to AWS ec2 using buildspec.yml file, the 22 port is open for all the traffic. How to restrict the 22nd port for only codebuild?

Answers (1)

Related Questions