Closed
Bug 1139668
Opened 9 years ago
Closed 9 years ago
Allow access to internal KMS for AWS releng vpcs
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: q, Assigned: jbarnell)
Details
Need VPC access from these zones VPC us-west-1 releng.usw1 10.130.0.0/16 VPC us-west-2 releng.usw2 10.132.0.0/16 VPC us-east-1 releng.use1 10.134.0.0/16 to kms1.ad.mozilla.com 10.22.69.24 on tcp port 1688
Assignee | ||
Comment 1•9 years ago
|
||
FW1.SCL3: {primary:node0}[edit] jbarnell@fw1.scl3.mozilla.net# show | compare [edit security policies from-zone dc to-zone db] policy ldapmaster1--ldap { ... } + policy kms { + match { + source-address [ us-west-1.releng us-west-2.releng us-east-1.releng ]; + destination-address kms1.ad; + application kms; + } + then { + permit; + } + } This is complete there is no need to add policies to FW1.RELENG.SCL3 as there is an existing permit all from the VPC to the DC. Please test and confirm
Assignee | ||
Updated•9 years ago
|
Assignee: network-operations → jbarnell
Assignee | ||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment 2•9 years ago
|
||
nuked in bug 1162352 re-added per request: jbircher@fw1.ops.scl3.mozilla.net# show | compare [edit security policies from-zone dc to-zone db] policy bug-1204792--mysql { ... } + policy bug-1139668-kms { + match { + source-address [ us-west-1.releng us-west-2.releng us-east-1.releng ]; + destination-address kms1.ad.db.scl3; + application kms; + } + then { + permit; + } + }
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•