Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
Some customers would like to have greater control over (essentially) firewall settings of EC2 instances (for example IP-lock inbound rules to the location of Bamboo server).
Currently, Bamboo does not let them do it - it will allow only new rules, changes to existing rules (SSH,RDP,Tunnel) will be reverted.
We should add a configuration option that would prevent Bamboo from fully controlling rules in existing groups. With this option enabled, security group rule sync would be slightly changed:
- if the group didn't exist, inbound rules would be added as they are today.
- if the group already existed, SSH and RDP settings wouldn't be touched.
- if the group already existed, tunnel port rule would have to exist, but could be IP-locked. An IP-locked rule would be logged at DEBUG level.