Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Elastic Bamboo automatically generates the `elasticbamboo` security group, and attaches it to the EC2 instance running the agent.
The inbound rules on this SG allow all traffic on the exposed ports:
This poses a potential security vulnerability.
Even after all Elastic Instances have been terminated, the SG remains, and at the very least will appear on security scans.
There should be an option to change the 'source' value for the SG to a specific CIDR rather than "0.0.0.0/0"