...
| Security Group | Description | Ports | Details | Notes | Temp rule notes | |||
|---|---|---|---|---|---|---|---|---|
| CHF-Access-Web | CHF internal web access | 80, 443IT | has the See list of addresses, may need to be updated for California offices?internal addresses [[here]] | Includes Offsite access addresses for Jonathan | ||||
Management-Access | worldwide ssh access | 22 | All machines MUST have this group to allow ssh access. Currently allows worldwide ssh access, we're using keys to lock things down. | |||||
Public-Access-Web | Public web access | 80, 443 | Open worldwide, to be applied to public web facing servers. App servers only. | |||||
Temp-Development | short term dev firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | |||||
Temp-Production | short term production firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | Will be adding Cat and Sarah to Hydra for off-site access in case of Septa strike. Roger Turner has his address (75.75.165.67) added for offsite access to Hydra. | ||||
Temp-Staging | short term staging firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | Andrew, for rebranding, has access. | ||||
| internal-networking-production | Access between production machines | 808080, 8983, 4436379, 80805432, 898319999 | All Samvera machines must be members of this group so they can communicate to share REST data, port 8080 is fedora and Fedora, 8983 is Solr. | EFS | Access to Elastic File System | ?? | Not in use yet, will allow access to EFS connections, 6379 is Redis, 5432 is Postgres, 19999 is netdata for monitoring. | Do not mix production and staging boxes, this divide avoids security group rule tests from impacting production. The only box on both is monitor to watch both groups. |
| internal-networking-staging | Access between staging machines | 8080, 8983, 6379, 5432, 19999 | All Samvera machines must be members of this group so they can communicate to share REST data, port 8080 is Fedora, 8983 is Solr, 6379 is Redis, 5432 is Postgres, 19999 is netdata for monitoring. | Do not mix production and staging boxes, this divide avoids security group rule tests from impacting production. The only box on both is monitor to watch both groups. |
When a machine has multiple security groups, as long as any one of the groups allows access the connection will work through the firewall. Anything not covered will be rejected however.