Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security-groups]

175 questions
0
votes
1 answer

Domain Controller Blocking SAMR Request

I have a software that is used for monitoring user logins. In the software it uses a SAMR request to get user groups for allowing users in an out of the machine. When the software reaches out with a SAMR request for the groups it looks like it is…
JukEboX
  • 815
  • 4
  • 17
  • 46
0
votes
0 answers

EC2 port 80 refused to connect on public IP but can connect using private IP

Question simplified I can do curl {publicip}:4321 but not curl {publicip}:80 or curl {publicip}. But from the server's ssh, i can run curl {privateip}:80 and curl localhost:80 without any issues. And also, both port 80 and port 4321 are added to…
Nandu Kkd
  • 1
0
votes
1 answer

Do firewalld rich-rules apply irrespective of the allowed services in a zone?

Context: I have firewalld running on an AWS EC2. Goal: I want to add a rich rule to the default zone (public) that allows traffic from a certain CIDR range/IP address range/subnet over port 443 (HTTPS) via the TCP protocol. I'm adding this rule to…
Prithvi Boinpally
  • 103
  • 4
0
votes
0 answers

Can you specify the SSM parameter store as a target in an AWS Security Group egress rule?

I would like to tightly restrict outbound network level access from groups of EC2 instances. For these instances, I need to allow access to the Parameter Store. I also need to allow access to S3. For S3, AWS provides a Prefix List and I can use…
Prof Von Lemongargle
  • 348
  • 3
  • 10
0
votes
1 answer

Permission for Users group successfully modified via code, but change is not reflected in Security tab for the Users group

I have C# code (at the end) which: Creates a file Prints the current ACL Gives the builtin users group "write permissions" to the previously created file Prints the current modified ACL The write permissions are successfully assigned via code as…
Legenda
  • 89
  • 7
0
votes
1 answer

FortiGate Next Gen Firewall AWS security groups

I'm new to AWS using a FortiGate in front as the gateway. Would you need to utilize the security groups, or could I make one to permit all traffic and attach it since the fortigate handles everything.
SGNjH
  • 3
  • 2
0
votes
0 answers

Issue while setting up CloudStack Advance Zone with security group

Apache CloudStack v4.17.2 I am trying to setup CloudStack Advance Zone with security groups. I have two network bridges cloudbr0 (10.4.1.1/16) and cloudbr1 (10.6.1.1/16). I am using cloudbr0 for Management Network and cloudbr1 for the Guest…
user12140050
  • 11
  • 3
0
votes
0 answers

How to connect securely from Redshift serverless to federated RDS Aurora cluster schema?

I have a Redshift serverless workgroup inside a VPC, and I want to securely create a federated schema of an RDS Aurora cluster through a security group or another mechanism. The Aurora cluster is in the same VPC and uses the same public subnets as…
Eligio Mariño
  • 101
  • 3
0
votes
0 answers

AWS Cloudfront front-facing for ELB Origin

Right now I'm working with Cloudfront as front-facing for the Application Load Balancer in AWS. I attached my default Security Group (one) which has inbound rule both for HTTP and HTTPS for source 0.0.0.0/0, it works fine, and I can access my…
rodentskie
  • 3
  • 3
0
votes
1 answer

ECS containers on EC2 cannot mount EFS volumes

I have created an ECS cluster backed by an EC2 auto-scaling group and launched a service in it that uses EFS for NFS storage. The service is running in awsvpc network mode so that I'm able to control traffic to and from it. There is a security group…
user1933738
  • 247
  • 1
  • 6
0
votes
1 answer

How do i add a security group as an inbound rule to another security group in terraform

I have a Terraform codebase which deploys a private EKS cluster, a bastion host and other AWS services. I have also added a few security groups to the in Terraform. One of the security groups allows inbound traffic from my Home IP to the bastion…
eagercoder
  • 123
  • 1
  • 4
0
votes
1 answer

How to get name of BUILTIN\Users & BUILTIN\Power Users

Is there a universal way to get the principals BUILTIN\Users or BUILTIN\Power Users (specifically retrieve the name) The obvious answer would be that I already have the names! However, they are called different things in different languages, so I'd…
komodosp
  • 121
  • 6
0
votes
0 answers

Restrict an instance access through security groups to itself on aws (Pfsense)

My intention is to create a VPN server. So i created and configured an instance on AWS as a VPN server (Pfsense), then i added in the security groups the destination 0.0.0.0/0 of the VPN port (1194). It works very well. When I connect to the VPN, my…
Lucas Polloni
  • 1
  • 1
0
votes
1 answer

Does blocking all outgoing traffic on cloud instance lock me out?

I have to test an app which first downloads data, but then, can not communicate with the world for the duration of the test (so it doesn't gossip stuff). There are ways to enforce this on the app, but I would like to be 100% and block all outgoing…
transient_loop
  • 499
  • 1
  • 4
  • 15
0
votes
0 answers

TCP communication on port not responding on different Availability Zone or Subnet

I'm a little curious and confused about this situation. We setup a monitoring instance scraping an exposed endpoint on 2 different instances. Both on same VPC, same security group, same route table and ACL. Also, both instances uses the same AMI.…
forgondolin
  • 1
  • 1
1 2 3
11 12