akshayar opened a new issue, #16176: URL: https://github.com/apache/pulsar/issues/16176
**Is your enhancement request related to a problem? Please describe.** A clear and concise description of what the enhancement is. I am referring to https://github.com/apache/pulsar/blob/master/deployment/terraform-ansible/aws/security.tf. The default security group (SG) opens SSH to the world and this SG gets applied to all the nodes. This is not a right practice. I would recommend opening only the proxy for SSH from anywhere. You can allow SSH from the default SG elsewhere. **Describe the solution you'd like** A clear and concise description of what you want to happen. I am referring to https://github.com/apache/pulsar/blob/master/deployment/terraform-ansible/aws/security.tf. Create 3 SGs. 1) ELB 2) Proxy and 3) default. Open only Proxy for SSH. Apply Proxy and default to proxy server. Apply default to all other nodes. Also in the instructions ask to use private IP everywhere. `TF_STATE=./ TF_KEY_NAME=private_ip ansible-playbook --user='ec2-user' --inventory=~/environment/terraform-inventory ../deploy-pulsar.yaml ` , this is useful as now servers are connecting to each other using private IP. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
