堆栈内存溢出
  简体   繁体   English

设置 AWS 安全组入站规则让 Gilabci 管道在 RDS 中进行更改

[英]Set AWS Security Group inbound rule to let Gilabci pipeline make changes in RDS

 原文  2022-09-28 11:39:06       amazon-web-services/ amazon-cloudformation/ amazon-rds

问题描述

I am able to access AWS RDS from gitlabci pipeline using 0.0.0.0/0 CidrIp but it is widely opened.我可以使用 0.0.0.0/0 CidrIp 从 gitlabci 管道访问 AWS RDS,但它已被广泛开放。

This is my SecurityGroupIngress definition in cloudformation file:这是我在 cloudformation 文件中的 SecurityGroupIngress 定义:

SecurityGroupIngress:
                -   CidrIp: 0.0.0.0/0
                    FromPort: 5432
                    ToPort: 5432
                    IpProtocol: TCP
                    Description: Allows traffic from gitlb ci

It works fine.它工作正常。

I have no idea how to set gitlabci's ip address range to make AWS RDS more secure.我不知道如何设置 gitlabci 的 ip 地址范围以使 AWS RDS 更安全。

I found this docs: gitlab ip range我找到了这个文档: gitlab ip 范围

There is link to all possible ip addresses on google cloud cloude.josn谷歌云cloude.josn上有指向所有可能的 ip 地址的链接

Here is similar topic on stackoverflow这是关于stackoverflow的类似主题

I need ip and mask.我需要 ip 和口罩。

1 个解决方案

解决方案1
 0 已采纳  2022-09-28 15:51:16

For outgoing connections from CI/CD runners, we are not providing static IP addresses.对于来自 CI/CD 运行器的传出连接,我们不提供 static IP 地址。 All GitLab.com shared runners are deployed into Google Cloud Platform (GCP) in us-east1所有 GitLab.com 共享运行器都部署到 us-east1 的谷歌云平台 (GCP)

Here is a list of all GCP CIDR blocks in us-east1 , assuming you are using Gitlab runners.这是us-east1中所有 GCP CIDR 块的列表,假设您使用的是 Gitlab 跑步者。

"34.23.0.0/16"
"34.24.0.0/15"
"34.26.0.0/16"
"34.73.0.0/16"
"34.74.0.0/15"
"34.98.128.0/21"
"34.118.250.0/23"
"34.138.0.0/15"
"34.148.0.0/16"
"35.185.0.0/17"
"35.190.128.0/18"
"35.196.0.0/16"
"35.207.0.0/18"
"35.211.0.0/16"
"35.220.0.0/20"
"35.227.0.0/17"
"35.229.16.0/20"
"35.229.32.0/19"
"35.229.64.0/18"
"35.231.0.0/16"
"35.237.0.0/16"
"35.242.0.0/20"
"35.243.128.0/17"
"104.196.0.0/18"
"104.196.65.0/24"
"104.196.66.0/23"
"104.196.68.0/22"
"104.196.96.0/19"
"104.196.128.0/18"
"104.196.192.0/19"
"162.216.148.0/22"
"2600:1900:4020::/44"

Methodology:方法:

curl https://www.gstatic.com/ipranges/cloud.json | jq '.prefixes[] | select(.scope=="us-east1") | .ipv4Prefix // .ipv6Prefix'

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 Terraform (AWS) 将安全组添加到另一个安全组的入站规则作为源 - Add a Security Group to the Inbound Rule of another Security Group as a Source with Terraform (AWS) AWS RDS 无法连接安全组 - AWS RDS can't connect security group 如何将 beantalk 应用程序作为入站规则添加到安全组 - How to add a beanstalk app to a security group as a inbound rule AWS 安全组:入站和出站规则需要什么? - AWS Security Group: What is needed in inbound and outbound rules? 将包含自身和安全组 ID 的 aws_security_group_rule 添加到安全组 - Add an aws_security_group_rule that contains self and a security group id to a security group 源端口和目标端口不同,因此我需要在入站 aws 安全组中提及哪个端口号 - Source and destination ports are different, so which port number i need to mention in inbound aws security group aws_security_group_rule 属性 cidr_blocks 和 source_security_group_id 的冲突问题 - conflicting issue for aws_security_group_rule attributes cidr_blocks and source_security_group_id AWS Cloudformation - 向安全组出口规则添加条件 - AWS Cloudformation - Add condition to security group egress rule 为什么 AWS 安全组不允许 sg-ID 的入站 http 流量 - Why does AWS Security group not allow inbound http traffic by sg-ID AWS CloudFormation:无法创建 RDS 数据库,因为数据库安全组无法引用 web 服务器的安全组 - AWS CloudFormation: unable to create RDS database because database security group cannot reference the web server's security group
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM