Expand configuration options for Security Group configuration #307
Labels
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
It is not currently possible to provide/configure the Security Group for:
It would be grand to be able to have fine-grained control over those security groups.
Use Case
Presently, the security groups created for these resources allow full-egress by default. Customers that are aiming for enhanced layers of network-level access controls have a need to set these security groups to deny all egress by default, and to explicitly add their own egress rules.
Customers may also have created their own security group that, say, controls access to VPC Interface Endpoints, and they need a means by which those security groups can be added to the Repository & RenderQueue's hosts.
Proposed Solution
addSecurityGroup()
method (ex: https://docs.aws.amazon.com/rfdk/api/latest/docs/aws-rfdk.deadline.WorkerInstanceFleet.html#add-wbr-security-wbr-groupsecuritygroup ) to these constructs that allows the customer to add additional security groups to the construct after creation. In the RenderQueue, there should be separate methods for the ALB & RCS SGs. Note: These additional security groups should not be added to the Connections object of the construct -- doing that would make any use of the construct's Connections object also change the added SGs.Other
N/A
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: