Skip to content

[Security] Scoped down the network access to managed EFS and FSx stor… #7193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
gmarciani wants to merge 1 commit into
base: develop
Choose a base branch
from
Draft

[Security] Scoped down the network access to managed EFS and FSx stor… #7193

gmarciani wants to merge 1 commit into from

Conversation

@gmarciani
Copy link
Contributor

@gmarciani gmarciani commented Jan 13, 2026

…age from head node and compute nodes.

In particular, before this change all traffic used to be allowed from head node and compute nodes to the shared storage. With this chnage this access is restricted to the minimum ports required.

For EFS, we restrict access to port 2049.
For FSx, we restct access to ports 988, 1018-1023.

Description of changes

  • Describe what you're changing and why you're doing these changes.

Tests

  • Describe the automated and/or manual tests executed to validate the patch.
  • Describe the added/modified tests.

References

  • Link to impacted open issues.
  • Link to related PRs in other packages (i.e. cookbook, node).
  • Link to documentation useful to understand the changes.

Checklist

  • Make sure you are pointing to the right branch.
  • If you're creating a patch for a branch other than develop add the branch name as prefix in the PR title (e.g. [release-3.6]).
  • Check all commits' messages are clear, describing what and why vs how.
  • Make sure to have added unit tests or integration tests to cover the new/modified code.
  • Check if documentation is impacted by this change.

Please review the guidelines for contributing and Pull Request Instructions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@gmarciani gmarciani force-pushed the wip/mgiacomo/3150/shared-storage-sg-rule-fix-0912-1 branch 6 times, most recently from fd3911a to 0f1389a Compare January 13, 2026 03:04
@gmarciani
[Security] Scoped down the network access to managed EFS and FSx storage
61c5854 
from head node and compute nodes.

In particular, before this change all traffic used to be allowed
from head node and compute nodes to the shared storage.

With this chnage this access is restricted to the minimum ports required.

For EFS, we restrict access to port 2049.
For FSx, we restct access to ports 988, 1018-1023.
@gmarciani gmarciani force-pushed the wip/mgiacomo/3150/shared-storage-sg-rule-fix-0912-1 branch from 0f1389a to 61c5854 Compare January 13, 2026 04:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gmarciani