I noticed these inbound rules on the scalr.vpc-router security group which Scalr creates for VPC Router instances deployed in AWS:
Type | Protocol | Port Range | Source |
---|
|
| | | |
| | | |
| | | |
| | | |
| | | |
This looks like the actual code which creates the security group:
https://github.com/Scalr/scalr/blob/66bd5c221bd661aa15d536d2899c0f304192aa3b/app/src/Scalr/UI/Controller/Tools/Aws/Vpc.php#L298Are these hard-coded inbound rules that open ports 80, 443, and 8008-8013 entirely to the outside intended for situations where a Scalr server sits in the private subnet behind the VPC Router? Otherwise, these rules appear to be unnecessarily permissive.
I changed the rules for those ports to only allow traffic from the external IP of my Scalr server's endpoint host, and things worked fine. I.e., could launch and terminate machines in the private subnet w/o apparent issue.
Is it possible to customize the security group created for VPC Routers in the Scalr, rather than doing so afterwards in AWS?