Merge pull request #9 from andresionek91/adjust-ip-whitelisting

andresionek91 · web-flow · commit b83894bc6d84 · 2020-09-10T20:34:57.000+01:00
re add egress rules to scheduler and workers
diff --git a/cloudformation/84_airflow-scheduler.yml.j2 b/cloudformation/84_airflow-scheduler.yml.j2
@@ -6,6 +6,11 @@ Resources:
     Properties:
       GroupDescription: Security group for Airflow Scheduler
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-scheduler-security-group"
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
       VpcId: !ImportValue network-VpcId
       Tags:
         - Key: Name
diff --git a/cloudformation/86_airflow-workers.yml.j2 b/cloudformation/86_airflow-workers.yml.j2
@@ -6,6 +6,11 @@ Resources:
     Properties:
       GroupDescription: Security group for Airflow workers
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-workers-security-group"
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
       SecurityGroupIngress:
         - CidrIp: "{{ service.cidrBlock }}/16"
           FromPort: "{{ service.workers.port }}"
