Rethink network security group permissions #103
Description
Short Description
The policies of the current security groups in the xnat-aws is likely too restrictive. We need to think about what makes sense for usability within UCL for courses and for public.
Evidence/Steps to Reproduce
Currently, terraform only allows access to xnat-web and xnat-cserv to the IP that made the call to terraform. The issue becomes if someone disconnects their laptop and gets a new IP from UCL, then you have to re-adjust the security group rules to allow access to the new IP address.
Also, we want the Appstream to have access to the web server and the EFS as well, especially if we create the infrastructure and want the attendees to interact with the server via AppStream.
I confirmed this as I was unable to work with the web server or SSH into the server after leaving the office, and then when I changed the security group to allow my new IP address and the private subnets in the network, then I was able to work with these components again.
Acceptance Criteria/Expected Behaviour
When the problem is resolved, the people setting up the infrastructure can keep working on it from another IP address, and attendees can access web browser through ApStream
Details
No response
Resolution
No response