Is there any risk from the outside to open up all traffic to instance without public ip?

We have a vpc 4 tunnels form 4 different location, and a nat for internet access. Inside this vpc is an instance with no public ip address. Everything communicates by private ip.

Since its okay if every internal machine has access to it, is it OK for me to allow all traffic from 0.0.0.0/0?

Is there any risk to it from the outside?

Answers


A security best practice is to block all traffic and explicitly allow only traffic to known services from certain locations. (This is how EC2 security groups function.) It may seem ok now but if an instance were to have a public IP address at some point in the future it could potentially open your entire VPC up to the world. I highly recommend that you restrict the traffic.


Need Your Help

Protect PHP Scripts from unauthorized access

php ms-access nginx

I'm currently developing a set of php scripts that act as a private API that is only to be used by some authorized machines.

HTA how to position window to the corner?

vbscript hta

I need to position the Window to 0,0