AWS lambda medium security documentation change
Summary
Updated security group configuration instructions - changed 'broker port' to 'cluster port' in inbound rules and modified outbound rules to allow 443 for all destinations
Security assessment
Change tightens security group rules by removing self-referencing rules and explicitly defining cluster port usage. This improves security posture by reducing overly permissive rules.
Diff
diff --git a/lambda/latest/dg/with-kafka-configure.md b/lambda/latest/dg/with-kafka-configure.md index 27698d887..1da29824c 100644 --- a/lambda/latest/dg/with-kafka-configure.md +++ b/lambda/latest/dg/with-kafka-configure.md @@ -242 +242 @@ Configure the security groups for the Amazon VPC containing your cluster. By def - * Inbound rules – Allow all traffic on the default broker port for the security group associated with your event source. Alternatively, you can use a self-referencing security group rule to allow access from instances within the same security group. + * Inbound rules – Allow all traffic on the default cluster port for the security group associated with your event source. @@ -244 +244 @@ Configure the security groups for the Amazon VPC containing your cluster. By def - * Outbound rules – Allow all traffic on port `443` for external destinations if your function needs to communicate with AWS services. Alternatively, you can also use a self-referencing security group rule to limit access to the broker if you don't need to communicate with other AWS services. + * Outbound rules – Allow all traffic on port `443` for all destinations. Allow all traffic on the default cluster port for the security group associated with your event source.