On Fri, Dec 20, 2013 at 1:18 AM, Ritesh Angural
I’m relatively new to chef so I’m wondering if there’s any security issues if I make an ec2 ami of an instance that’s running chef server?
Currently to create an open source chef server, I’d have to
- Create EC2 instance
- SSH into the instance
- Wget & dpfg using the omnibus installer
- sudo chef-server-ctl reconfigure
At this point, I’d like to make an EC2 ami & reuse it in future.
If you do point #4 and then snapshot the machine, the generated keys
for the Chef server will be identical for every instance you launch
from the AMI. That could be a security problem.
You should also be aware of
https://tickets.opscode.com/browse/CHEF-4883. Until we have a fix,
ensure that you launch the instance into a security group that doesn’t
have wide-open ports.
[ Julian C. Dunn firstname.lastname@example.org * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]