I have setup a chef server on EC2, to manage EC2 instances. I have assigned
the DNS entry for chef.example.com to the public IP, so the web gui is
reachable from anywhere on the internet. When it comes to bootstrapping
clients, I can create an entry in /etc/hosts , which points chef.example.com to
the private IP, which seems more secure , or I can open port 4000 in the
firewall, and use the public IP address. Each has pros and cons.
The problem with adding the private IP into the hosts file, is that it’s
pre-bootstrap manual labor every time, and in the event of an IP change, it
will be a lot of fixing.
The problem with using the public IP, is that port 4000 is open to the world.
Is that dangerous?
Any general comments or suggestions?