Docs/readme v2#5
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f5331485c7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| # Conectar kubectl al clúster EKS | ||
| # Conectar kubectl | ||
| aws eks update-kubeconfig --region eu-west-1 --name gitops-stack-prod |
There was a problem hiding this comment.
This quickstart no longer grants the current IAM user cluster access: terraform/main.tf creates the EKS access entry only for aws_iam_role.eks_admin, and the terraform-aws-eks v20 module does not add the cluster creator unless enable_cluster_creator_admin_permissions is set (its documented default is false: https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/20.0.1). AWS CLI documents --role-arn as the option to assume a role for cluster authentication (https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html), so a user following these lines after terraform apply will get kubectl authorization failures unless the instructions first assume eks-admin-role or pass --role-arn arn:aws:iam::...:role/eks-admin-role.
Useful? React with 👍 / 👎.
| - name: Permitir tráfico HTTPS para SSM | ||
| ansible.posix.firewalld: | ||
| service: https | ||
| permanent: yes | ||
| immediate: yes | ||
| state: enabled |
There was a problem hiding this comment.
This rule opens the host firewall's inbound HTTPS service, but Systems Manager does not require inbound traffic: AWS says SSM Agent initiates connections and managed instances only need outbound HTTPS to the SSM endpoints (https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html). In the inspected EKS private-subnet setup, this weakens the hardening role by allowing any host-network process bound to 443 to be reached from sources that the EC2 security groups already permit, without helping SSM; configure outbound access/VPC endpoints instead.
Useful? React with 👍 / 👎.
1 participant
No description provided.