ETCD is a distributed, reliable key-value store for the most critical data of a distributed system. As a general precaution if any resource needs to be open to the internet, it must first undergo a security review and approval from DSO.
- Change the access control policy and security groups to make the etcd service private.
- Allow access to a specific list of IP addresses.
- Once the etcd service is not publicly accessible Bridgecrew will automatically close the issue.
- You can also request exception from the policy violation details page.
- SecOps will review and involve DSO if required and grant exception; Bridgecrew will automatically ignore this resource until the expiry of exception.
Updated over 2 years ago