So we have a vpc, and we are trying to carve it up. Ideally, we'd have an IP range for just "infrastructure" related vms, like MXs, LDAP, etc. We want to be able to apply an ACL specifically to the MXs whre only smtp and ssh (and possibly ping) are allowed into that VM, and similar for ldap, etc, and have th ability to select these ACLs on a per-vm basis (similar to how AWS allows this for network ACLs).
Right now, from what I can tell in the UI, we'd have to carve up, so to speak, that "infrastructure" ip range into smaller networks in order to apply these service related network acls (Hope I was able to word that correctly) On Wed, Jan 6, 2016 at 2:55 PM, Erik Weber <[email protected]> wrote: > Can't answer your question, but to help out with ideas; are you mostly > looking for ingress, egress or both? > > Also, is it primarily north-south traffic you want to isolate per vm or > east-west as well? > > -- > > Erik > > > Den mandag 4. januar 2016 skrev Geoffrey Corey <[email protected]> > følgende: > >> What is the lowest granularity level that a network ACL can be applied? >> >> We would like to be able to apply a network ACL on a per-vm basis, but >> initial investigation points to only being able to apply it to a network >> tier. >> >> Also, if a network acl can be applied on a per-vm basis, how can that be >> accomplished? >> >> Thanks >> >> ---- >> Geoff Corey >> Apache Infrastructure >> >
