AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

Inbound restriction for security group for Amazon FSx for Lustre?

0

The Amazon FSx for Lustre console invites developers to open TCP ports 988, 1021-1023: " The VPC Security Groups associated with your file system’s network interfaces must allow inbound Lustre traffic (TCP ports 988, 1021-1023)"

Shall this be open to the world? Is there a way to restrict source? Or is there already a mechanism in place to verify that this "inbound Lustre traffic" coming to the FS is legit?

Is this inbound Lustre traffic user traffic on the FS (eg a SageMaker training instance) ? or is it used for some backend admin or S3-FS communication?

AWS
전문가
질문됨 4년 전1.5천회 조회
1개 답변
1
수락된 답변

The inbound traffic requirements are for the file system's network interfaces, so they apply for the communication between the file system and the client compute instances from which you're mounting and accessing the file system (not for any back-end communication behind the file system.

Re: restricting the source, as is standard with Security Groups, you can limit the source of the inbound rules to only the restricted sources you want to allow (based on CIDR blocks, Security Groups, Prefix Lists).

AWS
답변함 4년 전
profile picture
전문가
검토됨 7달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠