Vault egress NP update, new VPCCidr value added (!20) · Merge requests · Big Bang / Universe / Product / vault

Ryan Garcia requested to merge network_policies into main Dec 21, 2021

Vault doesn't need to talk to the kube-api directly, but does need egress access to AWS API for things like KMS, S3, etc.

Adding new section to KMS doc recommending VPC Endpoints be configured for things like KMS & S3 to be able to further lock down Vault egress and traffic doesn't leave the AWS network.

Relates https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/944

Admin message

Vault egress NP update, new VPCCidr value added

Merge request reports