Note: lists.cloudfoundry.org will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
4. Rest of flow works as normal
3. If not, broker binds the ASG to the app's space
2. Broker checks if if the ASG allowing communication exists
In a default deny situation, where the operator doesn't want to open up a foundation-wide security group at service installation time, it would be useful to create and bind a security group on the fly (that allows communication to the service deployment) at service instance creation time.
1. Developer creates service
The developer would need to restart the app after service bind anyway, so the security group would get applied as part of that flow.
Has anyone built something this as an open source library? Have run across some folks that are interested in this as a cross-cutting broker behavior, to keep their traffic rules as restrictive as possible.