chef - [chef] Re: Any security issues with creating EC2 ami with Chef Server installed?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Any security issues with creating EC2 ami with Chef Server installed?

From: "Julian C. Dunn" < >
To:
Subject: [chef] Re: Any security issues with creating EC2 ami with Chef Server installed?
Date: Fri, 20 Dec 2013 09:56:17 -0500

On Fri, Dec 20, 2013 at 1:18 AM, Ritesh Angural
< >
wrote:

> I’m relatively new to chef so I’m wondering if there’s any security issues
> if I make an ec2 ami of an instance that’s running chef server?
>
> Currently to create an open source chef server, I’d have to
>
> 1) Create EC2 instance
> 2) SSH into the instance
> 3) Wget & dpfg using the omnibus installer
> 4) sudo chef-server-ctl reconfigure
>
> At this point, I’d like to make an EC2 ami & reuse it in future.

If you do point #4 and then snapshot the machine, the generated keys
for the Chef server will be identical for every instance you launch
from the AMI. That could be a security problem.

You should also be aware of
https://tickets.opscode.com/browse/CHEF-4883. Until we have a fix,
ensure that you launch the instance into a security group that doesn't
have wide-open ports.

- Julian

--
[ Julian C. Dunn
< >
          * Sorry, I'm    ]
[ WWW: http://www.aquezada.com/staff/julian    * only Web 1.0  ;]
[ gopher://sdf.org/1/users/keymaker/           * compliant!    ;]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9       ]

[chef] Any security issues with creating EC2 ami with Chef Server installed?, Ritesh Angural, 12/19/2013
- [chef] Re: Any security issues with creating EC2 ami with Chef Server installed?, Julian C. Dunn, 12/20/2013
  - [chef] Re: Any security issues with creating EC2 ami with Chef Server installed?, Ritesh Angural, 12/20/2013