By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How System Manager will work without PORT 80 to Open

0

Problem Statement: We are using System Manager Service for patching our servers, but we are facing one challenge , The process of upgrading the servers are same like updating and patching server via downloading packages from UBUNTU repo over https .i.e. on PORT 80, but we can't open the port 80 as a security compliance on our servers.

Pls help and guide us, then how SMS will upgrade the servers and patch them. if PORT 80 is closed then "defaultbasepatchline" fails over the servers.

Thanks.

Topics
Management & Governance
Tags
AWS Systems Manager
Language
English
AWS-User-9313040
asked 2 years ago264 views
1 Answer
0

I'm guessing you mean port 80 outbound, so the host can connect to the repo and and download the packages? (Also do you mean port 443, since you mention HTTPS?) If allowing outbound traffic from your hosts to the internet isn't acceptable for your security compliance, you might be able to work around this by setting up a web proxy host in your VPC (e.g. running Squid). You can configure rules on the host to only allow clients to connect to trusted URLs, such as Ubuntu's repos, and then configure the clients to connect via that proxy.

You don't need port 80 open inbound (or any ports open inbound) for any component of SSM to operate, assuming that your firewall is stateful and allows return packets for connections which are created outbound.

profile pictureAWS
EXPERT
James_S
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content