...
As is the case for other Items open-sourced by the EWC, you can change the inputs of the SSH Bastion Flavour at any point in time, by simply re-running with the new values. Imagine the following scenario:
Your EWC tenant admin notifies you of a new security policy which implies Fail2Ban should not make exceptions for any IP addresses, regardless of whether they are internal or not.
...
In order to make changes needed to comply with the new policy, you can run:
| Code Block | ||
|---|---|---|
| ||
$ ansible-playbook -i inventory.yml -e '{"whitelisted_ip_ranges": ""}' ssh-bastion-flavour.yml |
...