Request: Remove all 0.0.0.0/0 CIDRs in favor of Security Groups/CIDR ranges

[Aghassi]

Since this is being deployed to enterprise customers, the quad zero domain is usually frowned upon as it is not very secure. Most of the traffic that needs to occur happens between the Service Box and the Builder Nodes. For this reason, some of the quad zeros can be cleaned up, and instead replaced with the subnet CIDRs or similar.

In terms of SSH capabilities, that should be a toggle honestly. The reason being not all enterprise customers will be able to utilize it depending on the security infrastructure in place. Especially at scale, it is common place to have some sort of Jump Box before hitting any infrastructure. SSH capabilities in Circle may not work because of this. Because of that, you can avoid having to handle those quad zero domains.

In addition, there should be a variable in the variables.tf file that can be set in the terraform.tfvars file for the jump box IP. This way, SSH to the service box can be limited by a CIDR range instead of being quad zero.

[PIKECONCRETE]

Catch it at scale