From 1fce673fd47a686de81adb9de5d50689d96a0937 Mon Sep 17 00:00:00 2001
From: Todd Neal <tnealt@amazon.com>
Date: Mon, 11 Nov 2024 14:44:06 -0600
Subject: [PATCH] make the inbound security rule for SSH a no-op

By default this won't allow access, but can easily be hacked on
to enable SSH for testing.
---
 kubetest2/internal/deployers/eksapi/templates/infra.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kubetest2/internal/deployers/eksapi/templates/infra.yaml b/kubetest2/internal/deployers/eksapi/templates/infra.yaml
index 007fd71ac..6e70a3211 100644
--- a/kubetest2/internal/deployers/eksapi/templates/infra.yaml
+++ b/kubetest2/internal/deployers/eksapi/templates/infra.yaml
@@ -496,7 +496,7 @@ Resources:
         - IpProtocol: tcp
           FromPort: 22
           ToPort: 22
-          CidrIp: 0.0.0.0/0
+          CidrIp: 127.0.0.1/32
 
   SSHKeyPair:
     Type: AWS::EC2::KeyPair