Maybe I'm missing something but although Atlantis seems great, you have to expos... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		deadlike on Nov 20, 2023 \| parent \| context \| favorite \| on: Terraform Cloud Pricing Changes Sticker Shock Maybe I'm missing something but although Atlantis seems great, you have to expose a webhook to the open internet that points to a service that has full admin access to your infra. If an attacker finds a security issue with Atlantis and decides to abuse it, you've basically given them admin access. For that exact reason Atlantis a prime target for vulnerability exploitation

hiatus on Nov 20, 2023 [–]

You can put it behind something like cloudflare and make the url something that can't be guessed, but yeah it is not the best. I really wish github would publish a list of IPs it calls from.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact