Not Monitored
Tag not monitored by Microsoft.
37,686 questions
Is the default Azure Virtual Machine Scale Set configuration sufficient to protect the instances in a CI/CD process since the machines do not have a public IP?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 91%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Julian Steven Molina Campos
40
Reputation points
Currently, I am using Azure Virtual Machine Scale Set as self-hosted agents in Azure DevOps. I used this command to deploy and create the Scale Set:
az vmss create \
--name vmssagentspool \
--resource-group vmssagentsdemo \
--image Ubuntu2204 \
--vm-sku Standard_E2as_v5 \
--storage-sku StandardSSD_LRS \
--authentication-type SSH \
--generate-ssh-keys \
--instance-count 1 \
--disable-overprovision \
--upgrade-policy-mode manual \
--single-placement-group false \
--platform-fault-domain-count 1 \
--load-balancer "" \
--orchestration-mode Uniform \
--priority Spot \
--eviction-policy Delete \
--max-price 0.013
Seeing the details of the configuration of the instance running in the Scale Set tells me that I have only a private IP, in theory the machines that act as agents could not be attacked because they are in a private network, but also the instances have access to the internet, then I'm a little confused about the security of the instances, with this default configuration resulting from the above command, would be sufficient for security ? What if the CI/CD process is for a government, medical or banking entity?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
kobulloc-MSFT 26,131 Reputation points Microsoft Employee2024-07-02T23:45:23.5+00:00 Hello, @Julian Steven Molina Campos !
We want to make sure your question is read by the right people (who will be able to give you the best answers). Please post your question in the following forum, where the Azure DevOps team and DevOps community are actively answering questions:
https://developercommunity.visualstudio.com/spaces/21/index.html
Sign in to comment