Modify nsg rules

craddm · craddm · commit 5e230de87a73 · 2026-03-24T17:11:23.000Z
diff --git a/infra/aks/components/networking.py b/infra/aks/components/networking.py
@@ -89,7 +89,7 @@ def __init__(
                     description="Allow HTTPS traffic for Harbor",
                 ),
                 network.SecurityRuleArgs(
-                    name="AllowSSHServerInbound",
+                    name="AllowAdminSSHServerInbound",
                     priority=200,
                     direction=network.SecurityRuleDirection.INBOUND,
                     access=network.SecurityRuleAccess.ALLOW,
@@ -102,6 +102,20 @@ def __init__(
                     destination_address_prefix="*",
                     description="Allow SSH traffic to API Proxy SSH server",
                 ),
+                network.SecurityRuleArgs(
+                    name="AllowUserSSHServerInbound",
+                    priority=300,
+                    direction=network.SecurityRuleDirection.INBOUND,
+                    access=network.SecurityRuleAccess.ALLOW,
+                    protocol=network.SecurityRuleProtocol.TCP,
+                    source_port_range="*",
+                    destination_port_range="2800",
+                    source_address_prefixes=args.config.require_object(
+                        "user_ip_allowlist"
+                    ),
+                    destination_address_prefix="*",
+                    description="Allow SSH traffic to API Proxy SSH server",
+                ),
                 # Allow Azure Load Balancer health probes
                 network.SecurityRuleArgs(
                     name="AllowAzureLoadBalancerInbound",
