Spin up internal metakb instance

[korikuzma]

• [ ] ec2 for neo4j which contains all sources (civic, moa, oncokb)
• [ ] Only allow access via on prem or VPN (or we can just do IAM roles)
• [ ] REST APIGW
• [ ] Use the genomicmedlab domain
• [ ] See if we're still able to use the same code pipeline off of metakb branch triggers or if we will have to make a separate pipeline

[korikuzma]

If Elastic Beanstalk URL can't be private: WAF, Check IP address if it's NCH, Cognito, or LDAP EC2 for neo4j: Can we limit permissions on who can query oncokb data? Then we'd be able to possibly use the same db and not have to spin up another instance https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/#auth-access-control-security

[korikuzma]

@ahwagner said we can go the easier route of having a separate private instance just for us. We can revisit this later if costs become an issue

[korikuzma]

See if we can have this on the VarCat billing since it will be using this . Send email to Adam + Alex

[korikuzma]

See if we can have this on the VarCat billing since it will be using this . Send email to Adam + Alex

Didn't send an email, just slacked Adam. He will talk to Grant about it.

[korikuzma]

Naming:

• MetaKB internal is the private instance. There will be associated resources with the internal word to indicate that it is private
• Due to character limits, the ec2 for the neo4j db will end in 01 for the public and 02 for internal

[korikuzma]

• [ ] Set ELBScheme to internal

[wesleygoar]

@korikuzma what are your current thoughts on this issue? I'm not sure this is necessary for MVP with the way we chose to handle the ingest of the cdm files.

[korikuzma]

Not needed.