As a Project Architect
I WANT TO ensure Cloud Resources are only accessible to specific users on specific networks
IN ORDER TO reduce the attack surface of those resources
We're suggesting that Cloud Resources, particularly CosmosDB used by CentOps are protected by a vLan which prevents access to services and users not on those vLans.
Acceptance Criteria
[ ] Cosmos Db is no longer accessible from 'the Internet' and only via a vLan for the services which access it (CentOps)
[ ] Using the Terraform deployment where possible.
shelabd
commented
2 years ago
As a Project Architect I WANT TO ensure Cloud Resources are only accessible to specific users on specific networks IN ORDER TO reduce the attack surface of those resources
We're suggesting that Cloud Resources, particularly CosmosDB used by CentOps are protected by a vLan which prevents access to services and users not on those vLans.
Acceptance Criteria