jimleroyer
commented
2 years ago Hey team! Please add your planning poker estimate with ZenHub @patheard @sastels
Open patheard opened 2 years ago
jimleroyer
commented
2 years ago Hey team! Please add your planning poker estimate with ZenHub @patheard @sastels
sastels
commented
2 years ago we might still want the jumpbox for non-db related things? @jimleroyer what else have we used it for?
patheard
commented
2 years ago I've also used it for Redis access, but that could be setup with the VPN as well.
jimleroyer
commented
2 years ago VPN is installed from within the network, but restrict the access? We need to allow extra usage, unlike the jumpbox? Just wondering. (if we can still access Redis, that would certainly be helpful!)
patheard
commented
2 years ago Yup, the way you set up the VPN is to grant it access to specific security groups, so in the case of Redis, we'd just need to allow the VPN traffic access to the EKS cluster security group: https://github.com/cds-snc/notification-terraform/blob/main/aws/elasticache/elasticache.tf#L24-L26
yaelberger-commits
commented
2 years ago Please add your planning poker estimate with ZenHub @jzbahrai
ben851
commented
8 months ago I was testing this yesterday when I discovered costing issues in Dev. I will resume testing today to ensure nothing is broken when this moves to staging.
ben851
commented
8 months ago PR was approved, but I didn't merge at EOD. I will merge today.
ben851
commented
8 months ago Note that the VPN adds $200/month in costing to each AWS account.
ben851
commented
8 months ago Merged to staging. Need to test.
ben851
commented
8 months ago Running into some DNS issues in dev. Debugging
ben851
commented
7 months ago Will take a look at the DNS issues today.
I've been working on the internal DNS (unrelated) and have put a PR here https://github.com/cds-snc/notification-terraform/pull/1133
ben851
commented
7 months ago Did some more internal DNS refining yesterday. Switched nginx to an existing load balancer to better align with our releases.
jimleroyer
commented
7 months ago Ben is planning to roll out the Helm changes into staging this week. The migration only includes the Hasura utility and its dependencies, hence this is a relatively safe and incremental migration.
jimleroyer
commented
7 months ago Ben needs a review on this PR: https://github.com/cds-snc/notification-manifests/pull/2340
ben851
commented
7 months ago Created two PRs for blazer. Will get reviewed today
ben851
commented
7 months ago Refactored DNS to comply with Google OAuth requirements Blazer working in dev! Waiting on PR for staging
ben851
commented
7 months ago Blazer working in staging. Will put in a PR to move this to prod.
ben851
commented
7 months ago Workflows added in prod, will test with next release.
jimleroyer
commented
5 months ago There is a PR for jump box but it wasn't approved yet. We will bring documentation, a script in the attic, to bring up an jump box instance on demand if we ever need to.
ben851
commented
5 months ago Added documentation and debug pod script to notification-attic https://github.com/cds-snc/notification-attic/pull/62
jimleroyer
commented
5 months ago We just need to remove the jump box to get this card in qa.
ben851
commented
5 months ago ben851
commented
5 months ago Merged, jump box manually removed in staging and prod
ben851
commented
5 months ago @P0NDER0SA to QA
P0NDER0SA
commented
5 months ago QA nearly complete. All steps worked except for the fact that there is still a hasura pod.
Description
As a developer, I want a secure way to access the Notify database instance locally, so that I can troubleshoot issues Notify data without worrying about unauthorized access to the data.
Acceptance Criteria** (Definition of done)
QA Steps
Additional context
We currently have hasura to audit the manually executed SQL statements in production by developers but it's limited in some ways:
notificationstable in its entirety (or dump the whole database to debug locally) is difficult with Hasura.Hence this card would increase the overall security on how we access the database.