Closed wyattwalter closed 4 years ago
If anyone finds this ticket later, the reasoning for not needing this scan is documented in the README for the Database Scans folder on the ATO repo: https://github.com/department-of-veterans-affairs/vets.gov-ato/tree/master/assets/Database%20Scans
Description
Earlier this year we had some confusion about whether the regular VA database scans were required or not. We ended up going through the exercise of setting up access, getting a scan done (with results) and then getting told that the scan wasn't supposed to happen because all the controls it checks for are covered by the FedRAMP certification and VA approval for using RDS.
The documentation about what's required has been updated with the new information, but the infrastructure changes that allowed the scanning tool to reach the database needs to be removed.
This was done on both vets-api and GIDS in dev, staging, and prod.
The database users outlined here need to be removed: https://github.com/department-of-veterans-affairs/vets.gov-ato/pull/325/files
Then remove the password entry from Credstash:
plat.global.rds.vansocscan.password
And finally firewall rules added in this PR should be removed: https://github.com/department-of-veterans-affairs/devops/pull/6222/files
AC
plat.global.rds.vansocscan.password
no longer exists