Open exalate-issue-sync[bot] opened 4 days ago
Laura Beaufort commented: [cloud.gov|http://cloud.gov] said we were ok to go ahead and test it.
Custom WAF in place in stage and test:
{{cf update-service stage.fecfile.fec.gov -p domain-with-cdn-dedicated-waf -c '{"alarm_notification_email": "(Laura's email)"}'}}
{{cf update-service test.fecfile.fec.gov -p domain-with-cdn-dedicated-waf -c '{"alarm_notification_email": "(Laura's email)"}'}}
!Screenshot 2024-10-24 at 2.48.05 PM.png|width=705,height=42,alt="Screenshot 2024-10-24 at 2.48.05 PM.png"!
!Screenshot 2024-10-24 at 2.47.45 PM.png|width=705,height=42,alt="Screenshot 2024-10-24 at 2.47.45 PM.png"!
From [cloud.gov|http://cloud.gov]:
This plan includes all of the same functionality as your current CDN plan, but adds: Â
A dedicated SNS topic that will send emails to an email address that you specify for the Cloudwatch alarms mentioned above.
Todd Lees commented: This looks great! I created [https://fecgov.atlassian.net/browse/FECFILE-1729|https://fecgov.atlassian.net/browse/FECFILE-1729|smart-link] to address the placeholder email. I want to confirm that this change didn’t precipitate the 403s [~accountid:712020:eaccd25d-427c-4e4d-a650-909ec0b31071] encountered recently. After that has been confirmed i’ll move this through
@toddlees [https://fecgov.atlassian.net/browse/FECFILE-1729|https://fecgov.atlassian.net/browse/FECFILE-1729|smart-link](creating a system alert email distribution list) is a great follow-up, thank you
Notes: đź”’ https://docs.google.com/document/d/1mZ5NxD9BU6TYM1mQV_TXoKaRJMBeKzqz-cEbwSAsqCs/edit?tab=t.0 đź”’ and đź”’ https://docs.google.com/document/d/1EiaohhTQ07gzO9YXlDipOviD1L1i5RwQdy32VkFpLZo/edit?tab=t.0 đź”’
Cloudfront is blocking some FEC HQ traffic due to some WAF rules. According to cloud.gov we can upgrade to CDN with WAF plan to address. We’ll need to make sure we’re eligible for this plan - not on the website yet. We will likely need to be off the prototyping tier to have this option.
{{cf update-service -p domain-with-cdn-dedicated-waf -c '
{"alarm_notification_email": "youremail@agency.gov"}
'}}
You must specify a value for “alarm_notification_email” or the update will fail.
QA Notes
null
DEV Notes
null
Design
null
See full ticket and images here: FECFILE-1713