AntonyBishop
commented
4 years ago As part of this Story we should look at some reporting that tells is where S3 buckets to do confirm to the correct policies.
Closed digitalronin closed 3 years ago
AntonyBishop
commented
4 years ago As part of this Story we should look at some reporting that tells is where S3 buckets to do confirm to the correct policies.
AntonyBishop
commented
4 years ago Partly addressed by - https://github.com/ministryofjustice/cloud-platform-terraform-awsaccounts-baselines
AntonyBishop
commented
4 years ago Concluded by #2247, #2248, #2249, #2250 and #2251
We have cloudformation templates here, which implement security controls for our AWS account:
https://github.com/ministryofjustice/cloud-platform-infrastructure/tree/master/cloudformation/aws-account-baseline-templates
Right now, this is abandonware. We should convert these to terraform, so that we can work with this code the same way as we do for everything else.
MadeTech have created this repo, which is supposedly exactly this: https://github.com/ministryofjustice/bichard7-next-infrastructure
These other repositories do something similar, for other AWS accounts:
There may be code there which we can reuse.
Ideally, we should create an
aws-security-baselinerepository, which the whole organisation (or anyone else) can reuse whenever a similar requirement comes up (which has happened at least 4 times so far).See this conversation in #hosting