Closed digitalronin closed 3 years ago
As part of this Story we should look at some reporting that tells is where S3 buckets to do confirm to the correct policies.
Partly addressed by - https://github.com/ministryofjustice/cloud-platform-terraform-awsaccounts-baselines
Concluded by #2247, #2248, #2249, #2250 and #2251
We have cloudformation templates here, which implement security controls for our AWS account:
https://github.com/ministryofjustice/cloud-platform-infrastructure/tree/master/cloudformation/aws-account-baseline-templates
Right now, this is abandonware. We should convert these to terraform, so that we can work with this code the same way as we do for everything else.
MadeTech have created this repo, which is supposedly exactly this: https://github.com/ministryofjustice/bichard7-next-infrastructure
These other repositories do something similar, for other AWS accounts:
There may be code there which we can reuse.
Ideally, we should create an
aws-security-baseline
repository, which the whole organisation (or anyone else) can reuse whenever a similar requirement comes up (which has happened at least 4 times so far).See this conversation in #hosting