search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
683 stars 291 forks source link

Create new AWS Environment for Panda Cyber AppSec Team in Dev #7158

Closed krupalb-dev closed 3 months ago

krupalb-dev commented 4 months ago

Environment details

New Modernisation Platform Environment for Panda Cyber AppSec Team in Dev

Application Name

Panda Cyber App Sec Environment

Description of application

This is a AWS environment request for setting up the appsec lab, in only as a dev environment. This lab will be used for security testing purposes, tooling, and proof of concepts for the wider MoJ, P&A teams and so on.
Please note this environment needs to be setup as a standalone account, and Appsec team needs the permissions to manage this account, i.e. remove resources when a specific job/test is done etc. EC2 Instances would be used with the public static IPs to allow security testing, having a permanent IP allows team to distribute for extended whitelisting purposes. All instances, containers, network will be setup as code, teams can review these in the below team's github repos

GitHub team slug

https://github.com/orgs/ministryofjustice/teams/panda-cyber-team

GitHub code owner team slug

https://github.com/orgs/ministryofjustice/teams/panda-cyber-team

GitHub actions reviewer team slug

https://github.com/orgs/ministryofjustice/teams/panda-cyber-team

Environments

Environment access level Development

No response

Environment access level Test

No response

Environment access level Preproduction

No response

Environment access level Production

No response

application

panda-cyber-appsec-lab

business-unit

Platforms

infrastructure-support

tba

owner

panda-cyber-appsec

Subnet sets

How do users connect to the application

Over the public internet

Additional features

Please check any additional features required

Other information

No response

Definition of Done

Definition of Done

krupalb-dev commented 4 months ago

Hey all, any further updates on this?

SteveLinden commented 3 months ago

@krupalb-dev I think we need further details of the access level needed on development. We usually offer development or sandbox (which provides additional access). Once we have this we can move it into a sprint and create an environment.

krupalb-dev commented 3 months ago

Hi @SteveLinden if sandbox allows more access and config changes can be made by us I'm assuming this is the normal AWS sandbox feature? please go ahead give us sandbox access?

SteveLinden commented 3 months ago

Work has started on this.

SteveLinden commented 3 months ago

@krupalb-dev I've started work on this but we get a failure because I need an email address rather than just the panda name above. Can you supply me with this ASAP.

jodiejones-moj commented 3 months ago

Hi @SteveLinden I will get an email address created and let you know.

jodiejones-moj commented 3 months ago

Hi @SteveLinden here is our email address - appsec@digital.justice.gov.uk

SteveLinden commented 3 months ago

A few issues arose while creating this account. It will be finished tomorrow when we have time to discuss it in more detail.

SteveLinden commented 3 months ago

Added the code to the json so the isolate network is set ("isolated-network": "true",) and rebuilt. The subnets and VPC that were created were removed by taking away the sharing option.

This environment has no VPC or subnets in place.

github-actions[bot] commented 3 months ago

Hello @krupalb-dev 👋 Welcome to the Modernisation Platform! Your new accounts have now been created. Please see our user guidance for details on how to build and access infrastructure in the Modernisation Platform. If you require help or assistance please contact us via the #ask-modernisation-platform Slack channel.