rtapella
commented
2 months ago also see security info: https://github.com/orgs/unity-sds/projects/3/views/34
Open mike-gangl opened 3 months ago
rtapella
commented
2 months ago also see security info: https://github.com/orgs/unity-sds/projects/3/views/34
rtapella
commented
1 month ago rtapella
commented
2 weeks ago Needs an update based on slack convo w/ Brandon
We must not allow open access (0.0.0.0) to common ports via security groups.
https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-3779
This is a 2 part ticket:
Cleanup unused security groups - there are many, many security groups across all of our accounts. We must clean up un-used security groups in all unity accounts. Please find your security groups not in use and delete them. Some notes: We should not be using "lunch wizard" security groups. Security groups should have a name- groups without a name will be deleted/removed. Please use the TAGS for all resources- including security groups.
Remove unrestricted access to common ports via security groups. no unfettered access to your applications. This means locking down access to load balancers to the API gateway and the HTTPd proxies, most likely. Internal traffic should be limited to the VPC. Please reach out to me for any questions or concerns.
This is a priority to cleanup and fix. The fixes should be ready and deployed in ALL ACCOUNTS by the end of Sprint 4.