unity-sds / unity-project-management

Container repo for project management (projects, epics, etc)
Apache License 2.0
0 stars 2 forks source link

Restrict Security Groups - UIUX #199

Open mike-gangl opened 3 months ago

mike-gangl commented 3 months ago

We must not allow open access (0.0.0.0) to common ports via security groups.

https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-3779

This is a 2 part ticket:

  1. Cleanup unused security groups - there are many, many security groups across all of our accounts. We must clean up un-used security groups in all unity accounts. Please find your security groups not in use and delete them. Some notes: We should not be using "lunch wizard" security groups. Security groups should have a name- groups without a name will be deleted/removed. Please use the TAGS for all resources- including security groups.

  2. Remove unrestricted access to common ports via security groups. no unfettered access to your applications. This means locking down access to load balancers to the API gateway and the HTTPd proxies, most likely. Internal traffic should be limited to the VPC. Please reach out to me for any questions or concerns.

This is a priority to cleanup and fix. The fixes should be ready and deployed in ALL ACCOUNTS by the end of Sprint 4.

rtapella commented 2 months ago

also see security info: https://github.com/orgs/unity-sds/projects/3/views/34

rtapella commented 3 weeks ago
  1. done
  2. in progress
rtapella commented 14 hours ago

Needs an update based on slack convo w/ Brandon