JIRA Issue

[#XCI-915] Improve XCI's AWS configuration per SecOPs discussion on 09-17-2021

[XCI-915] Improve XCI's AWS configuration per SecOPs discussion on 09-17-2021 Created: 09/17/2021  Updated: 09/17/2021

Status: Planned
Project: XSEDE Cyberinfrastructure Integration
Component/s: Amazon Web Services (AWS), Information Services, Research Software Portal (RSP)
Fix Version/s: PY11 (Sep '21 - Aug '22)

Type: XCI Enhanced Capability Priority: Critical
Reporter: JP Navarro Assignee: Unassigned
Resolution: Unresolved Votes: 0

XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-915
Devel Repository:
Show
https://software.xsede.org/svn/xci/activities/xci-915/trunk/
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions
<Activity Lead Name – Last, First> ? ? weeks of effort to lead and implement the activity (required)
<User Doc Drafter – Last, First> ? one day of effort to draft user documentation (required )
TBD (tester) ? one week of effort to test the software
... ... ..
Deliverables:
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Lead Tester: Shava Smallen

 Description   

XCI should improve our VPC and subnet configuration:

  1. Move Research Software Portal (RSP) services to their own VPC
  2. Place the RSP development and production instances in separate VPC subnets
  3. Place Information Services development instances in their own subnet
  4. Move XCI’s bastion host (awsadmin.xsede.org) to its own VPC

XCI should improve our login configuration:

  1. Require RSP development and production logins to go through bastion hosts