Post design and security questions and feedback in this thread.
Design is OK - I'd like some mention of the AWS Security Controls and service configurations to be implemented and documented.
Thanks Derek. For AWS Security Controls are you referring to https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-sta... ? I'm looking at targeting the CIS AWS Foundations controls but costs of the AWS Security Hub service is a concern. I already tried enabling AWS GuardDuty and the cost was prohibitive. I know XSEDE has other services running in AWS, so I'd welcome any advice/experience/recommendations you can provide about these AWS security service options.
Happy to help in looking into the AWS policy and security configurations - I am not an expert at this, but others within our Security Ops group have done work recently on such for the XES in AWS. For the time being, I'd just like to see a line added in E.2.8 of the design doc saying that the AWS-specific policies and controls implemented to protect the services will be documented - even if, given possibly security-sensitive content, that document is maintained in a controlled, non-public place (private github?).
Will do. I think it fits in our (internal) Master Information Security Policy and Procedures doc as part of our (in-progress) adoption of the Trusted CI Framework. Thanks!
I've updated https://software.xsede.org/svn/xci/activities/xci-783/trunk/Deliverables... (v1.1) to include the additional documentation in Section E.2.8.
Some belated feedback:
© ACCESS All Rights Reserved.
ACCESS is an advanced computing and data resource supported by the
National Science Foundation
and made possible through these lead institutions and their partners –
Carnegie Mellon University
University of Colorado Boulder
University of Illinois at Urbana-Champaign
State University of New York at Buffalo