REVIEW-66: XCI-73 Upgrade information services to leverage the AWS platform

General design and security risk review for migrating XSEDE Information Services to the AWS platform.

Most important DSR feedback that was addressed in the design/security description:

• The document should also reference user and service provider facing information services use cases
• Provide more detailed XSEDE operational and security requirements information
• Move design details from E. Design Considerations to F. System Architecture and Design
• Need more detailed requirements in sections E.2.2, E.2.4, E.2.8, and E.2.7.
• Make sure services comply with XSEDE's two-factor authentication (2FA) requirements for administrative accounts and privilege escalation
• Try to  make it possible for SysOps to apply emergency updates if necessary
• Name servers by role, and not based on the fact that XCI provisions or supports them (specifically rename xci-awsadmin to awsadmin.xsede.org)
• Remove references to Nagios monitoring data
• Mention Jetstream's role as a failover node

XCI-073_AWS_Information_Services_Design-v0.3.pdf

XCI-073_AWS_Information_Services_Design-v0.2.pdf

Please focus on these questions:

1. Is administrator access to the AWS console, Ansible configurations, and individual AWS instances and services managed appropriately?
2. Are application protocols and interfaces secured appropriately?
3. Are configurations managed appropriately?
4. Are there any important missing configuration items?
5. Are relevant XSEDE security policies and best practices followed?
6. Are the services operated in a secure way and are the procedures appropriate to deal with planned and unplanned outages and unplanned incidents?