Create new "Mozilla CloudTrail" AWS account

RESOLVED FIXED

Status

Infrastructure & Operations
Infrastructure: Other
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: gene, Assigned: r2)

Tracking

Details

(Reporter)

Description

3 years ago
Please create a new AWS account that we'll call "Mozilla CloudTrail". We'll use this AWS account as a locked down S3 destination. All other AWS accounts will then be configured to send their CloudTrail logs to this locked down location.

Please use the email address : opsec+aws-cloudtrail-storage@mozilla.com

Please (security) pass me the root account's credentials so I can setup the account after which point we'll MFA the root account, storing the MFA in a safe.
Assignee: infra → riweiss
(Assignee)

Comment 1

3 years ago
What cost center will be billed for this account?
(Assignee)

Updated

3 years ago
Flags: needinfo?(gene)
(Reporter)

Comment 2

3 years ago
1400
Flags: needinfo?(gene)
(Assignee)

Comment 3

3 years ago
Please add riweiss@mozilla.com to the opsec+aws-cloudtrail-storage@mozilla.com mailing list during account creation.  You will be able to remove the address from the list once creation is completed.
(Assignee)

Updated

3 years ago
Flags: needinfo?(gene)
(Reporter)

Comment 4

3 years ago
:r2, that's just the opsec team mailing list. Can I just forward you whatever AWS sends to it? If not I can ask opsec if they're ok with adding you to their team mailing list (the list just may have some sensitive info on it)
Flags: needinfo?(gene) → needinfo?(riweiss)
(Assignee)

Comment 5

3 years ago
Forwarding the emails from Amazon to me should work.
Flags: needinfo?(riweiss)
(Reporter)

Comment 6

3 years ago
New account created and I have access and have the root credentials. Thanks :r2!
(Assignee)

Updated

3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.