Please report any other irregularities here.
Just dropping this in from IRC: I'm working on setting up Ansible for Community Ops, and one of the roles I'd like is AWS security group management. Right now it involves putting our personal IPs in a public GitHub repo (https://github.com/Mozilla-cIT/ansible-playbooks). Is this acceptable?
Assignee: nobody → gene
Status: NEW → ASSIGNED
I'm unable to find the place in your code where you're hard coding IPs. Can you point me to the file and line? What services are you hoping to constrain access to using IPs in security groups? I'm not sure what you mean when you like "one of the roles" to be "AWS security group management"
We did figure out how we're going to do this without any IPs having to be public. http://docs.ansible.com/ansible/ec2_group_module.html#examples is the Ansible module we're using. Private files will be stored on an either an internal git server, only accessible to the core Community Ops team. From there, we'll pull the info to the Ansible master server as a submodule. The git server won't be accessible to the outside world, with only port 22 open on our VPC and to our individual IPs. Thanks for agreeing to take this on, it just took a bit of brainstorming from our side.
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
Component: Operations Security (OpSec): Investigation → Investigation
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.