Talked about this with mcoates earlier this week. Please copy these questions into the bug and answer inline. * Who is/are the point of contact(s) for this review? :joduinn, ravi * Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Short version is: we'd like to setup a VPN connection from build network out to Amazon VPC. This is similar to what was done for weave/sync services previously. * Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: user doc: http://docs.amazonwebservices.com/AmazonVPC/latest/GettingStartedGuide/ sysadmin doc: http://docs.amazonwebservices.com/AmazonVPC/latest/NetworkAdminGuide/ "wire up Amazon EC2 VPC to weave-dev" https://bugzilla.mozilla.org/show_bug.cgi?id=605862 * Does this request block another bug? If so, please indicate the bug number bunch of work, none of these bugs filed yet. * This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? asap. see below. * Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) * Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Yes. * Are there any portions of the project that interact with 3rd party services? Amazon EC2/VPC * Will your application/service collect user data? If so, please describe No. * If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): * Desired Date of review (if known from https://firstname.lastname@example.org/Security%20Review.html) and whom to invite. asap?! :-) Once we have this VPN connection in place, we've a long evaluation/test cycle with AMIs to complete before we know if this approach really works for us, or we need to fallback to a different plan, which has an even longer rollout. Hence the urgency to confirm if this works or not. please invite: joduinn, ravi.
Assignee: nobody → jstevensen
Component: Security Assurance: Review Needed → Security Assurance: Operations
1) ravi + i met w/infrasec and got initial "ok to proceed" setting up VPN<->VPC. 2) Bug#745048 tracks that work and is now fixed. 3) Is there any testing that infrasec wants to do against the new VPC to verify integrity? Or, put another way: Are we all done here with this bug?
Depends on: 745048
Prior to deploying build systems in the VPC, we'd like to take a look at the VPC firewall policies. This could be addressed in a new bug or the current.
Whiteboard: [pending secreview] → [in-progress secreview][start mm/dd/yyyy][target mm/dd/yyyy]
John, Have you setup the Releng VPC yet? Please keep us posted.
Closing this bug. We met about Amazon VPC, discussed our requirements. If we go down the VPC route, please file a bug prior to deploying releng systems, in order to have the VPC reviewed by OpSec.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.