Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adding Sentry and Network Security options to Account Deployment #96

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: Adding Sentry and Network Security options to Account Deployment #96

wants to merge 10 commits into from

Conversation

raphabot
Copy link
Collaborator

@raphabot raphabot commented Apr 28, 2023
edited
Loading

Cloud One Service

[x] Common

[ ] Workload Security

[ ] Application Security

[ ] Network Security

[ ] File Storage Security

[ ] Container Security

[ ] Conformity

[ ] Open Source Security

[x] Other

Proposed Changes

  • Adding Sentry and Network Security options to Account Deployment

@raphabot raphabot marked this pull request as ready for review April 28, 2023 18:55
@felipecosta09 felipecosta09 changed the title feat.: Adding Sentry option to Account Deployment feat: Adding Sentry option to Account Deployment Apr 28, 2023
@raphabot raphabot marked this pull request as draft May 1, 2023 13:18
@raphabot raphabot changed the title feat: Adding Sentry option to Account Deployment feat: Adding Sentry and Network Security options to Account Deployment May 1, 2023
@raphabot raphabot marked this pull request as ready for review May 1, 2023 14:59
@felipecosta09 felipecosta09 self-requested a review May 1, 2023 15:17
@felipecosta09 felipecosta09 added new-project 🎉 Use this label for new project releases in the repository aws ☁️ Projects related to AWS labels May 1, 2023
felipecosta09
felipecosta09 approved these changes May 24, 2023
View reviewed changes
Copy link
Member

@felipecosta09 felipecosta09 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

JustinDPerkins
JustinDPerkins requested changes May 24, 2023
View reviewed changes
Common/Cloud-Account/aws-cfn-cloud-account-connector/README.md
@@ -1,6 +1,6 @@
# Add AWS Account to Cloud One
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is important to note here that you need to ensure the AWS Account before hand can handle the amount of S3 buckets that will be created by Sentry. I have seen this cause many failed deployments and rollbacks are even more of a challenge to navigate with Sentry.
Or IMHO, just remove sentry part

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have this requirement documented in the product documentation somewhere?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its not documented. The stack creates 2 S3 buckets per AWS Region that we support. There are 31 total AWS regions.

JustinDPerkins
JustinDPerkins reviewed May 24, 2023
View reviewed changes
Common/Cloud-Account/aws-cfn-cloud-account-connector/cloudone.template.yaml

cloudOneRoleArn = os.environ['CloudOneRoleArn']
cloudOneRegion = os.environ['CloudOneRegion']
cloudOneApiKey = os.environ['CloudOneApiKey']
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was looking through the templates and maybe I missed it:
Is this API Key being encrypted?
I can only see it being flagged as NoEcho in the params value adds

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I need to update this to use Secrets Manager and KMS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JustinDPerkins JustinDPerkins JustinDPerkins requested changes

@felipecosta09 felipecosta09 felipecosta09 approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@raphabot raphabot

Labels
aws ☁️ Projects related to AWS new-project 🎉 Use this label for new project releases in the repository
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@raphabot @felipecosta09 @JustinDPerkins