[psa] The legacy tvlk-midas' bastionapp/bastiondb deprecation

Background

We have a couple of bastion instances running in the tvlk-midas / 743977200366 account that the engineers use to access the services' EC2 instances and to connect to RDS postgresql, and via SSH protocol. The current best practices and recommendation from the central teams is by using the AWS SSM or the aws ssm start-session --target [insert_ec2_instance_id_here] command instead of using the legacy SSH way.

Pros :

Auditability. Anything in stdout of the session will be recorded and stored to S3 bucket, very helpful for ~~sudden / H-1~~ :ehehehe: audit and/or compliance.
Easier to manage(for us). As easy as granting access / role to the AWS account. No need to copy paste ssh public key anymore to github issues.
No need to VPN. No, you don't.
Full feature of SSM

Cons :

This might not play well for those who already comfy using pgadmin tool with ssh tunneling :bow: to access the RDS's. No worries, we already propose and test a new solution.

Plan

The Fintech DevOps team already grant the following roles to initiate ssm start-session to all services' ec2 instances in tvlk-midas / 743977200366 :

dev/CobDev
dev/MidasDev
dev/PlutusDev
dev/corptech/EnterpriseDev
dev/corptech/FinancialProductIntegrationDev
dev/corptech/NonFinancialProductDev

What you need to do :

You can start use the SSM for accessing the ec2 instances / bastiondb to run sqitch or to tests APIs of your service using curl. A how-to guide for using SSM

Do inform us id any of your team is not mentioned above. We'll adjust your team role to have the SSM start session permission as well.

Important Dates

These are the list of bastions that will be deprecated

bastionstg88C6h64 - 8th January, 2021
bastiondbstgkpCtMgU - 8th January, 2021
bastionprodzO_T45A - 22nd January, 2021
bastiondbprodK2MIYoU - 5th February, 2021

Impact

The ssh port of the specified bastion will be closed, which will prevent you to initiate ssh access to the bastions. Improved security and auditability.