For the longest time, we've been allowing anyone with SSM access and DB password to execute operations in production DB without restriction. This process is definitely not best practice and the domain leads would like to review them in order to comply to various regulation and compliance, such as IPO preparation, security practices, and possible PII/PCI. As such, we have come up with multiple initiatives & restrictions that needs to be followed moving forward.
Each database should have limited number of user, shared to limited audience. These are the accounts that can only exists in database:
In order to be able to restrict the access as currently a lot of engineers have user passwords to various database, we will need to rotate the password and move them from Lastpass to AWS Parameter Store. Additionally, admin and root user password also need to be rotated every 3 months or so.
Continuing DavidAsync's legacy, IAM role revamp will continue to be pursued, especially revamp on AST account. This way, all Accom AWS accounts shall have same role structure as ACD.
Furthermore, two changes are needed to align with the background:
In order to track and limit production server access and executing operation in production database, we will use JIRA ticketing system as part of the approval process. All prod access should have corresponding JIRA ticket with proper approval from the server's domain's domain lead, lacking of which will be handled accordingly.
Manual operation is divided into two types:
Both type need to have proper approval through ticketing system in order to be executed, however we will put stricter restriction on non-administrative operation.
The only non-administrative operation that are allowed to be executed are those listed here. It is highly scrutinized if you were to add new operation to that sheet as the list should not grow, but shrink instead. Each non-administrative operation listed should have clear timeline on when it will have their own proper tool, and will no longer be approved for execution after passing that timeline.
This manual operation will only be able to be executed to those who have SSM access and database user password access, by extension those who have given PowerUser IAM role access or above.
Based on the changes above, we have a lot of actionable to work on, namely:
We have yet to impose deadline on every actionable, but we aim to have everything ready before end quarter