:fire: Composer Audit :fire:

As part of governance and security hardening goal, we are currently doing audit to our Composer environments. We will need your help to check the usage of the Composer environments and we will need your help to migrate your Composer environments to be using private/internal IP if you are still using it.

What we need your help with

Check the Composer environment usages

Please open sheet Composer Audit on this Google Sheet
Please check the usage of resources listed there
Please check whether the listed resources are still being used
Fill the column Still in-use?
Please clean up unused resources and set the Status column to Deleted

CDE team will delete unused resources that have not been deleted until the deadline.

Migrate to Private IP

Please follow this guide to migrate resources to private IP https://29022131.atlassian.net/wiki/spaces/CDE/pages/2459926546/How+to+Migrate+Public+Composer+Environment+to+Private
(Optional) If the Composer environment needs access to internet, you follow this guide https://29022131.atlassian.net/wiki/spaces/CDE/pages/2471658665/How+to+Setup+NAT+to+Allow+Private+VM+Instance+to+Access+Internet
Fill the column Status to Using Private IP

Timeline

24 April 2022: Deadline to fill the Still in-use? column
25 April 2022: CDE team clean up unused resources
12 June 2022: Deadline to migrate the resources to be using private IP
13 June 2022: CDE team set up org policy to prevent Composer environment using public IP from being created, excluding the GCP projects that host existing:

Dataproc clusters
GKE clusters

Consequences

Resources with empty Still in use? column after the deadline will be audited and deleted.
If the resources still use public/external IP until the deadline, the public Composer environment might not be able to scale out or updated.

Support

If you need further assistance, please reach @data-cde in #data-devops-kube.