| Staging Environment | AWS Staging Environment | - Cloud Console access is restricted only to authorized persons
- SSH access is protected by keys and MFA
- Database access is possible only from the internal network
- Kubernetes access is possible only from the internal network
- Only minimal permissions are granted
- No unauthorized access
| AWS Stage Separated AWS Account for the Stage resources. Permissions - StageAdmins : Can list, create, delete, modify AWS resources.
- StageContainerImageAdmins : Can list, create, delete, modify (in snapshot repositories) Docker images.
- StageContainerImageReaders : Can list Docker images.
- StageDeployers : an list, create, delete, modify Kubernetes resources and list Docker images.
- InfraBackup : Can list, create, delete, modify items in the Backup S3 Bucket.
- StageEticmaTechUsers : Can list, create, delete, modify ETICMA app related resources w/o MFA.
- StageEticmaUsers : Can list, create, delete, modify ETICMA app related resources.
- StageAdmins
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer - StageContainerImageAdmins
1 Technical Account - StageContainerImageReaders
1 Technical Account - StageDeployers
3 Software Developer - InfraBackup
1 Technical Account - StageEticmaTechUsers
1 Technical Account - StageEticmaUsers
3 Software Developer
1 Test Engineer AWS Stage Bastion EC2 instance to access the Stage internal network and databases. Permissions - Root : Can administer Linux OS.
- User : Can log in and access the internal network of the Staging environment.
- Root
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor ) - User
4 Software Developer
1 Technical Account |
| Production Environment | AWS Production Environment | - Cloud Console access is restricted only to authorized persons
- SSH access is protected by keys and MFA
- Database access is possible only from the internal network
- Kubernetes access is possible only from the internal network
- Only minimal permissions are granted
- No unauthorized access
| AWS Prod Separated AWS Account for the Prod resources. Permissions - Admins : Can list, create, delete, modify AWS resources.
- BillingAdmins : Can view billing details, costs, invoices.
- ContainerImageAdmins : Can list, create, delete, modify Docker images.
- Deployers : an list, create, delete, modify Kubernetes resources and list Docker images.
- Admins
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer - BillingAdmins
1 DevOps Engineer - ContainerImageAdmins
1 Technical Account - Deployers
3 Software Developer AWS Prod Bastion EC2 instance to access the Prod internal network and databases. Permissions - Root : Can administer Linux OS.
- User : Can log in and access the internal network of the Production environment.
- Root
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer - User
3 Software Developer
1 Technical Account |
| Log Analysis and Monitoring | Datadog Loggin and Monitoring System | - Login access is restricted only to authorized persons
- Only minimal permissions are granted
- No unauthorized access
| Datadog Log management and monitoring tool for our staging and production applications. Permissions - Admin : Can administer all resources. Can not delete logs.
- Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
- Read : Can read monitors, dashboards, logs.
- Admin
1 DevOps Engineer
1 Infrastructure Engineer ( 1 Contractor )
1 Software Developer
1 Product Owner
1 Technical Account - Write
1 Software Developer
1 Atlassian Consultant - Read
1 Infrastructure Engineer ( 1 Contractor )
6 Software Developer
2 Test Engineer
3 Support Agent
1 Product Owner
1 CEO |
