2023 Q3

• Updated Virus Protection
• Full Disk Encrytion
• No unauthorized access

Product Team Workstations

We have validated the notebooks of all of our 31 product team members.

• Login access is restricted only to authorized persons
• Only minimal permissions are granted
• No unauthorized access

Bitbucket Cloud - META-INF

Source code management and Build system to store and build the code of our applications.

Permissions

• Admin : Can create, delete repositories and modify repository settings.
• Write : Can push and merge source code modifications and trigger manual build pipelines.
• Read : Can pull source code, read build logs and pull requests.

Repository1

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 CEO

Repository2

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 CEO

Repository3

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 CEO

Repository4

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 CEO

Repository5

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 Technical Account
  1 CEO
• Read
  3 Test Engineer

Repository6

• Admin
  1 DevOps Engineer
  3 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  8 Software Developer
  3 Test Engineer
  2 Support Agent
  1 CEO

Repository7

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  2 Support Agent
  1 CEO

Repository8

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  13 Software Developer( 3 Contractor )
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO
• Read
  1 Software Developer( 1 Contractor )
  1 Support Agent

Repository9

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  13 Software Developer( 3 Contractor )
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO

Repository10

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO

Repository11

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO

Repository12

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO

Repository13

• Admin
  1 DevOps Engineer
  1 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  10 Software Developer
  3 Test Engineer
  2 Support Agent
  1 Technical Account
  1 CEO

Repository14

• Admin
  1 DevOps Engineer
  3 Software Developer
  2 Product Owner
  1 Technical Account
• Write
  8 Software Developer
  3 Test Engineer
  2 Support Agent
  1 CEO

• Login access is restricted only to authorized persons
• Only minimal permissions are granted
• No unauthorized access

Jfrog Artifactory

Artifact management system to store the build logs and artifacts of your application.

Permissions

• Admin : Can create, delete repositories and modify repository settings.
• Write : Can upload, delete, overwrite (in snapshot repositories) artifacts.
• Read : Can list, download artifacts.

Repository1

• Admin
  1 DevOps Engineer
• Write
  1 Technical Account
• Read
  11 Software Developer
  3 Test Engineer
  1 Product Owner

Repository2

• Admin
  1 DevOps Engineer
• Write
  1 Technical Account
• Read
  11 Software Developer
  3 Test Engineer
  1 Product Owner

• Cloud Console access is restricted only to authorized persons
• SSH access is protected by keys and MFA
• Database access is possible only from the internal network
• Kubernetes access is possible only from the internal network
• Only minimal permissions are granted
• No unauthorized access

AWS Stage

Separated AWS Account for the Stage resources.

Permissions

• StageAdmins : Can list, create, delete, modify AWS resources.
• StageContainerImageAdmins : Can list, create, delete, modify (in snapshot repositories) Docker images.
• StageContainerImageReaders : Can list Docker images.
• StageSupport : an list, create, delete, modify Kubernetes resources and list Docker images.
• InfraBackup : Can list, create, delete, modify items in the Backup S3 Bucket.
• StageEticmaTechUsers : Can list, create, delete, modify ETICMA app related resources w/o MFA.

• StageAdmins
  1 DevOps Engineer
  3 Infrastructure Engineer( 3 Contractor )
  1 Software Developer
• StageContainerImageAdmins
  1 Technical Account
• StageContainerImageReaders
  1 Technical Account
• StageSupport
  3 Software Developer
• InfraBackup
  1 Technical Account
• StageEticmaTechUsers
  1 Technical Account

AWS Stage Bastion

EC2 instance to access the Stage internal network and databases.

Permissions

• Root : Can administer Linux OS.
• User : Can log in and access the internal network of the Staging environment.

• Root
  1 DevOps Engineer
  3 Infrastructure Engineer( 3 Contractor )
  1 Software Developer
• User
  3 Software Developer

• Cloud Console access is restricted only to authorized persons
• SSH access is protected by keys and MFA
• Database access is possible only from the internal network
• Kubernetes access is possible only from the internal network
• Only minimal permissions are granted
• No unauthorized access

AWS Prod

Separated AWS Account for the Prod resources.

Permissions

• Admins : Can list, create, delete, modify AWS resources.
• BillingAdmins : Can view billing details, costs, invoices.
• ContainerImageAdmins : Can list, create, delete, modify Docker images.
• Support : an list, create, delete, modify Kubernetes resources and list Docker images.

• Admins
  1 DevOps Engineer
  3 Infrastructure Engineer( 3 Contractor )
  1 Software Developer
• BillingAdmins
  1 DevOps Engineer
• ContainerImageAdmins
  1 Technical Account
• Support
  3 Software Developer

AWS Prod Bastion

EC2 instance to access the Prod internal network and databases.

Permissions

• Root : Can administer Linux OS.
• User : Can log in and access the internal network of the Production environment.

• Root
  1 DevOps Engineer
  3 Infrastructure Engineer( 3 Contractor )
  1 Software Developer
• User
  3 Software Developer

• Login access is restricted only to authorized persons
• Only minimal permissions are granted
• No unauthorized access

Datadog EU

Log management and monitoring tool for our staging and production applications.

Permissions

• Admin : Can administer all resources. Can not delete logs.
• Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
• Read : Can read monitors, dashboards, logs.
• Billing : Can view billing details, and download invoices

• Read
  1 DevOps Engineer
  2 Infrastructure Engineer( 2 Contractor )
  7 Software Developer
  3 Test Engineer
  8 Support Agent
  1 Product Owner
  1 CEO
• Billing
  1 Finance

Datadog US

Log management and monitoring tool for our staging and production applications.

Permissions

• Admin : Can administer all resources. Can not delete logs.
• Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
• Read : Can read monitors, dashboards, logs.
• Billing : Can view billing details, and download invoices

• Read
  1 DevOps Engineer
  2 Infrastructure Engineer( 2 Contractor )
  7 Software Developer
  3 Test Engineer
  8 Support Agent
  1 Product Owner
  1 CEO
• Billing
  1 Finance