New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a management domain in app-prod-pdx #101

Merged
merged 1 commit into from Nov 12, 2018

Conversation

Projects
None yet
1 participant
@lopopolo
Copy link
Owner

lopopolo commented Nov 12, 2018

VPC endpoints should only exist once per VPC. SSM Endpoint needs to be
exposed to packer builder and app backends. Create a new network segment
called management where shared infrastructure can live.

S3 and SSM VPC endpoints are provisioned in management private subnets.
SSM endpoint is wrapped in its own security group. Prefix list and
security group are exposed from network module.

Create a management domain in app-prod-pdx
VPC endpoints should only exist once per VPC. SSM Endpoint needs to be
exposed to packer builder and app backends. Create a new network segment
called management where shared infrastructure can live.

S3 and SSM VPC endpoints are provisioned in management private subnets.
SSM endpoint is wrapped in its own security group. Prefix list and
security group are exposed from network module.
@lopopolo

This comment has been minimized.

Copy link
Owner

lopopolo commented Nov 12, 2018

There were some assumptions I had to fix around there being only one public subnet.

Converted some outputs to lists (from CSVs).

@lopopolo

This comment has been minimized.

Copy link
Owner

lopopolo commented Nov 12, 2018

This PR is part of the remediations for the SSM rollout postmortem.

@lopopolo lopopolo merged commit b2c609b into master Nov 12, 2018

lopopolo added a commit that referenced this pull request Nov 12, 2018

Add a lab terraform environment
Test that network module has no hidden ordering dependencies.
GH-101 fixed ordering dependencies in VPC endpoint creation.
The lab validates that a new VPC can be spun up from scratch
cleanly.

Fixes GH-78.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment