Page MenuHomePhabricator
Create Task
Maniphest T344348

Block External Access to The Management Tools
Closed, ResolvedPublic13 Estimated Story Points
Actions

Description

  • Team discussion to agree on the approach

We should block access to tools like:

  • Kafka UI -

3 out of 5 reviews (Reading documentation and testing in the local env)

    • Luvo
    • Ehi
    • Ricardo
    • Ruairi
    • Prabhat
    • Stephan
  • Airflow
  • Sonarqube
  • scheduler

AWS System Manager Sessions Manager should be used for this purpose.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

    1. Acceptance Criteria
  • All the management services do not have external connectivity.
  • Only the authenticated users can access the management services using the Sessions Manager.

Event Timeline

Alex.lep.sp created this task.Aug 16 2023, 1:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 16 2023, 1:57 PM
Alex.lep.sp added a project: Wikimedia Enterprise Engineering.Aug 16 2023, 1:58 PM
Alex.lep.sp moved this task from Engineering Backlog (DevOps, Maintenance, Tech debt) to To Be Estimated/To Be Discussed on the Wikimedia Enterprise board.Aug 16 2023, 2:06 PM
Alex.lep.sp updated the task description. (Show Details)Aug 16 2023, 2:30 PM
Alex.lep.sp updated the task description. (Show Details)
JArguello-WMF updated the task description. (Show Details)Sep 7 2023, 4:37 PM
JArguello-WMF set the point value for this task to 8.
JArguello-WMF assigned this task to Alex.lep.sp.Sep 11 2023, 3:33 PM
JArguello-WMF updated the task description. (Show Details)
JArguello-WMF edited projects, added Wikimedia Enterprise (Sprint 46); removed Wikimedia Enterprise.
JArguello-WMF changed the point value for this task from 8 to 13.Sep 21 2023, 1:17 PM
JArguello-WMF edited projects, added Wikimedia Enterprise (Sprint 47); removed Wikimedia Enterprise (Sprint 46).
JArguello-WMF moved this task from Next Up to In Progress on the Wikimedia Enterprise (Sprint 47) board.Sep 26 2023, 1:17 PM
JArguello-WMF edited projects, added Wikimedia Enterprise (Sprint 48); removed Wikimedia Enterprise (Sprint 47).Oct 5 2023, 1:30 PM
JArguello-WMF moved this task from Next Up to In Progress on the Wikimedia Enterprise (Sprint 48) board.
JArguello-WMF updated the task description. (Show Details)Oct 16 2023, 1:30 PM
JArguello-WMF updated the task description. (Show Details)Oct 17 2023, 1:09 PM
JArguello-WMF updated the task description. (Show Details)Oct 18 2023, 1:48 PM
JArguello-WMF edited projects, added Wikimedia Enterprise (Sprint 49); removed Wikimedia Enterprise (Sprint 48).Oct 19 2023, 12:31 PM
JArguello-WMF moved this task from Next Up to In Progress on the Wikimedia Enterprise (Sprint 49) board.
Alex.lep.sp added a comment.EditedOct 25 2023, 12:54 PM
  • Dev Access to kafka UI and Airflow UI are not available anymore.
  • Production Access will be blocked within 1-2 days.
  • Now the management tools are accessible only using the AWS Sessions manager, so only for a dedicated subset of AWS users. Documentation for activating the access is available.
  • Access to Sonarqube should be blocked in frames of a separate ticket, since Sonarqube also requires an upgrade.
JArguello-WMF moved this task from In Progress to Done on the Wikimedia Enterprise (Sprint 49) board.Nov 1 2023, 2:04 PM
JArguello-WMF closed this task as Resolved.Nov 2 2023, 4:29 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL