-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
DP Connectivity via RH VPN
-
False
-
-
False
-
Not Selected
-
To Do
-
100% To Do, 0% In Progress, 0% Done
-
- 03.02: Waiting for Doron to transfer the delegate role from Sukumar.
- 27.01 Got a response from the GRC team. Next step - analyze the response and follow the instructions.
-
-
-
The primary goal is to provide ACSCS engineering team with secure connectivity to our private ROSA clusters from within the Red Hat Virtual Private Network (RH VPN). The suggested solution involves the following steps:
- Creating a dedicated AWS jump account with strictly limited permissions.
- Creating a new Virtual Private Cloud (VPC) (via an IT Network request) within a pre-allocated IP range that is accessible from the internal Red Hat network.
- Establishing an AWS PrivateLink connection between this new jump account VPC and our existing AWS account, which hosts the customer workloads.
Security Constraints: We will strictly limit connectivity to ingress-only access to our clusters from the jump account. Crucially, we will also ensure and enforce that there is no connectivity whatsoever from the ROSA clusters back to the internal Red Hat network.
Plan
Create a dedicated AWS jump account with strictly limited permissions. (UR0024756 and UR0032610)- Complete ESSv10 assessment (prerequisite for #3)
- Obtain InfoSec approval for the jump solution
- Raise a new IT Network request to setup a VPC in the jump account
- Setup the AWS accounts (jump and existing)
Success Criteria
The clusters are accessible via RH VPN
