Architecture Notes.md 3.0 KB
Architecture Notes
Notes on the multiaccount/multipartition architecture. Draft.
VPC Breakdown
Proposed VPC Breakdown
| VPC Name | Accounts | Purpose | Servers | Special Traffic Considerations |
|---|---|---|---|---|
| vpc-splunk | Customer and C2 | Splunk Clusters including Moose | splunk-* | Inbound Splunk Data from Customers |
| vpc-interconnects | C2 Gov Only | Connect GovCloud and Commercial | interconnect-* | IPSEC inbound and outbound to Transit Gateways |
| vpc-access | C2 Gov Only | VPN and Bastion Access | openvpn-*, bastion* | Inbound from internet/whitelist. Outbound to all systems on admin ports. |
| vpc-portal | C2 Gov Only??? | Customer Portal | portal* and supporting | Inbound HTTPS, outbound to customer vpc-splunk |
| vpc-public | C2 Gov Only | Publicly Accessible Services for Infrastructure | github, ghe-backup, jira | Inbound HTTPS |
| vpc-scanners | C2 Gov and Commercial | Security Scanning | qualys-* | Outbound to private |
| vpc-system-services | C2 Gov and Commercial(?) | Services provided to systems | mailrelay, oscontext-unbound, proxy, reposerver, resolver, salt-master, sensu, vault | Inbound from private |
| vpc-private-services | C2 Gov Only | Employee Services that access Splunk | fm-shared-search, qcompliance, phantom | Inbound from employees, outbound to all splunk |
| vpc-vmray | VMRay | Malware Detonation | vmray-* | Inbound from employees |