Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create CSA region-to-email mapping YAML file for cisagov/cyhy-mailer #749

Merged
merged 2 commits into from
Apr 1, 2024
Merged

Create CSA region-to-email mapping YAML file for cisagov/cyhy-mailer #749

merged 2 commits into from
Apr 1, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Mar 26, 2024
edited
Loading

🗣 Description

This pull request makes the necessary changes to create the CSA region-to-email mapping YAML file now required by cisagov/cyhy-mailer as of cisagov/cyhy-mailer#101.

Note that I added the appropriate YAML to the SSM Parameter Store variable /cyhy/csa_email_yaml to the CyHy AWS account in all four US regions.

💭 Motivation and context

Partly resolves cisagov/cyhy-system#114. See also cisagov/cyhy-mailer#101.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@jsf9k jsf9k added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use ansible Pull requests that update Ansible code labels Mar 26, 2024
@jsf9k jsf9k self-assigned this Mar 26, 2024
@jsf9k jsf9k marked this pull request as ready for review March 27, 2024 13:42
@jsf9k jsf9k mentioned this pull request Mar 27, 2024
Merged
12 tasks
@jsf9k jsf9k requested a review from a team March 27, 2024 13:44
dav3r
dav3r approved these changes Mar 27, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍
Please see my one minor change request.

ansible/roles/cyhy_mailer/vars/main.yml Show resolved Hide resolved
@jsf9k @dav3r
Alphabetize vars
2da8dff 
Co-authored-by: dav3r <[email protected]>
@dv4harr10
Copy link
Contributor

Hi Team, one medium severity issue at terraform_egress_pub/cloudfront.tf line 144, detected an AWS CloudFront Distribution with an insecure TLS version. TLS versions less than 1.2 are considered insecure because they can be broken. To fix this, set minimum_protocol_version to "TLSv1.2_2018", "TLSv1.2_2019", or "TLSv1.2_2021".

@jsf9k jsf9k mentioned this pull request Mar 27, 2024
Open
@dv4harr10
Copy link
Contributor

Hi Team, one potential medium severity issue at terraform/ files bod_vpc_flow_logs.tf, cyhy_vpc_flow_logs.tf, and mgmt_vpc_flow_logs.tf each file at line 43, aws-cloudwatch-log-group-no-retention. The AWS CloudWatch Log Group has no retention. Missing retention in log groups can cause losing important event information.

@jsf9k
Copy link
Member Author

jsf9k commented Mar 27, 2024

Hi Team, one medium severity issue at terraform_egress_pub/cloudfront.tf line 144, detected an AWS CloudFront Distribution with an insecure TLS version. TLS versions less than 1.2 are considered insecure because they can be broken. To fix this, set minimum_protocol_version to "TLSv1.2_2018", "TLSv1.2_2019", or "TLSv1.2_2021".

The issue you bring up has nothing to do with this pull request, but I created #750 to capture your concern.

@jsf9k jsf9k mentioned this pull request Mar 27, 2024
Open
@jsf9k
Copy link
Member Author

jsf9k commented Mar 27, 2024

Hi Team, one potential medium severity issue at terraform/ files bod_vpc_flow_logs.tf, cyhy_vpc_flow_logs.tf, and mgmt_vpc_flow_logs.tf each file at line 43, aws-cloudwatch-log-group-no-retention. The AWS CloudWatch Log Group has no retention. Missing retention in log groups can cause losing important event information.

The issue you bring up has nothing to do with this pull request, but I created #751 to capture your concern.

@dav3r
Copy link
Member

dav3r commented Mar 28, 2024

@jsf9k I forgot to ask this earlier, but did you already populate the correct CSA/email YAML in SSM (/cyhy/csa_email_yaml)? If so, please mention that somewhere in the PR description above.

@dav3r dav3r merged commit 9b71976 into develop Apr 1, 2024
8 checks passed
@dav3r dav3r deleted the feature/email-csas branch April 1, 2024 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

Assignees

@jsf9k jsf9k

@dav3r dav3r

Labels
ansible Pull requests that update Ansible code improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
CyHy System
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Include CSAs on weekly CyHy reports and daily notifications for entities in their regions
4 participants
@jsf9k @dv4harr10 @dav3r @mcdonnnj