...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have an ESDIS approved Cost-Model on file? | user-c2913 confirm with Valerie | |||
Does target EDC account(s) have sufficient funds allocated in CloudTamer for anticipated cloud costs? | Y | |||
Is application team aware of AUTOMATED AWS account level cost monitoring, alerting, and enforcements?
Manual actions to delete resources will be considered above Freeze-Spend and Circuit Breaker levels | Y | |||
Are CloudTamer budget-based notifications configured to send emails to all desired app-team individuals? | Y | NASD-2736 filed to enable this. | ||
Is application team aware of AWS options for monitoring and alerting on cloud costs expenditures specific to their account and use-case
| Y | |||
Does application team have a process to monitor / audit cloud expenditures and take action if required? | Y | |||
<add rows as needed> |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team reviewed the EDC Tenant Run Rules and confirmed they are able to operate within those rules? Earthdata Cloud Tenant Run Rules | Y | |||
Has the application team noted any needed exceptions / waivers from EDC Tenant Run Rules? If so, have those requests been approved? | Y | None needed | ||
Does the application team have an approved Operational Security Agreement (OSA) on file with ESDIS Security? OSA Template Handbook | Ryan Abbott to finalize SOP | |||
Is application team leveraging EDC CICD for deployments or alternative mechanisms? (NOTE: not required, just for record keeping) | Y | |||
Is application team aware of software vulnerability scanning and reporting requirements?
| Y | |||
Is application team aware of, or been made aware of via the ESDIS Security, any known vulnerabilities. Are known vulnerabilities addressed, mitigated, or residual risk within acceptable levels? | N | |||
Does the application team have processes in place to identify, assess, and address security vulnerabilities if they occur? | Y | |||
<add rows as needed> |
...