version 1.1
Current as of: 08
Info | ||
---|---|---|
| ||
This template is to be used as a guide for performing ESDIS Review Gates of applications within the Earthdata Cloud |
...
Date | Artifact | POC | Notes | Action Items | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
10/1/2021 |
| This feature was requested by ESDIS and the most desirable solution was to leverage a new version of the Earthdata Access application. | ||||||||||||||
|
| Slide deck for ERG |
Date | Notes | Action Items |
---|---|---|
11 | SIT DNS cutover. Pushed back due to Platform over-allocation. | |
| UAT DNS cutover | |
| Prod DNS Cutover |
...
DNS Entries | CloudFront URLs | AWS Endpoints (URL / ARN) | AART Registration | Notes | Action Items |
---|---|---|---|---|---|
https://access.sit.earthdata.nasa.gov | NASD-2639 | https://aart.nasa.gov/entities/1325187 | DNS entry currently point to on-prem application. NASD-2723 | ||
https://access.uat.earthdata.nasa.gov | NASD-2637 | NASD-2640 | https://aart.nasa.gov/entities/1463111 | DNS entry currently point to on-prem application. NASD-2724 | |
https://access.earthdata.nasa.gov | NASD-2638 | NASD-2641 | https://aart.nasa.gov/entities/1286711 | DNS entry currently point to on-prem application. NASD-2725 | |
<add rows as needed> |
...
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Mark Reese | Product Owner | mreese@element84.com | ||
Ryan Abbott | Technical POC | ryan@element84.com | ||
Mark Reese | Operations POC | mreese@element84.com | Temporary while we try to backfill the position. | |
<add rows as needed> |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have an ESDIS approved Cost-Model on file? | Y | |||
Does target EDC account(s) have sufficient funds allocated in CloudTamer for anticipated cloud costs? | Y | |||
Is application team aware of AUTOMATED AWS account level cost monitoring, alerting, and enforcements?
Manual actions to delete resources will be considered above Freeze-Spend and Circuit Breaker levels | Y | |||
Are CloudTamer budget-based notifications configured to send emails to all desired app-team individuals? | Y | NASD-2736 filed to enable this. | ||
Is application team aware of AWS options for monitoring and alerting on cloud costs expenditures specific to their account and use-case
| Y | |||
Does application team have a process to monitor / audit cloud expenditures and take action if required? | Y | |||
<add rows as needed> |
NGAP References:
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have processes in place to address operations issues that arise with their application in the EDC? | Y | |||
Do application team and platform team have a common understanding of the shared operational responsibilities between:
| Y | |||
Does application team have any "critical" functionality requiring 24/7 on-call platform support? "Critical" is scoped to items where the loss of functionality will irrevocably harm science data retention. (Ex: satellite data will be lost with no means of recovery) | N | |||
Is application team aware of and familiar with NGAP Service Desk (NASD): NASD Link | Y | |||
Is application team aware of and familiar with AWS Enterprise Support | Y | |||
Is application team aware of and subscribed to NGAP Announcements: Subscribe to the NGAP Announcements Mailing List | Y | |||
Is application team aware of NGAP / Security Office Hours? Office Hours Link | Y | |||
<add rows as needed> |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team reviewed the EDC Tenant Run Rules and confirmed they are able to operate within those rules? Earthdata Cloud Tenant Run Rules | Y | |||
Has the application team noted any needed exceptions / waivers from EDC Tenant Run Rules? If so, have those requests been approved? | Y | None needed | ||
Does the application team have an approved Operational Security Agreement (OSA) on file with ESDIS Security? OSA Template Handbook | Y | (can post OSA here if allowed) | Sent to Rajiv 10/10/2021.Ryan Abbott to finalize SOP | |
Is application team leveraging EDC CICD for deployments or alternative mechanisms? (NOTE: not required, just for record keeping) | Y | |||
Is application team aware of software vulnerability scanning and reporting requirements?
| Y | |||
Is application team aware of, or been made aware of via the ESDIS Security, any known vulnerabilities. Are known vulnerabilities addressed, mitigated, or residual risk within acceptable levels? | N | |||
Does the application team have processes in place to identify, assess, and address security vulnerabilities if they occur? | Y | |||
<add rows as needed> |
...