Least-privilege security hardening

[jimleroyer]

Description

As a sysops working in GCNotify,
I want to apply least privilege security principles on its components,
So that I can improve the overall security and reduce attack vectors in our software suite.

WHY are we building?

To improve further our security within GCNotify and reduce impact of potential attacks.

WHAT are we building?

Run reports and tests against our suite with regard to various components such as our AWS infrastructure (https://aws.amazon.com/iam/access-analyzer/), Kubernetes access, and potential security profile targeting security hardening.

VALUE created by our solution

More security and reduced risk in case of breach.

Acceptance Criteria

This is an epic task, hence the detailed steps should be comprised within its tasks. These criteria should be satisfied on a high level:

• Identify a potential security profile to verify against this least-privilege security hardening exercise.
• Identify tools by AWS and 3rd parties targeting AWS infrastructure.
• Identify security checkers for Kubernetes that we can use.
• The delivered reports should be hosted in a protected B environment.

QA Steps

• The list of selected tools for Kubernetes is reviewed by the team.
• The list of selected tools for AWS is reviewed by the team.
• The security profile is reviewed by the team.