Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK02. Startup Blueprint 🚀 #25

Open
19 of 27 tasks
nnthanh101 opened this issue May 24, 2021 · 0 comments
Open
19 of 27 tasks

CDK02. Startup Blueprint 🚀 #25

nnthanh101 opened this issue May 24, 2021 · 0 comments
Assignees
@nnthanh101
Labels
CDK AWS Cloud Development Kit Infrastructure AWS Infrastructure: AWS Organization, Account, VPC, ... Security & Compliance Security & Compliance
Milestone
Jan-2022

Comments

@nnthanh101
Copy link
Owner

nnthanh101 commented May 24, 2021
edited
Loading

This deployment creates the underlying infrastructure, according to AWS best practices, and configures it for identity management, access control, VPN, logging, alarms, and compliance auditing. It contains three partitioned virtual private clouds (VPCs) for production, development, and management processes.

  • 1. Core VPCs: A highly available architecture with three VPCs, each with two Availability Zones. /16/18 & **/23/**24

    • Development-VPC: to build and test Dev/Test workloads.
    • Management-VPC: with AWS Client VPN endpoints in the public subnets.
    • Production-VPC: deploy production workload + using AWS Service Catalog.
    • Peering connections to allow Secure Shell (SSH) and remote desktop access from the management VPC to private subnets in the production and development VPCs.
    • VPC Endpoints: Gateway Endpoint & Interface Endpoint
      • S3
      • DynamoDB
      • ECR: ECR - VPC Endpoint --> ECS

  • 2. Client VPN Capability:

    • VPN

  • 3. AWS Config Conformance Packs: AWS Config to assess, audit, and evaluate security compliance of your AWS resources and remediate deviations from the following conformance packs:

    • Operational Best Practices For AWS Identity And Access Management
    • Operational Best Practices For Amazon S3
    • Operational-Best-Practices-for-Serverless
    • Operational Best Practices for NIST CSF
    • Operational Best Practices for HIPAA Security
    • AWS Control Tower Detective Guardrails Conformance Pack

  • 4. Shared Route53 DNS >> Private HostedZone: Amazon Route 53 for a private Domain Name System (DNS).

    • corp: DevelopmentVpc & ManagmentVPC & ProductionVpc

  • 5. Region Restriction

    • APPLY_REGION_RESTRICTION_APJ
    • [-] APPLY_REGION_RESTRICTION_US

  • 6. Service Catalog

References
@nnthanh101 nnthanh101 changed the title ### Startup Blueprint Startup Blueprint 🚀 May 24, 2021
@nnthanh101 nnthanh101 added CDK AWS Cloud Development Kit Infrastructure AWS Infrastructure: AWS Organization, Account, VPC, ... Security & Compliance Security & Compliance labels May 24, 2021
@nnthanh101 nnthanh101 added this to the Sprint #1 milestone May 24, 2021
@nnthanh101 nnthanh101 self-assigned this Jul 1, 2021
@nnthanh101 nnthanh101 modified the milestones: Sprint #1, Jan-2022 Jan 4, 2022
@nnthanh101 nnthanh101 changed the title Startup Blueprint 🚀 CDK04. Startup Blueprint 🚀 Jan 4, 2022
@nnthanh101 nnthanh101 changed the title CDK04. Startup Blueprint 🚀 CDK02. Startup Blueprint 🚀 Jan 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nnthanh101 nnthanh101

Labels
CDK AWS Cloud Development Kit Infrastructure AWS Infrastructure: AWS Organization, Account, VPC, ... Security & Compliance Security & Compliance
Projects
None yet
Milestone
Jan-2022
Development

No branches or pull requests
1 participant
@nnthanh101