...
aws ec2 modify-instance-attribute --instance-id THE_MACHINE_S_INSTANCE_ID --groups LIST_OF_GROUPS --profile security
They’re added by Ansible to new servers using the AWS key pair security_access_key / security_secret_key
which are in the group_vars/vault
file.
Security Group | Description | Ports | Details | Admin |
---|---|---|---|---|
| worldwide ssh access | Aspace prod and staging, port 22 | The production and staging ArchivesSpace servers need this group to allow developers to ssh to them. This allows worldwide ssh access; we're using SSH keys to control access. | |
| Public web access | Aspace prod and staging, ports 80 and 443 | Open worldwide, to allow public web access to the production and staging ArchivesSpace servers. | |
| short term production firewall rules | Aspace prod, port 8983 | Used for short-term access to the SOLR configuration on ArchivesSpace production from developers' IP addresses. | |
| short term staging firewall rules | Aspace staging, port 8983 | Used for short-term access to the SOLR configuration on ArchivesSpace production from developers' IP addresses. |
...