...
- do we still need to close port 8080 or has that been done in ec2 scripts?
- create virtual hosts stanza for 443
- generate self-signed cert
- set up log rotation
- with nginx I ran into a max body upload size issue – is that a thing with apache or you've never seen a problem like that?
- monitoring:
website availability
- services
for security
user account creation
CPU / Memory monitoring can help identify security breaches, as well
Keep an eye on AWS; if we start seeing boxes we didn't create spin up there's a problem
- testing ansible – put in some asserts? http://docs.ansible.com/test_strategies.html
Changes I'd like to make
override usernames in roles/housekeeping/defaults/main.yml
Executing the scripts
# ansible config contains private data encrypted using ansible-vault; ask anna for the password
...