/
AWS Security Groups used for ArchivesSpace (OBSOLETE)

AWS Security Groups used for ArchivesSpace (OBSOLETE)

Our security groups are administered at https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#SecurityGroups.

A security group allows certain IP addresses to connect a machine, once the machine has been added to the security group like this:

aws ec2 modify-instance-attribute --instance-id THE_MACHINE_S_INSTANCE_ID --groups LIST_OF_GROUPS --profile security

They’re added by Ansible to new servers using the AWS key pair security_access_key / security_secret_key

which are in the group_vars/vault file.

Security Group

Description

Ports

Details

Admin

Security Group

Description

Ports

Details

Admin

Management-Access

worldwide ssh access

Aspace prod and staging, port 22

Allows SSH access by developers to the ArchivesSpace server.

admin

Public-Access-Web

Public web access

Aspace prod and staging, ports 80 and 443

Allows public web access to the production and staging ArchivesSpace servers.

admin

Temp-Production

short term production firewall rules

Aspace prod, port 8983

Used to allow developers and export code to access the ASpace API.

admin

Temp-Staging

short term staging firewall rules

Aspace staging, port 8983

See Temp-Production.

admin

In addition there is a default security group that appears unused, but cannot be deleted.

When a machine has multiple security groups, as long as any one of the groups allows access the connection will work through the firewall. Anything not covered will be rejected however.

 

Related content

ArchivesSpace after Ansible (OBSOLETE)
ArchivesSpace after Ansible (OBSOLETE)
More like this
Key Rotation (OBSOLETE)
Key Rotation (OBSOLETE)
More like this
Migration to LibraryHost (COMPLETE)
Migration to LibraryHost (COMPLETE)
Read with this
Technical documentation
Technical documentation
More like this
ArchivesSpace
Read with this