ISG Playbook
APIs
Granting Access for CJE - Single Tenant
Adding Rules to a Security Group
Follow these steps to add rules to a security group:
Navigate to the EC2 Dashboard:
>Access the AWS Management Console and go to the EC2 Dashboard.
>Select the EC2 instance by clicking in the instance ID
> Scroll down and click on security and select the security group I want to update
Edit Inbound:
>Click on "Edit inbound rules" and then "Add Rule."
Configure Rule:
>Configure the rule based on your specific needs, here I select the "type" as "All traffic" and "Source" as "Custom" and paste the CIDR I want to add in the space next to Custom.
>For "Description", I put in "CJE".
Review and Apply:
>Review the rule settings and apply the changes.
>Confirm that the new rule is added successfully by checking the security group's rules again.
Updating IAM Roles for Trust Relationships
Creating a Trust Relationships:
Navigate to the EC2 Dashboard:
>Access the AWS Management Console and go to the IAM Dashboard.
>Here the role I am looking for is directly attached to the EC2 instance so I will click on the instance ID and it will display the IAM Role attached to it.
>Select the IAM role for which you want to update the trust relationships
Edit Trust Relationships:
>Under the "Trust relationships" tab, click on "Edit trust relationship."
>Update the policy document to allow the necessary trust relationships.
>Here I added the AssumeRolePolicyDocument(trust policy) that was giving to the existing trust policy.
>Review the changes and save the updated trust relationship policy.
>Confirm that the trust relationships are updated by reviewing the IAM role details.
List of Jobs that will run during the Testing
IaC_Utilities ( node monitor)
> Multi Tenant CJE: Runs every 15 mins
> Single Tenant CJE: Runs every 20 mins. *
CJE-Admin-Scripts-DONOTDELETE (heistmaster-diskusage-monitor)
> Multi Tenant CJE: Runs at 1:33pm every 24hrs
> Single Tenant CJE: Runs at 1:25pm every 24hrs. *
FAS:
> Multi Tenant CJE: 10 PM every day from Monday to Friday
> Single Tenant CJE: 11:00 PM every Monday to Friday. *
EQRS:
> Multi Tenant CJE: 5:00 PM every weekday Monday to Friday.
> Single Tenant CJE: 12:00 AM every weekday Monday to Friday. *
DAMOD:
> Multi tenant CJE: 11:00 AM from Monday to Friday.
>Single Tenant CJE: 1:00 AM every weekday Monday to Friday. *
FIVS:
> Multi Tenant CJE: 6:00 PM every Monday to Friday.
> Single Tenant CJE: 4:00 AM every weekday Monday to Friday. *
PRS:
> Multi Tenant CJE: 5:00 PM every weekday Monday to Friday
> Single Tenant CJE: 7:00 AM every Monday to Friday. *
DARRT:
> Multi tenant CJE: 9:00 PM every Monday to Friday.
> Single Tenant CJE: 6:00 AM every Monday to Friday. *
iQIES:
> Multi Tenant CJE: 2:01 AM every Monday to Friday.
> Single Tenant CJE: 1:00 AM every Monday to Friday. *
QMARS:
> Multi Tenant CJE: 11:00 AM every Monday to Friday.
> Single Tenant CJE 12:00 PM every Monday to Friday. *
Atlassian:
> Multi Tenant CJE: 4:00 PM every Monday to Friday.
> Single Tenant CJE: 7:00 PM every Monday to Friday. *
DEL:
> Multi Tenant CJE: 3:00 PM every Monday to Friday.
> Single Tenant CJE: 9:00 PM every Monday to Friday.
HARP:
> Multi Tenant CJE: 4:00 PM every Monday to Friday.
> Single Tenant CJE: 5:00 AM every weekday (Monday to Friday
HQR:
> Multi Tenant CJE: 8:00 PM every Monday to Friday.
> Single Tenant CJE: 3:00 AM every weekday (Monday to Friday
QNP:
> Multi Tenant CJE: 5:00 PM every Monday to Friday.
> Single Tenant CJE: 1:00 AM every weekday (Monday to Friday
Some Issues encountered during the Setup
Issue
Jenkins agent unable to connect to master.
Solution
The F5 needed to have an ASM (Application Security Manager) applied to it instead of SSLO, and the websocket profile added to it.