update

terraform · Dec 20, 2024 · 139938e · 139938e
1 parent 42090d8
commit 139938e
Showing 1 changed file with 86 additions and 2 deletions.
diff --git a/aws/documentation/gov-funding-lapse/README.md b/aws/documentation/gov-funding-lapse/README.md
@@ -15,8 +15,92 @@ Planning Shutdown for Lapse Appropriation -- In the event there is a lapse in Fe
 1. Banner pages are not yet final, but will go up Saturday at 7:00am
 1. If there is a lapse in appropriations, everyone is allowed up to 4 hours to perform shutdown activities on Monday.  There are just a few people who will get letters from HR that have been ID'd to work longer than 4 hours to assist with orderly shutdown activities and even fewer people who will be around to protect life and property beyond the orderly shutdown.
 
-## What is expected to still be up
+## What is expected to still be up?
 
-## What happens when that thing goes down
+This set of things are both on prem and may be in clould as well.
 
+* Active Directory
+* eDirectory
+* Identity Manager (IDP)
+* DNS
+* Azure
+  * Axonius
+  * ADFS
+  * Sentinel
+  * Defender
 
+### SaaS
+
+* Okta
+* Apptio
+* Datadog
+
+## What happens when that thing goes down?
+
+They stay down.  Alerting whether to contact someone is TBD.
+
+## Tagging
+
+We would like to add some tags to help handle the desired shutdown efforts.
+
+We will use a prefix of `gfl_` (government funding lapse).  Several tags will be available for use
+
+* gfl_shutdown_timestamp
+
+This is **required**, and is the ISO 8601 timestamp of the time the service was shutdown.  You can get this from Linux with `date --iso=seconds`
+or with Terraform in the `timestamp()` function. With python:
+
+```python
+from datetime import datetime,timezone
+stamp=datetime.now(timezone.utc).isoformat()
+# '2024-12-20T19:27:01.025818+00:00'
+```
+
+* gfl_shutdown_excluded
+
+This is optional.  Set this value to `true` if the resource (EC2, RDS, EKS, ECS service or task, etc.) is NOT to be shut down.  It is not necessary to set it to
+`false`.
+
+* gfl_asg_details
+
+This is optional, and will likely be set through automated scripts which find autoscaling gropus
+
+## Who is doing what?
+
+The following areas are covering their own systems:
+
+* DAS
+  * both ma8 and ma10 accounts
+  * All resources
+* EDL
+  * ALL EDL related accounts (approximately 40)
+  * EC2
+  * RDS
+  * Sagemaker
+  * Redshift
+* DICE Mojo
+  * Mojo systems in ma6,ma11,ma12,ma13,ma14,ma17,ma18,ma19
+  * ECS services and tasks
+* DICE Centurion
+  * Centurion systems in ma6,ma11,ma12,ma13,ma14,ma17,ma18,ma19
+  * ECS services and tasks
+
+## Resource Plans
+
+For all systems not covered above, CSVD will handle the following resources and actions.
+
+* EC2
+  * we will attempt to stop EC2 instances
+* RDS
+  * we will attempt to stop EC2 instances
+* EKS
+  * add autoscaling scale to 0
+* ECS
+  * not sure how much of this there is, but there are a couple of Infrastructure ones for logging for CISA which will remain functional
+* Lambdas
+ * Mostly, nothing
+
+# CHANGELOG
+
+* 1.0.0 -- 2024-12-20
+  - initial