diff --git a/aws/documentation/gov-funding-lapse/README.md b/aws/documentation/gov-funding-lapse/README.md index 6dd2ad06..1ce110d5 100644 --- a/aws/documentation/gov-funding-lapse/README.md +++ b/aws/documentation/gov-funding-lapse/README.md @@ -15,8 +15,92 @@ Planning Shutdown for Lapse Appropriation -- In the event there is a lapse in Fe 1. Banner pages are not yet final, but will go up Saturday at 7:00am 1. If there is a lapse in appropriations, everyone is allowed up to 4 hours to perform shutdown activities on Monday. There are just a few people who will get letters from HR that have been ID'd to work longer than 4 hours to assist with orderly shutdown activities and even fewer people who will be around to protect life and property beyond the orderly shutdown. -## What is expected to still be up +## What is expected to still be up? -## What happens when that thing goes down +This set of things are both on prem and may be in clould as well. +* Active Directory +* eDirectory +* Identity Manager (IDP) +* DNS +* Azure + * Axonius + * ADFS + * Sentinel + * Defender +### SaaS + +* Okta +* Apptio +* Datadog + +## What happens when that thing goes down? + +They stay down. Alerting whether to contact someone is TBD. + +## Tagging + +We would like to add some tags to help handle the desired shutdown efforts. + +We will use a prefix of `gfl_` (government funding lapse). Several tags will be available for use + +* gfl_shutdown_timestamp + +This is **required**, and is the ISO 8601 timestamp of the time the service was shutdown. You can get this from Linux with `date --iso=seconds` +or with Terraform in the `timestamp()` function. With python: + +```python +from datetime import datetime,timezone +stamp=datetime.now(timezone.utc).isoformat() +# '2024-12-20T19:27:01.025818+00:00' +``` + +* gfl_shutdown_excluded + +This is optional. Set this value to `true` if the resource (EC2, RDS, EKS, ECS service or task, etc.) is NOT to be shut down. It is not necessary to set it to +`false`. + +* gfl_asg_details + +This is optional, and will likely be set through automated scripts which find autoscaling gropus + +## Who is doing what? + +The following areas are covering their own systems: + +* DAS + * both ma8 and ma10 accounts + * All resources +* EDL + * ALL EDL related accounts (approximately 40) + * EC2 + * RDS + * Sagemaker + * Redshift +* DICE Mojo + * Mojo systems in ma6,ma11,ma12,ma13,ma14,ma17,ma18,ma19 + * ECS services and tasks +* DICE Centurion + * Centurion systems in ma6,ma11,ma12,ma13,ma14,ma17,ma18,ma19 + * ECS services and tasks + +## Resource Plans + +For all systems not covered above, CSVD will handle the following resources and actions. + +* EC2 + * we will attempt to stop EC2 instances +* RDS + * we will attempt to stop EC2 instances +* EKS + * add autoscaling scale to 0 +* ECS + * not sure how much of this there is, but there are a couple of Infrastructure ones for logging for CISA which will remain functional +* Lambdas + * Mostly, nothing + +# CHANGELOG + +* 1.0.0 -- 2024-12-20 + - initial