From d93d138f9baf02128fc13d960e86e3fe217e153d Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 25 Feb 2026 13:33:16 -0500 Subject: [PATCH] added services and ec2 deployment --- aws/projects/adsd-centurion-1.0/README.md | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/aws/projects/adsd-centurion-1.0/README.md b/aws/projects/adsd-centurion-1.0/README.md index f768a1a3..eb53d42f 100644 --- a/aws/projects/adsd-centurion-1.0/README.md +++ b/aws/projects/adsd-centurion-1.0/README.md @@ -30,8 +30,46 @@ are not used by the Centurion application. * adsd-centurion-dmz-prod-{ew,gov} * prod +## Services/Connections for DMZ EC2 to consider + +1. EC2 deployment + * Service Catalog + * Ansible Automation Platform (AAP) +1. RHEL Satellite + * from servers (all DMZ networks) to on-prem host sat-ecap2.csvd.census.gov + * ports TCP: 80, 443, 9090, 5647 + * ports UDP: same (this is probably wrong, not setting it up) +1. MS Defender + * This is all done through proxy so this should work as-is. +1. MS ARC Agent + * This is all done through proxy so this should work as-is. + * Is it needed? +1. BigFix + 8 will need to reference on prem dmz +1. Backups + * there are no netbackup servers in the AWS DMZ + * do not want to use on-prem backup serves in the DMZ to backup over network + * may be a good opportunity to explore AWS Backups for ec2, ebs, rds, s3 +1. Monitoring + * solarwinds is on prem dmz and can be made to have access if not already + +### EC2 deployment + +Work needs to be done by (mostly the) provisioning team in order to make AWS DMZ capabilities happen. + +1. Update ansible settings for AWS DMZ based on on-prem DMZ settings +1. Update other ansible settings as appropriate +1. Get service catalog shared to DMZ and updated accordingly + +### RHEL Satellite + +1. Satellite AWS DMZ to on-prem FW rules +1. PrivateLink and NLB for AAP to allow connection to server from DMZ + + # CHANGELOG * 1.0.0 -- 2026-02-24 - initial - identify account structure + - added services and ec2 deployment