This site requires JavaScript to be enabled
An updated version of this article is available

AWS Data Center Standard

1202 views

4.0 - Last modified on 2024-04-16 Revised by Devin Collins

3.0 - Last modified on 2023-01-23 Revised by Jacob Gray

2.0 - Last modified on 2022-01-19 Revised by Amy Ren

1.0 - Created on 2017-04-28 Authored by Jason Williams

Administrators who are granted access to the Office of Information Technologies AWS data center must follow this standard. Any administrator who violates the rules of this standard without the written approval of the Director of Information Security may have their access revoked indefinitely.

  1. Administrators must follow Notre Dame’s Data Center Network Access Standard
  2. Production services may only be hosted in the DCND account unless otherwise approved by Standards and Architecture.
  3. Production services must be designated as “Production” either by tag, naming convention, or other means.
  4. The “Production” designation may only be applied or removed with an approved RFC.
  5. An approved RFC is required for all changes to production services.
  6. An approved RFC is required for all access to sensitive data.
  7. Sensitive and highly sensitive data may only be stored or accessed in the DCND account unless approved by Standards and Architecture.
  8. The IaaS Governance Committee and the Director of Information Security approve all AWS products and vendor products used in the DCND account.
  9. The Platforms Manager approves all OS deployments, EC2 images, Ansible deployments, etc., that can be used in the DCND account.
  10. No security group may be applied that violates network security boundaries, e.g. CA Private and CA Campus, unless otherwise approved by Standards and Architecture and the Director of Information Security.
  11. An approved RFC is required for any control allowing world exposure, including EC2 instances and s3 storage.
Revised by Jacob Gray
Last modified 2023-01-23 10:02:50 AM