Administrators who are granted access to the Office of Information Technologies AWS data center must follow this standard. Any administrator who violates the rules of this standard without the written approval of the Director of Information Security may have their access revoked indefinitely.

1. Administrators must follow Notre Dame’s Data Center Network Access Standard
2. Production services may only be hosted in the DCND account unless otherwise approved by Standards and Architecture.
3. Production services must be designated as “Production” either by tag, naming convention, or other means.
4. The “Production” designation may only be applied or removed with an approved RFC.
5. An approved RFC is required for all changes to production services.
6. An approved RFC is required for all access to sensitive data.
7. Sensitive and highly sensitive data may only be stored or accessed in the DCND account unless approved by Standards and Architecture.
8. The IaaS Governance Committee and the Director of Information Security approve all AWS products and vendor products used in the DCND account.
9. The Platforms Manager approves all OS deployments, EC2 images, Ansible deployments, etc., that can be used in the DCND account.
10. No security group may be applied that violates network security boundaries, e.g. CA Private and CA Campus, unless otherwise approved by Standards and Architecture and the Director of Information Security.
11. An approved RFC is required for any control allowing world exposure, including EC2 instances and s3 storage.