

Your Atlassian Cloud (YAC) - Security

Available comands include:

  yac security (-h | primer)

-h provides api help
primer will display this page

In order to use YAC effectively and securely, you need to have your security act together.

YAC security cornerstones include:

* your AWS credentials file
* the SSL cert for your app
# the IAM role for your app
* the private/public key pair for your app's EC2 instances

# AWS Credentials

The aws credentials file allows you to manipulate aws apis from the cli. You must have a file in place to use YAC. Google "AWS CLI Credentials"

# SSL Certificates

Each of your yac apps will be auto-configured behind an ELB with SSL terminated at the ELB.

Before you can build an yac stack, you must first have a SSL certificate loaded ito your AWS VPC.

Best practices include:
* purchase a cert from a real CA (avoid browser security exceptions), and
* purchase a wildcard cert that can be used by all of your yac apps, and
* include the full cert chain in your cert

Certs can be uploaded into your AWS VPC using the *aws iam upload-server-certificate" command

Once uploaded, ssl certs must be configured in yac as follows:
* a wildcard cert should be configured in your naming standards file, whereas
* an app-specific cert should be configured via *yac stack -v* options or via a *yac stack --myapp* file

# IAM role

Each EC2 instance in a yac stack requires access to:
* S3 (for configuration files and backups), and
* Cloud Watch (for metrics and log aggregation), and
* ECS (for container orchestration)

Best practices include:
* creating a single IAM role for all yac apps, or
* creating a separate IAM for each yac app

Once in place, IAM roles can be configure in yac as follows:
* a single IAM role can be configured in your naming standards file, whereas
* an app-specific IAM role should be configured via *yac stack -v* options or via a *yac stack --myapp* file 

A suitable iam policy for yac is available on yac docs site.

# Private/Public Key pair for your app's EC2 instances

Each EC2 instance in your stack requires an key for ssh access.

Best practices include:
* creating a single key pair for all yac apps, or
* creating a separate key pair for each yac app

Once in place, key pairs can be configure in yac as follows:
* a single key pair can be configured in your naming standards file, whereas
* an app-specific key pair should be configured via *yac stack -v* options or via a *yac stack --myapp* file 
