egress proxy

[jadudm]

Problem

For security, we do not allow our app to talk the world casually.

We need to restrict where and how our application talks to the world. For this, we use an egress proxy.

How did we discover this problem?

This is basic application security.

What are we planning to do about it?

The Federal Audit Clearinghouse has a nice example of how they did this in their Terraform. We will want to do the same, but we will also want to think about generating the list of allowed domains from our host configuration. That is, we want to drive the allowed hosts list for our crawler based on the list of domains we are crawling, so we allow only those and no more.

What are we not planning to do about it?

We have to have this.

How will we measure success?

Tasks

Preview Give feedback

1. Add egress proxy via Terraform
2. Generate allow lists from crawl configuration
3. Add tests that confirm, in production, that the proxy works.

For the last, we can add code to admin (perhaps) that checks if it can talk to things (it shouldn't be able to). If those attempt fail, we continue running. If those attempts succeed, we can crash the app.

This could be a common module, so all the services attempt to talk to something they shouldn't, and in doing so, make sure we're always compliant in production (or we crash otherwise).