Description:
This policy ensures that development, test, and production environments are segregated. This is important for security, as it helps to prevent data from being accidentally or maliciously transferred between environments.
Rationale:
Data loss or corruption in a production environment can have a significant impact on an organization's business. By segregating development, test, and production environments, organizations can help to protect their data and ensure that it is only accessible to authorized users.
Impact:
The impact of ensuring that development, test, and production environments are segregated will vary depending on the specific organization. However, in general, this policy will help to improve the security of the organization's data and reduce the risk of data loss or corruption.
Default Value:
AWS will initially recommend that development, test, and production environments be segregated. However, organizations may choose to combine environments for certain projects or applications.
Pre-requisites:
To ensure that development, test, and production environments are segregated, the following pre-requisites must be met:
- The organization must have an AWS account.
- The organization must have the appropriate permissions to create and manage AWS resources.
- The organization must have a process for creating and managing development, test, and production environments.
Remediation Steps:
If development, test, and production environments are not segregated, the organization must take steps to remediate the issue. The remediation steps will vary depending on the specific situation.
Test Plan:
The organization should develop a test plan to verify that development, test, and production environments are segregated. The test plan should include steps to verify that data cannot be accidentally or maliciously transferred between environments.
Implementation Plan:
The organization should develop an implementation plan to ensure that development, test, and production environments are segregated. The implementation plan should include steps to create and manage development, test, and production environments, and to implement security controls to prevent data from being transferred between environments.
AWS CLI Process:
To ensure that development, test, and production environments are segregated using the AWS CLI, the following command can be used:
aws iam create-policy --policy-name "DevelopmentTestProductionSeparationPolicy" --policy-document file://policy.json
Using AWS GUI:
To ensure that development, test, and production environments are segregated using the AWS GUI, the following steps can be followed:
- Go to the AWS IAM console.
- Click on the "Policies" tab.
- Click on the "Create policy" button.
- Select the "JSON" tab.
- Paste the following policy document into the text box:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyDataTransferBetweenEnvironments", "Effect": "Deny", "Action": "s3:PutObject", "Resource": "*", "Condition": { "StringEquals": { "s3:Bucket": [ "dev-bucket", "test-bucket", "prod-bucket" ] } } } ] }
- Click on the "Create policy" button.
Backout Plan:
If the policy to ensure that development, test, and production environments are segregated is not working properly, the organization may need to back out of the policy. To do this, the organization can delete the policy.
Note:
- This policy is not intended to be a comprehensive guide to segregating development, test, and production environments. For more information, please refer to the AWS IAM documentation.
- This policy is subject to change.
Reference:
- AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Section 2:
- Tags and Keywords: development, test, production, segregation, security