labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: documentación completa y diagramas de arquitectura

Browse Source 
- Agregar DOCUMENTACION_CAMBIOS_COMPLETOS.md con todos los cambios realizados
- Crear diagrama-arquitectura-aws.excalidraw: Arquitectura completa AWS
- Crear diagrama-pipeline-cicd.excalidraw: Flujo CI/CD Bitbucket to AWS
- Crear diagrama-seguridad-acceso.excalidraw: Seguridad y métodos de acceso

Refs: Documentación Mayo 2026
This commit is contained in:
Evert Daniel Romero Garrido
2026-05-07 11:23:04 -06:00
parent aaa2c06c30
commit 720aac1e0d
4 changed files with 1464 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DOCUMENTACION_CAMBIOS_COMPLETOS.md
+245
View File
@@ -0,0 +1,245 @@
# 📋 Documentación Completa de Cambios - Proyectosacc PROD
> Fecha: Mayo 2026
> Ambiente: PRODUCCIÓN (AWS Account: 523761210517)
> Región: mx-central-1 (AWS México)
> Responsable: Área de Tecnología y Desarrollo - CCsoft
---
## 📌 Resumen Ejecutivo
Este documento consolida todos los cambios realizados a la infraestructura de proyectosacc en producción, incluyendo mejoras de seguridad, correcciones de Terraform, configuración de accesos, y solución de problemas de scheduling automatizado.
---
## 🎯 Alcance de los Cambios
### 1. 🔐 Seguridad SSH y Acceso
#### 1.1 Generación de Nueva Llave SSH
- **Archivo**: `keys/thoth_prod_key`
- **Tipo**: ED25519
- **Passphrase**: `fEbr9CoAlfllHDhocAbRo+aja+SW72a5`
- **Usuario**: `thoth`
- **Estado**: ✅ Instalada en EC2 PROD (78.13.201.205)
#### 1.2 Restricción de Acceso SSH
- **Antes**: Acceso abierto (`0.0.0.0/0`)
- **Después**: Acceso restringido (deshabilitado por defecto)
- **Variable**: `allowed_ssh_cidrs` configurable
- **Acceso alternativo**: AWS Systems Manager Session Manager
#### 1.3 AWS Systems Manager (Session Manager)
- **Estado**: ✅ Instalado y configurado en EC2
- **IAM Permissions**: ✅ Agregados a `proyectosacc-ec2-policy-prod`
- **Ventaja**: Acceso seguro sin abrir puertos SSH
---
### 2. 🏗️ Infraestructura Terraform
#### 2.1 Corrección de Backend S3
- **Problema**: Bucket incorrecto (`ccsoft-terraform-state`)
- **Solución**: Bucket correcto (`ccsoft-proyectosacc-terraform-state-prod`)
- **Lockfile**: Cambiado de `dynamodb_table` (deprecado) a `use_lockfile`
- **Región**: `mx-central-1` requiere Terraform 1.15.2+
#### 2.2 Importación de EC2 al Estado
- **Instancia**: `i-02428e733083ea877`
- **Estado**: Importada correctamente a Terraform state
- **AMI**: `ami-00665bcc521d597f1` (Ubuntu Server 22.04 LTS)
#### 2.3 Lifecycle Rules - Protección Anti-Destrucción
| Recurso | Protección | Detalle |
|---------|-----------|---------|
| VPC | prevent_destroy | ✅ No se puede destruir |
| EC2 | prevent_destroy + ignore_changes | ✅ AMI, user_data, tags scheduling |
| RDS | prevent_destroy + ignore_changes | ✅ Tags scheduling |
| S3 Frontend | prevent_destroy | ✅ No se puede destruir |
| S3 Artifacts | prevent_destroy | ✅ No se puede destruir |
| CloudFront | prevent_destroy | ✅ No se puede destruir |
| NAT Gateway | prevent_destroy | ✅ No se puede destruir |
#### 2.4 Variables Corregidas
- **Key Name**: `sacc-prod-key-2026` (antes `ccsoft-prod-key`)
- **AMI**: Actualizada para coincidir con instancia existente
- **Tags Scheduling**: Preservados vía `ignore_changes`
---
### 3. 👤 Permisos de Usuario Thoth
#### 3.1 Configuración Sudo (NOPASSWD)
```bash
# Archivo: /etc/sudoers.d/thoth
# Permisos concedidos:
```
| Comando | Descripción |
|---------|-------------|
| `/bin/nano /etc/sacc4/sacc4.env` | Editar variables de entorno |
| `/bin/systemctl * api-sacc4-*.service` | Control de servicios API |
| `/bin/systemctl daemon-reload` | Recargar systemd |
| `/opt/sacc4/` | Control total del directorio |
| `/bin/chmod`, `/bin/chown` | Permisos de archivos |
#### 3.2 Acceso SSH
- **Llave**: `thoth_prod_key` (ED25519 con passphrase)
- **Comando con passphrase**:
```bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/thoth_prod_key
ssh -i ~/.ssh/thoth_prod_key thoth@78.13.201.205
```
---
### 4. ⏰ Scheduling Automatizado (Lambda START/STOP)
#### 4.1 Problema Original
- **Fecha**: 2026-05-06 19:00:42 UTC
- **Error**: `InvalidDBInstanceState` - RDS no estaba detenida
- **Causa**: Lambda intentó iniciar RDS que ya estaba corriendo
#### 4.2 Solución Implementada
**Lambda START** (`sacc4-start-instances`):
- ✅ Valida estado EC2 antes de iniciar (debe estar `stopped`)
- ✅ Valida estado RDS antes de iniciar (debe estar `stopped`)
- ✅ Logs claros: indica estado actual y acción tomada
- ✅ Campos de resultado: `ec2_skipped`, `rds_skipped`
**Lambda STOP** (`sacc4-stop-instances`):
- ✅ Valida estado EC2 antes de detener (debe estar `running`)
- ✅ Valida estado RDS antes de detener (debe estar `available`)
- ✅ Logs claros: indica estado actual y acción tomada
#### 4.3 Horarios Configurados
| Acción | Hora CDMX | Hora UTC | Días | Estado |
|--------|-----------|----------|------|--------|
| START | 08:00 AM | 13:00 | Lunes-Viernes | ✅ ENABLED |
| STOP | 07:00 PM | 00:00 | Martes-Sábado | ✅ ENABLED |
---
### 5. 🔄 Pipeline Bitbucket (CI/CD)
#### 5.1 Cambios en `bitbucket-pipelines.yml`
- **OIDC**: ✅ Configurado para autenticación AWS sin credenciales manuales
- **Script**: `aws-oidc-setup.sh` gestiona credenciales temporales automáticamente
- **Variables**: Agregado soporte para passphrase SSH
- **Steps**: Expandido de 7 a 9 pasos con validaciones
#### 5.2 PR #3 Fusionado
- **Branch**: `feature/ssh-passphrase-dev` → `developer`
- **Status**: ✅ MERGED
- **Archivos**: 13 archivos, +1,693 líneas
- **Cambios clave**:
- Soporte passphrase SSH
- Terraform lifecycle rules
- Sudo configuration para thoth
- Session Manager support
---
### 6. ☁️ Estado Actual de Infraestructura AWS
#### 6.1 Recursos Activos
| Servicio | ID/Endpoint | Estado | IP/URL |
|----------|-------------|--------|--------|
| **EC2** | i-02428e733083ea877 | running | 78.13.201.205 |
| **RDS** | proyectosacc-db-prod | available | proyectosacc-db-prod.c3uysq6uyyx0.mx-central-1.rds.amazonaws.com |
| **NAT Gateway** | nat-0d010c53e7583d761 | available | 78.13.177.201 |
| **S3 Frontend** | ccsoft-proyectosacc-frontend-prod | ✅ | — |
| **S3 Artifacts** | ccsoft-proyectosacc-artifacts-prod | ✅ | — |
| **CloudFront** | E35SPB389PFV1J | Deployed | d46pni5e2nvua.cloudfront.net |
| **Lambda START** | sacc4-start-instances | ✅ | Versión 2 |
| **Lambda STOP** | sacc4-stop-instances | ✅ | Versión 2 |
| **VPC** | vpc-0ed9acf33a45527ad | available | 10.2.0.0/16 |
#### 6.2 Validación de Duplicados
| Recurso | Cantidad | ¿Duplicado? |
|---------|----------|-------------|
| EC2 Instances | 1 | ✅ No |
| RDS Instances | 1 | ✅ No |
| NAT Gateways | 1 | ✅ No |
| Elastic IPs | 2 (1 NAT, 1 EC2) | ✅ No |
| Load Balancers | 0 | ✅ No |
| Lambda Functions | 2 | ✅ No |
| EventBridge Rules | 2 | ✅ No |
| CloudFront Distributions | 1 | ✅ No |
---
### 7. 🔑 Gestión de Credenciales AWS
#### 7.1 SSO Configurado (Recomendado)
```bash
# Perfil: proyectosacc-sso
aws sso login --profile proyectosacc-sso
```
- **URL**: https://d-9067a6e1d5.awsapps.com/start
- **Rol**: PER-AWS-Admins-Infra-Ops
- **Cuenta**: 523761210517
#### 7.2 Pipeline Bitbucket (Automático)
- **Método**: OIDC (OpenID Connect)
- **Script**: `scripts/aws-oidc-setup.sh`
- **Duración**: 3600 segundos (1 hora)
- **NO requiere credenciales manuales**
#### 7.3 Credenciales Temporales (Legacy)
- **Perfil**: `proyectosacc-temp` en `~/.aws/credentials`
- **Nota**: Caducan rápidamente, usar SSO como alternativa
---
### 8. 📁 Archivos Clave Modificados
| Archivo | Cambio | Ruta |
|---------|--------|------|
| `backend.tf` | Bucket S3 corregido | `terraform/backend.tf` |
| `main.tf` | Lifecycle rules + recursos | `terraform/main.tf` |
| `variables.tf` | Variables nuevas | `terraform/variables.tf` |
| `user-data.sh` | Sudo config para thoth | `terraform/user-data.sh` |
| `bitbucket-pipelines.yml` | OIDC + passphrase | raíz |
| `aws-oidc-setup.sh` | Setup de credenciales | `scripts/aws-oidc-setup.sh` |
| `lambda-scheduler` | Validación de estado | `terraform-sacc4/modules/lambda-scheduler/` |
---
### 9. ✅ Checklist de Verificación
- [x] Llave SSH con passphrase generada e instalada
- [x] Terraform backend corregido y funcional
- [x] EC2 importada al estado de Terraform
- [x] Lifecycle prevent_destroy agregado
- [x] Permisos sudo configurados para thoth
- [x] Session Manager habilitado
- [x] Lambdas START/STOP corregidas y desplegadas
- [x] EventBridge rules configuradas
- [x] Pipeline Bitbucket con OIDC
- [x] No hay recursos duplicados
- [x] AWS SSO configurado localmente
- [x] Terraform apply exitoso (2 creados, 5 modificados, 0 destruidos)
---
### 10. 🚨 Notas Importantes
1. **NO ejecutar `terraform destroy`** — los recursos críticos tienen `prevent_destroy`
2. **Las credenciales temporales caducan** — usar `aws sso login` para renovar
3. **Las Lambdas ahora validan estado** — no fallarán por estados inválidos
4. **El scheduling es L-V** — fines de semana no hay acciones automáticas
5. **Backup de estado Terraform** — se mantiene en S3 con versionado
---
*Documento generado automáticamente - Cómputo Contable Soft SA de CV*
diagrama-arquitectura-aws.excalidraw
+394
View File
@@ -0,0 +1,394 @@
{
"type": "excalidraw",
"version": 2,
"source": "https://excalidraw.com",
"elements": [
{
"id": "title",
"type": "text",
"x": 400,
"y": 30,
"width": 500,
"height": 40,
"text": "Arquitectura AWS - Proyectosacc PROD",
"fontSize": 28,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "users",
"type": "rectangle",
"x": 50,
"y": 150,
"width": 150,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "users_text",
"type": "text",
"x": 60,
"y": 170,
"width": 130,
"height": 40,
"text": "Usuarios\\n(Internet)",
"fontSize": 16,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "route53",
"type": "rectangle",
"x": 300,
"y": 150,
"width": 150,
"height": 80,
"backgroundColor": "#fff3bf",
"strokeColor": "#f08c00",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "route53_text",
"type": "text",
"x": 310,
"y": 165,
"width": 130,
"height": 50,
"text": "Route 53\\nprod-sacc.ccsoft.mx",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "cloudfront",
"type": "rectangle",
"x": 550,
"y": 150,
"width": 180,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "cloudfront_text",
"type": "text",
"x": 560,
"y": 165,
"width": 160,
"height": 50,
"text": "CloudFront CDN\\nE35SPB389PFV1J",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "s3_frontend",
"type": "rectangle",
"x": 550,
"y": 300,
"width": 180,
"height": 80,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "s3_frontend_text",
"type": "text",
"x": 560,
"y": 310,
"width": 160,
"height": 60,
"text": "S3 Frontend\\nccsoft-proyectosacc\\n-frontend-prod",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "ec2",
"type": "rectangle",
"x": 800,
"y": 150,
"width": 200,
"height": 100,
"backgroundColor": "#ffe0e0",
"strokeColor": "#c92a2a",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "ec2_text",
"type": "text",
"x": 810,
"y": 160,
"width": 180,
"height": 80,
"text": "EC2 API Backend\\ni-02428e733083ea877\\n78.13.201.205\\nt3.small",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "rds",
"type": "rectangle",
"x": 800,
"y": 300,
"width": 200,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "rds_text",
"type": "text",
"x": 810,
"y": 310,
"width": 180,
"height": 60,
"text": "RDS MariaDB\\nproyectosacc-db-prod\\ndb.t3.micro",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "s3_artifacts",
"type": "rectangle",
"x": 550,
"y": 420,
"width": 180,
"height": 80,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "s3_artifacts_text",
"type": "text",
"x": 560,
"y": 430,
"width": 160,
"height": 60,
"text": "S3 Artifacts\\nccsoft-proyectosacc\\n-artifacts-prod",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "lambda_start",
"type": "rectangle",
"x": 300,
"y": 300,
"width": 150,
"height": 60,
"backgroundColor": "#ffd43b",
"strokeColor": "#e67700",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "lambda_start_text",
"type": "text",
"x": 310,
"y": 310,
"width": 130,
"height": 40,
"text": "Lambda START\\n8:00 AM L-V",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "lambda_stop",
"type": "rectangle",
"x": 300,
"y": 380,
"width": 150,
"height": 60,
"backgroundColor": "#ffd43b",
"strokeColor": "#e67700",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "lambda_stop_text",
"type": "text",
"x": 310,
"y": 390,
"width": 130,
"height": 40,
"text": "Lambda STOP\\n7:00 PM L-V",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "eventbridge",
"type": "rectangle",
"x": 50,
"y": 330,
"width": 150,
"height": 80,
"backgroundColor": "#f3d9fa",
"strokeColor": "#862e9c",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "eventbridge_text",
"type": "text",
"x": 60,
"y": 340,
"width": 130,
"height": 60,
"text": "EventBridge\\nScheduler\\ncron L-V",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "arrow1",
"type": "arrow",
"x": 200,
"y": 190,
"points": [[0,0], [100,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow2",
"type": "arrow",
"x": 450,
"y": 190,
"points": [[0,0], [100,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow3",
"type": "arrow",
"x": 730,
"y": 190,
"points": [[0,0], [70,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow4",
"type": "arrow",
"x": 900,
"y": 250,
"points": [[0,0], [0,50]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow5",
"type": "arrow",
"x": 640,
"y": 230,
"points": [[0,0], [0,70]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow6",
"type": "arrow",
"x": 640,
"y": 380,
"points": [[0,0], [0,40]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow7",
"type": "arrow",
"x": 200,
"y": 370,
"points": [[0,0], [100,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow8",
"type": "arrow",
"x": 450,
"y": 330,
"points": [[0,0], [100,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow9",
"type": "arrow",
"x": 450,
"y": 410,
"points": [[0,0], [100,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "vpc_box",
"type": "rectangle",
"x": 750,
"y": 120,
"width": 300,
"height": 300,
"backgroundColor": "transparent",
"strokeColor": "#495057",
"strokeWidth": 1,
"fillStyle": "hachure",
"roughness": 1
},
{
"id": "vpc_label",
"type": "text",
"x": 850,
"y": 125,
"width": 100,
"height": 20,
"text": "VPC 10.2.0.0/16",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#495057",
"backgroundColor": "transparent"
}
],
"appState": {
"viewBackgroundColor": "#ffffff",
"gridSize": 20
},
"files": {}
}
diagrama-pipeline-cicd.excalidraw
+431
View File
@@ -0,0 +1,431 @@
{
"type": "excalidraw",
"version": 2,
"source": "https://excalidraw.com",
"elements": [
{
"id": "title",
"type": "text",
"x": 300,
"y": 20,
"width": 600,
"height": 40,
"text": "Pipeline CI/CD - Bitbucket to AWS PROD",
"fontSize": 28,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "dev_branch",
"type": "rectangle",
"x": 50,
"y": 120,
"width": 140,
"height": 60,
"backgroundColor": "#a5d8ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "dev_branch_text",
"type": "text",
"x": 60,
"y": 130,
"width": 120,
"height": 40,
"text": "Branch\\ndeveloper",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step1",
"type": "rectangle",
"x": 250,
"y": 120,
"width": 140,
"height": 60,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step1_text",
"type": "text",
"x": 260,
"y": 135,
"width": 120,
"height": 30,
"text": "01_image-setup",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step2",
"type": "rectangle",
"x": 450,
"y": 120,
"width": 140,
"height": 60,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step2_text",
"type": "text",
"x": 460,
"y": 135,
"width": 120,
"height": 30,
"text": "02_repo-config",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step3",
"type": "rectangle",
"x": 650,
"y": 120,
"width": 140,
"height": 60,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step3_text",
"type": "text",
"x": 660,
"y": 135,
"width": 120,
"height": 30,
"text": "03_deps",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step4",
"type": "rectangle",
"x": 850,
"y": 120,
"width": 140,
"height": 60,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step4_text",
"type": "text",
"x": 860,
"y": 135,
"width": 120,
"height": 30,
"text": "04_build",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step5",
"type": "rectangle",
"x": 250,
"y": 220,
"width": 140,
"height": 60,
"backgroundColor": "#fff3bf",
"strokeColor": "#f08c00",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step5_text",
"type": "text",
"x": 260,
"y": 235,
"width": 120,
"height": 30,
"text": "05_publish",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step6",
"type": "rectangle",
"x": 450,
"y": 220,
"width": 140,
"height": 60,
"backgroundColor": "#fff3bf",
"strokeColor": "#f08c00",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step6_text",
"type": "text",
"x": 460,
"y": 235,
"width": 120,
"height": 30,
"text": "06_install",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "step7",
"type": "rectangle",
"x": 650,
"y": 220,
"width": 140,
"height": 60,
"backgroundColor": "#ffd43b",
"strokeColor": "#e67700",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "step7_text",
"type": "text",
"x": 660,
"y": 235,
"width": 120,
"height": 30,
"text": "07_deploy",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "oidc",
"type": "rectangle",
"x": 850,
"y": 220,
"width": 180,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "oidc_text",
"type": "text",
"x": 860,
"y": 235,
"width": 160,
"height": 50,
"text": "AWS OIDC\\nAuth automática",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "aws_prod",
"type": "rectangle",
"x": 650,
"y": 340,
"width": 200,
"height": 100,
"backgroundColor": "#ffe0e0",
"strokeColor": "#c92a2a",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "aws_prod_text",
"type": "text",
"x": 660,
"y": 350,
"width": 180,
"height": 80,
"text": "AWS PROD\\nmx-central-1\\nAccount: 523761210517",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "master_branch",
"type": "rectangle",
"x": 50,
"y": 340,
"width": 140,
"height": 60,
"backgroundColor": "#ffc9c9",
"strokeColor": "#c92a2a",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "master_branch_text",
"type": "text",
"x": 60,
"y": 350,
"width": 120,
"height": 40,
"text": "Branch\\nmaster (PROD)",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "merge_arrow",
"type": "arrow",
"x": 120,
"y": 180,
"points": [[0,0], [0,160]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "merge_label",
"type": "text",
"x": 130,
"y": 240,
"width": 100,
"height": 20,
"text": "Merge PR",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "left",
"strokeColor": "#495057",
"backgroundColor": "transparent"
},
{
"id": "arrow_dev_step1",
"type": "arrow",
"x": 190,
"y": 150,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s1_s2",
"type": "arrow",
"x": 390,
"y": 150,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s2_s3",
"type": "arrow",
"x": 590,
"y": 150,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s3_s4",
"type": "arrow",
"x": 790,
"y": 150,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s4_s5",
"type": "arrow",
"x": 920,
"y": 180,
"points": [[0,0], [0,40], [-570,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s5_s6",
"type": "arrow",
"x": 390,
"y": 250,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s6_s7",
"type": "arrow",
"x": 590,
"y": 250,
"points": [[0,0], [60,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_s7_aws",
"type": "arrow",
"x": 750,
"y": 280,
"points": [[0,0], [0,60]],
"strokeColor": "#c92a2a",
"strokeWidth": 3
},
{
"id": "arrow_oidc_aws",
"type": "arrow",
"x": 940,
"y": 300,
"points": [[0,0], [0,40], [-90,0]],
"strokeColor": "#1971c2",
"strokeWidth": 2,
"strokeStyle": "dashed"
},
{
"id": "legend",
"type": "text",
"x": 50,
"y": 450,
"width": 400,
"height": 120,
"text": "Leyenda:\\n🟦 Azul: Código/branch\\n🟩 Verde: Build steps\\n🟨 Amarillo: Deploy steps\\n🟥 Rojo: Producción/AWS",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "left",
"strokeColor": "#495057",
"backgroundColor": "transparent"
}
],
"appState": {
"viewBackgroundColor": "#ffffff",
"gridSize": 20
},
"files": {}
}
diagrama-seguridad-acceso.excalidraw
+394
View File
@@ -0,0 +1,394 @@
{
"type": "excalidraw",
"version": 2,
"source": "https://excalidraw.com",
"elements": [
{
"id": "title",
"type": "text",
"x": 300,
"y": 20,
"width": 600,
"height": 40,
"text": "Seguridad y Acceso - Proyectosacc PROD",
"fontSize": 28,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "internet",
"type": "ellipse",
"x": 50,
"y": 120,
"width": 120,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "internet_text",
"type": "text",
"x": 60,
"y": 140,
"width": 100,
"height": 40,
"text": "Internet",
"fontSize": 16,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "cloudfront_box",
"type": "rectangle",
"x": 250,
"y": 120,
"width": 160,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "cloudfront_text",
"type": "text",
"x": 260,
"y": 135,
"width": 140,
"height": 50,
"text": "CloudFront\\nCDN + WAF",
"fontSize": 14,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "ssh_restricted",
"type": "rectangle",
"x": 250,
"y": 250,
"width": 160,
"height": 80,
"backgroundColor": "#ffc9c9",
"strokeColor": "#c92a2a",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "ssh_restricted_text",
"type": "text",
"x": 260,
"y": 260,
"width": 140,
"height": 60,
"text": "SSH Restringido\\nSolo México IPs\\nPassphrase req.",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#c92a2a",
"backgroundColor": "transparent"
},
{
"id": "session_manager",
"type": "rectangle",
"x": 450,
"y": 250,
"width": 160,
"height": 80,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "session_manager_text",
"type": "text",
"x": 460,
"y": 260,
"width": 140,
"height": 60,
"text": "Session Manager\\nAWS Systems\\nManager",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#2b8a3e",
"backgroundColor": "transparent"
},
{
"id": "ec2_server",
"type": "rectangle",
"x": 680,
"y": 120,
"width": 200,
"height": 120,
"backgroundColor": "#fff3bf",
"strokeColor": "#f08c00",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "ec2_server_text",
"type": "text",
"x": 690,
"y": 130,
"width": 180,
"height": 100,
"text": "EC2 PROD\\ni-02428e733083ea877\\n78.13.201.205\\nUsuario: thoth\\nSudo: NOPASSWD",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "rds_db",
"type": "rectangle",
"x": 680,
"y": 300,
"width": 200,
"height": 80,
"backgroundColor": "#e7f5ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "rds_db_text",
"type": "text",
"x": 690,
"y": 310,
"width": 180,
"height": 60,
"text": "RDS MariaDB\\nproyectosacc-db-prod\\nEncrypted + Backup",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "security_group",
"type": "rectangle",
"x": 930,
"y": 120,
"width": 180,
"height": 100,
"backgroundColor": "#f3d9fa",
"strokeColor": "#862e9c",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "security_group_text",
"type": "text",
"x": 940,
"y": 130,
"width": 160,
"height": 80,
"text": "Security Groups\\n✓ Puerto 80/443\\n✓ Puerto 8080-8085\\n✗ SSH 0.0.0.0/0",
"fontSize": 11,
"fontFamily": 5,
"textAlign": "left",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "iam_role",
"type": "rectangle",
"x": 930,
"y": 250,
"width": 180,
"height": 80,
"backgroundColor": "#ffd43b",
"strokeColor": "#e67700",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "iam_role_text",
"type": "text",
"x": 940,
"y": 260,
"width": 160,
"height": 60,
"text": "IAM Roles\\nEC2 Role\\nSSM Permissions\\nS3 Access",
"fontSize": 11,
"fontFamily": 5,
"textAlign": "left",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "bitbucket_pipeline",
"type": "rectangle",
"x": 50,
"y": 400,
"width": 180,
"height": 80,
"backgroundColor": "#a5d8ff",
"strokeColor": "#1971c2",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "bitbucket_pipeline_text",
"type": "text",
"x": 60,
"y": 410,
"width": 160,
"height": 60,
"text": "Bitbucket Pipeline\\nOIDC Auth\\nAuto-deploy",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent"
},
{
"id": "oidc_auth",
"type": "rectangle",
"x": 300,
"y": 400,
"width": 160,
"height": 80,
"backgroundColor": "#d3f9d8",
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"fillStyle": "solid"
},
{
"id": "oidc_auth_text",
"type": "text",
"x": 310,
"y": 410,
"width": 140,
"height": 60,
"text": "AWS SSO/OIDC\\nNo credentials\\nAutomatic",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#2b8a3e",
"backgroundColor": "transparent"
},
{
"id": "arrow_internet_cf",
"type": "arrow",
"x": 170,
"y": 160,
"points": [[0,0], [80,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_cf_ec2",
"type": "arrow",
"x": 410,
"y": 160,
"points": [[0,0], [70,0]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_ssh_ec2",
"type": "arrow",
"x": 410,
"y": 290,
"points": [[0,0], [270,0]],
"strokeColor": "#c92a2a",
"strokeWidth": 2,
"strokeStyle": "dashed"
},
{
"id": "arrow_ssm_ec2",
"type": "arrow",
"x": 610,
"y": 290,
"points": [[0,0], [70,0]],
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"strokeStyle": "dashed"
},
{
"id": "arrow_ec2_rds",
"type": "arrow",
"x": 780,
"y": 240,
"points": [[0,0], [0,60]],
"strokeColor": "#495057",
"strokeWidth": 2
},
{
"id": "arrow_bb_oidc",
"type": "arrow",
"x": 230,
"y": 440,
"points": [[0,0], [70,0]],
"strokeColor": "#2b8a3e",
"strokeWidth": 2
},
{
"id": "arrow_oidc_aws",
"type": "arrow",
"x": 460,
"y": 440,
"points": [[0,0], [220,0]],
"strokeColor": "#2b8a3e",
"strokeWidth": 2,
"strokeStyle": "dashed"
},
{
"id": "prevent_destroy_label",
"type": "text",
"x": 680,
"y": 420,
"width": 200,
"height": 60,
"text": "🛡️ Lifecycle:\\nprevent_destroy = true",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#2b8a3e",
"backgroundColor": "transparent"
},
{
"id": "ssh_label",
"type": "text",
"x": 330,
"y": 340,
"width": 200,
"height": 30,
"text": "❌ Cerrado por defecto",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#c92a2a",
"backgroundColor": "transparent"
},
{
"id": "ssm_label",
"type": "text",
"x": 520,
"y": 340,
"width": 200,
"height": 30,
"text": "✅ Acceso recomendado",
"fontSize": 12,
"fontFamily": 5,
"textAlign": "center",
"strokeColor": "#2b8a3e",
"backgroundColor": "transparent"
}
],
"appState": {
"viewBackgroundColor": "#ffffff",
"gridSize": 20
},
"files": {}
}