labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(terraform): agregar permisos sudo para thoth y mejorar seguridad

Browse Source 
- Configurar permisos sudo completos para usuario thoth:
  * Editar /etc/sacc4/sacc4.env
  * Gestionar servicios api-sacc4-*.service
  * Editar archivos systemd
  * Control total de /opt/sacc4
- Eliminar acceso SSH abierto (0.0.0.0/0)
- Agregar soporte AWS Systems Manager Session Manager
- Actualizar llave SSH a sacc-prod-key-2026
- Preservar tags de scheduling (AutoStart/AutoStop) en EC2 y RDS
- Agregar variable allowed_ssh_cidrs para acceso de emergencia

BREAKING CHANGE: SSH restringido, usar Session Manager como acceso principal
This commit is contained in:
Evert Daniel Romero Garrido
2026-05-07 09:44:44 -06:00
parent 2e3627fb66
commit 7e0c764f3f
5 changed files with 210 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
terraform/environments/prod.tfvars
+4 -2
View File
@@ -13,8 +13,10 @@ aws_region = "mx-central-1"
vpc_cidr = "10.2.0.0/16"
availability_zones = ["mx-central-1a", "mx-central-1b"]
ec2_instance_type = "t3.small"
ec2_key_name = "ccsoft-prod-key"
pipeline_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQCNFOzDJzaOMDIeEbH4JCx2OrXrgljajgkJqlozj9m bitbucket.pipeline.ci.cd.proyectosacc.thoth@computocontable.com"
ec2_ami = "ami-0f553e2869648134e"
ec2_key_name = "sacc-prod-key-2026"
ec2_root_volume_size = 8
pipeline_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/RcJmEYOBpfq1tSLltV1pyNB55l1jA2zYr5ZNJ0f41 thoth@ccsoft"
db_instance_class = "db.t3.micro"
db_name = "sacc_db_prod"
db_username = "sacc_admin_prod"