Create a new S3 bucket for securely storing un-anonymised database dumps #3652
Description
User Need
As a platform engineer
I want a place to store database dumps that have yet to be anonymised,
which is adequately secured against humans and machines reading the files,
so that I can be confident I can store the data without third-parties and other processes getting access to it
Context
In the parent epic, we're going to move the anonymisation process to run in production. We don't want any interruptions in backups and restores, but in future we'll need the raw production dumps to be inaccessible to every other system.
We create the S3 bucket to store them ahead of time for two reasons
- So the story to change where anonymisation happens doesn't end up with a huge scope
- So that we can write anonymised dumps to the same place that staging currently reads from
What’s Needed
List anything the solution must do or be (behaviour, performance, security, UX, etc.).
- A new S3 bucket with an appropriate level of access and retention rules
Acceptance Criteria
Clear, measurable conditions to verify the story is complete and valuable.
- A new S3 bucket exists in production for storing raw database dumps
- The bucket has a policy which allows writing exclusively from the IAM role involved in backups
- The bucket has a policy which allows reads exclusively from the IAM role involved in backups, and the
fulladminroles - The bucket has a lifecycle policy that deletes database dumps that are older than 30/60/90 days
Important
In refinement, decide if fulladmin should be able to read, and the lifecycle policy