Securing Infrastructure
Lead: erickt
Chat: WG-infra-secure

Getting started

The best way to start is to read this document, then join the chat and say hello! We’ll help you from there.

Background

Rust has a lot of infrastructure to support our goals. Most visible are https://rust-lang.org, https://crates.io, and https://play.rust-lang.org, but behind that is a substantial amount of tooling to support development. This project is to build out a simple and secure foundation, and migrate tooling over to use it.

We would love help hardening our infrastructure, but given the sensitive nature of this project, the repository work is currently being done in a private repository. Rather than tracking issues through tickets, work will be described here.

You can find some more general information about our current infrastructure here.

Please reach out to us on the chat if you want to help!

Goals

By the end of the impl period, we should:
  • Recruit an InfoSec team to advise on security practices.
  • Have dedicated production and developer environments to reduce attack surfaces and accidents.
  • Document and educate the infrastructure team on secure processes.

Open work items

  • Infrastructure-in-Code:
  • Finish setting up the dev environment.
  • Encode the production environment.
  • Encode crates.io’s infrastructure in code.
  • Encode crater’s infrastructure in code.
  • Move crater into the dev environment.
  • Encode play.rust-lang.org into code.
  • Audit and isolate play from the rest of the infrastructure.
  • Consider move to ECS
  • Review and remove where possible any roles delegated to play infrastructure
  • Review and audit any infrastructure that produces binary builds
  • Disaster Recovery:
  • Setup offline backups for the crates ecosystem.
  • Documentation:
  • Identify all the secrets used in the infrastructure.
  • Operational:
  • Audit access and permissions in all the cloud infrastructure.
  • AWS Specific: Apply privileges to individual accounts with IAM Roles (leverages STS)
  • AWS Specific: Discuss practices for root account access with root account holder
  • Rotate the secrets for good measure, and setup rotation to happen on a regular schedule.
  • Setup Datadog monitoring to monitor the health of the infrastructure.
  • Process:
  • Document how to onboard and offboard access.
  • Investigate auditing solutions.
  • AWS Specific: CloudTrail
  • crates.io tasks
  • rate and size limits - all public APIs for crates.io should have rate and size limits, to avoid denial-of-service attacks and

Completed work items

  • None yet!

Raw Notes from Chat