-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BFD-Insights initial PR #257
Conversation
- prod-lake - groups - common modules - docs
- foodtruck - new database/table/ organizatoin
- timestamp format in purchases - Analysts permissions - Documentation in organization
- Sarah Tully as an author - Adjusted permissions for readers and authors
- one bucket per project - group and cross-account policies per bucket - Update of documentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking really good, just an informational question: now that there are separate project buckets, but also a data lake bucket, what are the delineation for their uses? Project buckets for the databases, and data lake bucket for user queries/scripts?
@njdister Project buckets will contain the raw logs from the projects. They may also contain aggregations that are project-specific. The main data lake bucket will contain common aggregations (which there are none right now). From a security perspective, the project buckets are the entry-points for the project. The data-lake bucket is not accessible by the partners. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed additional documentation and diagrams, great work. 🎉
@RickHawesUSDS A good way to improve package manager level security is to utilize the pip-tools hash-checking feature. I think this should be added to this project. Maybe as a backlog item. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've read through the related confluence documentation and this PR several times. This makes sense to me and is well thought out. It looks like a great base implementation. I'm looking forward to helping with related BB2 tasks!
Great work on this PR and project design!
Why
The basic idea behind the BFD-Insights project is listed here. https://confluence.cms.gov/display/BB/Business+and+Security+Analytics+for+DASG
What
This is the initial check-in for bfd-insights. It creates the basic terraform for the project. As an example workflow, a food truck project.
See the
doc
folder for details.Choices Made
insights
top-level folderFuture Work
The choice of terraform leads to thinking that GitHub actions will be used for deploys.