Security Realm Labels and Tags
This handbook section defines the latest iteration of infrastructure standards for AWS and GCP across all departments and groups at GitLab.
Security Realm
This realm is for the engineering security team to deploy shared and team-specific infrastructure resources.
Quick links
- Global infrastructure standards
- Global labels and tags
- Infrastructure policies
- Infrastructure helpdesk
Overview
This realm is for the engineering security team to deploy shared and team-specific infrastructure resources.
Future Iteration with Engineering Infrastructure Handbook Pages
The Engineering Infrastructure Environments handbook page is the current SSOT for environments. As the WIP initiative to iterate on our company-wide infrastructure standards evolves, the Engineering Infrastructure pages will be refactored incrementally as the standards are documented, implemented, and changes to environments take place.
Access requests
To request access to a group, please see group access request tutorial.
For email authenticity security reasons, only GitLab issues or Slack messages to owners or counterparts are allowed for infrastructure requests.
Realm Owners
| Name | GitLab.com Handle | Group Role | Job Title |
|---|---|---|---|
| Marco Lancini | mlancini |
Owner | Staff Security Engineer - Infrastructure |
| Paulo Martins | pmartinsgl |
Counterpart | Senior Security Engineer - Infrastructure |
| James Ritchey | jritchey |
Counterpart | Sr. Manager, Product Security |
Realm labels and tags
The global labels/tags and realm labels/tags should be applied to each resource.
Realm Groups
Each gl_dept_group has a shared GCP project and/or AWS account for group members.
If a group has not been implemented yet, please contact the realm owner for assistance. After a group is implemented, a separate handbook page is created with usage documentation.
| Group Name (AWS Account/GCP Project Name) | Usage Documentation (Empty cells are not implemented yet) |
|---|---|
eng-security-shared-infra |
|
eng-security-shared-services |
|
eng-security-ops-red |
|
eng-security-ops-incident-response |
|
eng-security-ops-trust-safety |
|
eng-security-risk-compliance |
|
eng-security-eng-app-sec |
|
eng-security-eng-automation |
|
eng-security-eng-research |
Usage guidelines
This is a placeholder for the realm owner to provide instructions on best practices and usage guidelines for this infrastructure.
Last modified February 21, 2024: Remove ex employee, Joe Dubail, from handbook (
1a7a7f90)
