Welcome to the Science Program's Pathfinder program! Here is a brief overview of what you need to know:
And some useful links:
The cloud tenants we operate are innovation sandboxes, and as such there's a few key tenets that we want to be very mindful of.
While we're happy to work with most people, there's a few things that we must follow, in order to keep our scope as tight as possible.
All pathfinders are organized into an application cloud landing zone which provide them a space to build their application. The application landing zone includes billing & alerts, base governance policies, health & security monitoring, logging, and optionally networking. Landing zones are deployed and configured via code, using customized deployment scripts managed by the cloud providers and configured by the Science Program Collaboration and Emerging Technologies team.
We provide only a basic landing zone to empower you. As you are developing your innovation, please be aware of the following
You will have access to and we encourage you to use these tools to enable alerts, view logs and enhance security posture.
| Environment | Name | Description |
| Azure | Azure Defender (Defender for Cloud) | Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. |
| Azure | Azure Budget (Cost Analysis) | Azure Budget allows you to see the costs against your subscription and resources |
| AWS | AWS CloudTrail | AWS CloudTrail captures management events and s3 data plane events taking place by every principle in the account (subscription) |
| AWS | AWS GuardDuty | Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats |
| AWS | VPC Flow Logs | VPC Flow Logs capture information about the IP traffic going to and from network interfaces in an AWS Account VPC such as source and destination IPs, protocol, ports, and success/failure of the flow. |
| AWS | AWS Config | AWS Config provides a detailed view of the resources associated with each account in the AWS Organization, including how they are configured, how they are related to one another, and how the configurations have changed on a recurring basis |
| AWS | Security Hub | The primary dashboard for Operators to assess the security posture of the AWS footprint is the centralized AWS Security Hub service. Security Hub aggregates findings from GuardDuty, Config and IaM Access Analyzers. Security hub checks against common compliance standards (AWS best practices, PCI, CIS) and is similar to Defender (Security Center) in Azure |
| AWS | Systems Manager Session Manager | Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS Command Line Interface (AWS CLI). Session Manager provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. |
| AWS | Macie | Amazon Macie is a data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data. |
If issues or challenges arise we will work together to resolve them.
Remember we are here to learn together as a team.
You share this space with your pathfinder neighbors. Be kind, share solutions and lessons learned.
Encourage teamwork and information exchanges.
When implementing resources, make good design choices related to cost and security; everything should be scaled to an experiment. If you need advice on best practices please ask us, we would love to help.
Examples:
Science Program Collaboration and Emerging Technologies team is here to support you. If you need assistance just ping us by email or chat as found in the Support Guide.
We will setup a more formal weekly meeting to touch base with your group while the pathfinder gets ramped up to go over work and to share challenges and collect stories. As time goes on, the cadence of those meetings will likely slide to bi-weekly so as not to take up too much time.
🔬🧪 Happy Experimenting !🥼💻
Azure: https://portal.azure.com/163oxygen.onmicrosoft.com
AWS: https://gcscience.awsapps.com/start
GCP: https://console.cloud.google.com/projectselector2/home/dashboard?organizationId=56078811685
Logging into the Azure cloud portal might be difficult depending on your home departments policies. If you run into issues, please let us know.