e323c45cb0
- Security: no IAM in service repos, no custom auth, no direct external calls - Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config - DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions - Cost: resource tagging, no unbounded allocation, no per-tenant infra - Updated checker and demo to match - These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
1.5 KiB
Security Requirements
Phase: implementation Enforcement: informational
SEC-001: No IAM Resources in Service Repos
Service repositories MUST NOT contain IAM policies, roles, or identity resources. IAM is centrally managed by the security team through the infrastructure repo.
Rule: No Terraform/CloudFormation IAM resource definitions (aws_iam_role, aws_iam_policy, google_project_iam_member, etc.) in service-level repositories. If your service needs a new permission, request it through the IAM change process.
Test: Scan IaC files for IAM resource type declarations.
SEC-002: No Embedded Credentials or Auth Bypass
Services MUST NOT implement their own authentication mechanisms. All auth flows go through the centralized auth service.
Rule: No custom JWT validation, no local user tables, no auth middleware that bypasses the platform auth layer. Services consume auth tokens validated by the platform.
Test: Scan for JWT libraries imported outside the auth module, custom login/authenticate endpoints, local user/password tables in migrations.
SEC-003: No Direct External Network Calls Without Proxy
Services MUST NOT make direct outbound HTTP calls to external (non-Reltio) endpoints. All external traffic routes through the API gateway/proxy layer.
Rule: Outbound calls to third-party APIs must go through the approved proxy/gateway. No hardcoded external URLs in service code.
Test: Scan for HTTP client instantiation with non-internal hostnames.