It would need some managers approval due to potential high impact on budget and relation with AWS so closing as invalid for now and to be reopen by requestor with managers approval for risk mitigation

Hi. My name is Anna. I am the manager of the Convert2RHEL team. I will collaborate with my director to procure the required budget. Currently trying to estimate the required budget so that we can correctly formulate the request. Just wanted to let you know that I know you need managerial approval and that I am working on it.

Thanks it was discussed internally and we'll see how to work on it in the next days, with a potential plan to mitigate the bandwidth consumption, as last month it (with restrictions in place) sent out ~600TiB of data.

I have a plan, and started to work on it in parallel of the existing (and now working fine since last wednesday evening, since we mitigated the DDoS/attack on it) vault.centos.org setup, and we should be able to redirect to cloudfront setup next week (as kind of quick update)

vault.centos.org should currently be working as expected as there was a firewall update to block the IP range that was ddosing us.

We will now implement a cloudfront solution to avoid this issue in future cases. This should be in place on Monday

current status :

• Origin node deployed with up2date content
• Cloudfront distribution deployed
• specific vault.centos.org TLS cert added now on Cloudfront distribution (we had to wait for them to process/validate)
• Origin node protected to only allow content to be retrieved from cloudfront

https://vault.centos.org is so still "live" on existing infra but will be switched to cloudfront next monday, and the rest of the nodes being reconfigured by ansible as additional origin nodes in a new cloudfront origin group (to ensure redundancy)

https://vault.centos.org is now live on cloudfront/AWS and with now 3 origin nodes used in an origin group (redudancy)