Hi Team,
I am using AWX for the past 1year. we are trying to address some security issues on AWX tower. Can somebody help us if they are gone through these items?
inside the docker these files having awx/DB admin user credentials.
having the user information visible in text files is always risky in case. Has anybody tried to update the files with ** values instead of the actual passwords? i doubt this works if we update these files with ** values.
- /etc/tower/conf.d/credentials.py
- /etc/tower/conf.d/environment.sh
in my use case, we are mostly leveraging in a non-prod environment however we want to secure this awx setup
like running Docker containers with non-root users? or any other security controls can be implemented to be more secure.
in my case, we did follow.
installed CA cert in AWX Web layer
enabled Restricted elevated access on ansible VM.
delegate the roles in Awx UI
continually patch Docker images and VM.
Please let us know if any additional security controls we can place around in case if system compromises we want to eliminate any kind of risks.
-Narayanan