Track AI agent infrastructure deployment

## Overview

Track the full lifecycle of deploying Tailscale-based network isolation for AI agents. Design and IaC code is in PR #6.

## Phases

### Phase 1: Design & IaC (in progress)
- [x] Design architecture (Tailscale ACLs, isolated VPC, egress proxy)
- [x] Write modular Terraform code (PR #6)
- [ ] Review and merge PR #6

### Phase 2: Prerequisites
- [ ] Create Tailscale account and tailnet for the org
- [ ] Configure identity provider (Google Workspace / Okta / Azure AD)
- [ ] Generate Tailscale API key and store in secrets manager
- [ ] Choose cloud provider (AWS or GCP) and set up credentials
- [ ] Create `terraform.tfvars` with team emails, region, instance config

### Phase 3: Deploy Core Infrastructure
- [ ] `terraform init` + `terraform plan` — review the plan
- [ ] Deploy agent network (VPC, subnets, NAT, security groups)
- [ ] Deploy subnet router and approve routes in Tailscale admin
- [ ] Deploy egress proxy with domain allowlist
- [ ] Verify Tailscale ACLs are enforced (test denied routes)

### Phase 4: Deploy AI Agents
- [ ] Build agent container image / runtime
- [ ] Deploy agent instances with ephemeral Tailscale keys
- [ ] Configure agents to use egress proxy (`HTTP_PROXY` / `HTTPS_PROXY`)
- [ ] Verify agents can reach sandbox services and allowed external APIs
- [ ] Verify agents CANNOT reach corporate intranet

### Phase 5: Operational Readiness
- [ ] Enable Tailscale audit logging and pipe to SIEM
- [ ] Set up alerts for denied connection attempts from agents
- [ ] Document runbook for adding/removing allowed domains
- [ ] Document runbook for onboarding new agent types
- [ ] Set up key rotation for Tailscale auth keys

### Phase 6: Ongoing Maintenance
- [ ] Review and update egress proxy allowlist as needed
- [ ] Review ACL policy quarterly
- [ ] Terraform state backup strategy
- [ ] Plan for multi-region / multi-cloud expansion (GCP module ready but commented out)

## References

- Infrastructure code: PR #6
- Architecture overview: `infrastructure/README.md`
- Module docs: each module has its own `README.md`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Track AI agent infrastructure deployment #7

Overview

Phases

Phase 1: Design & IaC (in progress)

Phase 2: Prerequisites

Phase 3: Deploy Core Infrastructure

Phase 4: Deploy AI Agents

Phase 5: Operational Readiness

Phase 6: Ongoing Maintenance

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Track AI agent infrastructure deployment #7

Description

Overview

Phases

Phase 1: Design & IaC (in progress)

Phase 2: Prerequisites

Phase 3: Deploy Core Infrastructure

Phase 4: Deploy AI Agents

Phase 5: Operational Readiness

Phase 6: Ongoing Maintenance

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions