Review Security: Make a list of issues to fix

[liquidsteves]

What security issues are there that need fixing?

SSH endpoints are ec2-user@18.212.112.106 - This should be "locked-down" to only a couple of users in a specific IP address. Used to transfer files and debug.

Flask (webhooks endpoint) is insecure by design! We should wrap it in something secure

Are there any issues with our use of Env variables and /secrets directory to manage passwords, and then loading those logins inside Docker or EC2 instances?

Audit security of our AWS EC2 setup. Eg are user roles given only the permissions they need?

Audit security of our Google Cloud, oath for Google Drive and Google Translate API