fr34k8

An Ansible summary

Jon Warbrick, July 2014, V3.2 (for Ansible 1.7)

Configuration file

First one found from of

AWS Setup

1. Create AWS role called Spinnaker with proper access.
2. run aws configure and set your keys/secret.

Install Git and NVM

sudo apt-get -y install git
git clone https://github.com/spinnaker/spinnaker.git

Creating a useful cloud migration model

This is a transformation of Adrian Colyer's Checklist to turn it into a working model for a cloud transformation. The assumption is that the original checklist can suffice for any services that are deployed on the build pipeline, but the question to answer here is about how the environment is provisioned, deployed, monitored and governed in such a way as to fit the architecture implicit in the service checklist.

Configuration and Secret Management

Config is supplied via environment variables.
Anything that doesn't vary between deploys should not be externalised.
Deployment orchestrator should supply config as it deploys a service
Secrets should never be supplied as config
Desired deployment state should be declaratively described in code in a VCS.

Create 2 files: main.go and docker-compose.yml. Once both are created use docker-compose up and it will build the necessary files and start Elastic Search.

I found it necessary to add elastic.SetSniff(false) or I could not connect. Also remember the docker containers have security enabled for Elasticsearch with the password set as elastic:changeme. You can test it using curl:

curl http://127.0.0.1:9200/_cat/health -u elastic:changeme

Once it is running you can successfully run the main.go file using go run main.go.

Security Tools for AWS

I often get asked which tools are good to use for securing your AWS infrastructure so I figured I'd write a short listof some useful Security Tools for the AWS Cloud Infrastructure.

This list is not intended be something completely exhaustive, more so provide a good launching pad for someone as they dig into AWS and want to make it secure from the start.

Open Source

This section focuses on tools and services provided by the community and released as open-source.

	INTRO
	I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

	Short Link: http://tiny.cc/awssecurity

	Official AWS Security Resources
	* Security Blog - http://blogs.aws.amazon.com/security/
	* Security Advisories - http://aws.amazon.com/security/security-bulletins/
	* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
	* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

	#!/bin/bash -eo pipefail

	## Allows for creation of "Basic" DNS records in a Route53 hosted zone

	function main() {
	record_name=$1
	record_value=$2

	[[ -z $record_name ]] && echo "record_name is: $record_name" && exit 1
	[[ -z $record_value ]] && echo "record_value is: $record_value" && exit 1

	#!/usr/bin/env python
	import base64
	import json
	import os
	import re
	import yaml


	YAML_CONFIG_FILE = os.environ.get('APPLICATION_CONFIG')
	with open(YAML_CONFIG_FILE, 'r') as YAML_CONFIG:

	$ cat mkefiboot
	#!/bin/bash

	macbootimg() {
	python /usr/lib/python3.3/site-packages/livedvd/mkefiboot -a -l "Gentoo Linux" -i gentoo.icns -p "Gentoo Linux" efi/boot macboot.img
	}

	efiimg() {
	local mountdir
	mountdir=$(mktemp -d)

	[
	{
	"Document": {
	"Statement": [
	{
	"Action": [
	"directconnect:Describe*",
	"ec2:DescribeVpnGateways"
	],
	"Effect": "Allow",