-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Vladyslav Yevsiukov
authored and
Vladyslav Yevsiukov
committed
Jul 21, 2023
1 parent
4dd99f6
commit 81d9d63
Showing
12 changed files
with
208 additions
and
72 deletions.
There are no files selected for viewing
24 changes: 19 additions & 5 deletions
24
terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/certificate.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,22 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# sudo openssl req -x509 -nodes -days 40 -newkey rsa:2048 -keyout private.key -out certificate.crt | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 20 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "086_certificate_green" | ||
certificate_body = file("certificate.crt") | ||
private_key = file("private.key") | ||
} | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
} |
25 changes: 20 additions & 5 deletions
25
terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/certificate.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,23 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# sudo openssl req -x509 -nodes -days 20 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 20 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "086_certificate_red" | ||
certificate_body = file("certificate.crt") | ||
private_key = file("private.key") | ||
} | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
} |
25 changes: 20 additions & 5 deletions
25
terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/certificate.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,23 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# sudo openssl req -x509 -nodes -days 8 -newkey rsa:2048 -keyout private.key -out certificate.crt | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 8 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "087_certificate_green" | ||
certificate_body = file("certificate.crt") | ||
private_key = file("private.key") | ||
} | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
|
||
} |
26 changes: 20 additions & 6 deletions
26
terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/certificate.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,22 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# sudo openssl req -x509 -nodes -days 4 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 4 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "087_certificate_red" | ||
certificate_body = file("second-certificate.crt") | ||
private_key = file("second-private.key") | ||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "086_certificate_red" | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 20 additions & 5 deletions
25
...aform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/iam.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,22 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "279_server_certificate_green" | ||
certificate_body = file("certificate.crt") | ||
private_key = file("private.key") | ||
} | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
} |
25 changes: 20 additions & 5 deletions
25
terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/iam.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,22 @@ | ||
###### The step to be done before run infrastructure is to run command below | ||
# openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt - ### we can't create expired certificate | ||
resource "null_resource" "this" { | ||
provisioner "local-exec" { | ||
command = "echo -e '\\n\\n\\n\\n\\n\\n\\n\\n' | openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout private.key -out certificate.crt" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} | ||
|
||
data "local_file" "certificate" { | ||
filename = "certificate.crt" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
data "local_file" "private_key" { | ||
filename = "private.key" | ||
depends_on = [null_resource.this] | ||
} | ||
|
||
resource "aws_iam_server_certificate" "this" { | ||
name = "279_server_certificate_red" | ||
certificate_body = file("certificate.crt") | ||
private_key = file("private.key") | ||
} | ||
certificate_body = data.local_file.certificate.content | ||
private_key = data.local_file.private_key.content | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 27 additions & 4 deletions
31
terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/green/asg.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,30 @@ | ||
# There is a bug where 'associate_public_ip_address' has a 3 states when terraform can only provide 2 states. | ||
data "aws_ami" "this" { | ||
most_recent = true | ||
|
||
# Use following command to create green infrastructure. | ||
aws autoscaling create-launch-configuration --launch-configuration-name 531_launch_template_green --image-id ami-06eecef118bbf9259 --instance-type t2.micro --no-associate-public-ip-address | ||
filter { | ||
name = "name" | ||
values = ["amzn2-ami-*-hvm-*-arm64-gp2"] | ||
} | ||
|
||
# Use following command to delete infrastructure. | ||
aws autoscaling delete-launch-configuration --launch-configuration-name 531_launch_template_green | ||
filter { | ||
name = "architecture" | ||
values = ["arm64"] | ||
} | ||
|
||
owners = ["amazon"] | ||
} | ||
|
||
resource "null_resource" "this" { | ||
|
||
provisioner "local-exec" { | ||
command = "aws autoscaling create-launch-configuration --launch-configuration-name 531_launch_template_green --image-id ${data.aws_ami.this.id} --instance-type t2.micro --no-associate-public-ip-address" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
|
||
provisioner "local-exec" { | ||
when = destroy | ||
command = "aws autoscaling delete-launch-configuration --launch-configuration-name 531_launch_template_green" | ||
interpreter = ["/bin/bash", "-c"] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters