Skip to content

Commit

Permalink
Revert AWS account tag workaround (#1845)
Browse files Browse the repository at this point in the history
Changes the golang deployment script to generate a yaml file with the
tags for our AWS account even if those are not necessary. This allows
long running environments to run for more than 30 days.

This reverts commit d4ad5d4.
  • Loading branch information
orestisfl authored Jan 29, 2024
1 parent f5f280d commit 33e4217
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 74 deletions.
1 change: 1 addition & 0 deletions deploy/cloudformation/.gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
elastic-agent-ec2-dev-*.yml
*generated.yml
config.env
config.json
25 changes: 0 additions & 25 deletions deploy/cloudformation/elastic-agent-ec2-cnvm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,6 @@ Parameters:
Description: The version of elastic-agent to install
Type: String

Conditions:
UseElasticTags: !Equals
- !Ref "AWS::AccountId"
- 704479110758

Resources:

# Security Group for EC2 instance
Expand Down Expand Up @@ -139,26 +134,6 @@ Resources:
- !Ref "AWS::StackId"
- Key: Task
Value: Vulnerability Management Scanner
- Key: division
Value: !If
- UseElasticTags
- engineering
- AWS::NoValue
- Key: org
Value: !If
- UseElasticTags
- security
- AWS::NoValue
- Key: team
Value: !If
- UseElasticTags
- cloud-security
- AWS::NoValue
- Key: project
Value: !If
- UseElasticTags
- cloudformation
- AWS::NoValue
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
IamInstanceProfile: !Ref ElasticAgentInstanceProfile
Expand Down
25 changes: 0 additions & 25 deletions deploy/cloudformation/elastic-agent-ec2-cspm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,6 @@ Parameters:
Description: The version of elastic-agent to install
Type: String

Conditions:
UseElasticTags: !Equals
- !Ref "AWS::AccountId"
- 704479110758

Resources:

# Security Group for EC2 instance
Expand Down Expand Up @@ -107,26 +102,6 @@ Resources:
- !Ref "AWS::StackId"
- Key: Task
Value: Cloud Security Posture Management Scanner
- Key: division
Value: !If
- UseElasticTags
- engineering
- AWS::NoValue
- Key: org
Value: !If
- UseElasticTags
- security
- AWS::NoValue
- Key: team
Value: !If
- UseElasticTags
- cloud-security
- AWS::NoValue
- Key: project
Value: !If
- UseElasticTags
- cloudformation
- AWS::NoValue
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
IamInstanceProfile: !Ref ElasticAgentInstanceProfile
Expand Down
73 changes: 49 additions & 24 deletions deploy/cloudformation/gomain.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"fmt"
"log"
"os"
"strings"

"github.com/aws/aws-sdk-go-v2/aws"
awsConfig "github.com/aws/aws-sdk-go-v2/config"
Expand All @@ -38,15 +39,9 @@ const (
PROD = "PROD_TEMPLATE"
)

var templatePaths = map[string]map[string]string{
DeploymentTypeCSPM: {
DEV: "elastic-agent-ec2-dev-cspm.yml",
PROD: "elastic-agent-ec2-cspm.yml",
},
DeploymentTypeCNVM: {
DEV: "elastic-agent-ec2-dev-cnvm.yml",
PROD: "elastic-agent-ec2-cnvm.yml",
},
var templatePaths = map[string]string{
DeploymentTypeCSPM: "elastic-agent-ec2-cspm.yml",
DeploymentTypeCNVM: "elastic-agent-ec2-cnvm.yml",
}

func main() {
Expand All @@ -72,30 +67,30 @@ func createFromConfig(cfg *config) error {
params["ElasticArtifactServer"] = *cfg.ElasticArtifactServer
}

templatePath := getTemplatePath(cfg.DeploymentType, PROD)
templateSourcePath := getTemplateSourcePath(cfg.DeploymentType)
templateTargetPath := getTemplateTargetPath(templateSourcePath)
if err := generateProdTemplate(templateSourcePath, templateTargetPath); err != nil {
return fmt.Errorf("failed to generate prod template: %w", err)
}

if cfg.Dev != nil && cfg.Dev.AllowSSH {
params["KeyName"] = cfg.Dev.KeyName

devTemplatePath := getTemplatePath(cfg.DeploymentType, DEV)

err := generateDevTemplate(templatePath, devTemplatePath)
err := generateDevTemplate(templateTargetPath, templateTargetPath)
if err != nil {
return fmt.Errorf("could not generate dev template: %v", err)
return fmt.Errorf("failed to generate dev template: %w", err)
}

templatePath = devTemplatePath
}

err := createStack(cfg.StackName, templatePath, params)
err := createStack(cfg.StackName, templateTargetPath, params)
if err != nil {
return fmt.Errorf("failed to create CloudFormation stack: %v", err)
return fmt.Errorf("failed to create CloudFormation stack: %w", err)
}

return nil
}

func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err error) {
func generateDevTemplate(prodTemplatePath string, devTemplatePath string) error {
const yqExpression = `
.Parameters.KeyName = {
"Description": "SSH Keypair to login to the instance",
Expand All @@ -110,7 +105,33 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e
"ToPort": 22
}
`
inputBytes, err := os.ReadFile(prodTemplatePath)
return generateTemplate(prodTemplatePath, devTemplatePath, yqExpression)
}

func generateProdTemplate(prodTemplatePath string, devTemplatePath string) error {
const yqExpression = `
.Resources.ElasticAgentEc2Instance.Properties.Tags += {
"Key": "division",
"Value": "engineering"
} |
.Resources.ElasticAgentEc2Instance.Properties.Tags += {
"Key": "org",
"Value": "security"
} |
.Resources.ElasticAgentEc2Instance.Properties.Tags += {
"Key": "team",
"Value": "cloud-security"
} |
.Resources.ElasticAgentEc2Instance.Properties.Tags += {
"Key": "project",
"Value": "cloudformation"
}
`
return generateTemplate(prodTemplatePath, devTemplatePath, yqExpression)
}

func generateTemplate(sourcePath string, targetPath string, yqExpression string) (err error) {
inputBytes, err := os.ReadFile(sourcePath)
if err != nil {
return err
}
Expand All @@ -125,7 +146,7 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e
return err
}

f, err := os.Create(devTemplatePath)
f, err := os.Create(targetPath)
if err != nil {
return err
}
Expand All @@ -138,7 +159,7 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e

_, err = f.WriteString(generatedTemplateString)
if err != nil {
return fmt.Errorf("failed to write to dev template: %w", err)
return fmt.Errorf("failed to write template: %w", err)
}

return
Expand Down Expand Up @@ -183,10 +204,14 @@ func createStack(stackName string, templatePath string, params map[string]string
return nil
}

func getTemplatePath(deploymentType string, env string) string {
func getTemplateSourcePath(deploymentType string) string {
if deploymentType == "" {
// Default is CNVM
deploymentType = DeploymentTypeCNVM
}
return templatePaths[deploymentType][env]
return templatePaths[deploymentType]
}

func getTemplateTargetPath(source string) string {
return strings.Replace(source, ".yml", "-generated.yml", 1)
}

0 comments on commit 33e4217

Please sign in to comment.