From 33e4217d57a34ecb73621d998fcd947f3da6a15c Mon Sep 17 00:00:00 2001 From: Orestis Floros Date: Mon, 29 Jan 2024 14:06:54 +0100 Subject: [PATCH] Revert AWS account tag workaround (#1845) Changes the golang deployment script to generate a yaml file with the tags for our AWS account even if those are not necessary. This allows long running environments to run for more than 30 days. This reverts commit d4ad5d46cd8ac89d6bee232cbc70f07b595f0aff. --- deploy/cloudformation/.gitignore | 1 + .../cloudformation/elastic-agent-ec2-cnvm.yml | 25 ------- .../cloudformation/elastic-agent-ec2-cspm.yml | 25 ------- deploy/cloudformation/gomain.go | 73 +++++++++++++------ 4 files changed, 50 insertions(+), 74 deletions(-) diff --git a/deploy/cloudformation/.gitignore b/deploy/cloudformation/.gitignore index f17f8ce16f..c3b2c2453a 100644 --- a/deploy/cloudformation/.gitignore +++ b/deploy/cloudformation/.gitignore @@ -1,3 +1,4 @@ elastic-agent-ec2-dev-*.yml +*generated.yml config.env config.json diff --git a/deploy/cloudformation/elastic-agent-ec2-cnvm.yml b/deploy/cloudformation/elastic-agent-ec2-cnvm.yml index 4a21fb511b..671173a3f8 100644 --- a/deploy/cloudformation/elastic-agent-ec2-cnvm.yml +++ b/deploy/cloudformation/elastic-agent-ec2-cnvm.yml @@ -33,11 +33,6 @@ Parameters: Description: The version of elastic-agent to install Type: String -Conditions: - UseElasticTags: !Equals - - !Ref "AWS::AccountId" - - 704479110758 - Resources: # Security Group for EC2 instance @@ -139,26 +134,6 @@ Resources: - !Ref "AWS::StackId" - Key: Task Value: Vulnerability Management Scanner - - Key: division - Value: !If - - UseElasticTags - - engineering - - AWS::NoValue - - Key: org - Value: !If - - UseElasticTags - - security - - AWS::NoValue - - Key: team - Value: !If - - UseElasticTags - - cloud-security - - AWS::NoValue - - Key: project - Value: !If - - UseElasticTags - - cloudformation - - AWS::NoValue ImageId: !Ref LatestAmiId InstanceType: !Ref InstanceType IamInstanceProfile: !Ref ElasticAgentInstanceProfile diff --git a/deploy/cloudformation/elastic-agent-ec2-cspm.yml b/deploy/cloudformation/elastic-agent-ec2-cspm.yml index d533a81ce7..7dc7a0f060 100644 --- a/deploy/cloudformation/elastic-agent-ec2-cspm.yml +++ b/deploy/cloudformation/elastic-agent-ec2-cspm.yml @@ -33,11 +33,6 @@ Parameters: Description: The version of elastic-agent to install Type: String -Conditions: - UseElasticTags: !Equals - - !Ref "AWS::AccountId" - - 704479110758 - Resources: # Security Group for EC2 instance @@ -107,26 +102,6 @@ Resources: - !Ref "AWS::StackId" - Key: Task Value: Cloud Security Posture Management Scanner - - Key: division - Value: !If - - UseElasticTags - - engineering - - AWS::NoValue - - Key: org - Value: !If - - UseElasticTags - - security - - AWS::NoValue - - Key: team - Value: !If - - UseElasticTags - - cloud-security - - AWS::NoValue - - Key: project - Value: !If - - UseElasticTags - - cloudformation - - AWS::NoValue ImageId: !Ref LatestAmiId InstanceType: !Ref InstanceType IamInstanceProfile: !Ref ElasticAgentInstanceProfile diff --git a/deploy/cloudformation/gomain.go b/deploy/cloudformation/gomain.go index 23173386c0..5e65a3da01 100644 --- a/deploy/cloudformation/gomain.go +++ b/deploy/cloudformation/gomain.go @@ -25,6 +25,7 @@ import ( "fmt" "log" "os" + "strings" "github.com/aws/aws-sdk-go-v2/aws" awsConfig "github.com/aws/aws-sdk-go-v2/config" @@ -38,15 +39,9 @@ const ( PROD = "PROD_TEMPLATE" ) -var templatePaths = map[string]map[string]string{ - DeploymentTypeCSPM: { - DEV: "elastic-agent-ec2-dev-cspm.yml", - PROD: "elastic-agent-ec2-cspm.yml", - }, - DeploymentTypeCNVM: { - DEV: "elastic-agent-ec2-dev-cnvm.yml", - PROD: "elastic-agent-ec2-cnvm.yml", - }, +var templatePaths = map[string]string{ + DeploymentTypeCSPM: "elastic-agent-ec2-cspm.yml", + DeploymentTypeCNVM: "elastic-agent-ec2-cnvm.yml", } func main() { @@ -72,30 +67,30 @@ func createFromConfig(cfg *config) error { params["ElasticArtifactServer"] = *cfg.ElasticArtifactServer } - templatePath := getTemplatePath(cfg.DeploymentType, PROD) + templateSourcePath := getTemplateSourcePath(cfg.DeploymentType) + templateTargetPath := getTemplateTargetPath(templateSourcePath) + if err := generateProdTemplate(templateSourcePath, templateTargetPath); err != nil { + return fmt.Errorf("failed to generate prod template: %w", err) + } if cfg.Dev != nil && cfg.Dev.AllowSSH { params["KeyName"] = cfg.Dev.KeyName - devTemplatePath := getTemplatePath(cfg.DeploymentType, DEV) - - err := generateDevTemplate(templatePath, devTemplatePath) + err := generateDevTemplate(templateTargetPath, templateTargetPath) if err != nil { - return fmt.Errorf("could not generate dev template: %v", err) + return fmt.Errorf("failed to generate dev template: %w", err) } - - templatePath = devTemplatePath } - err := createStack(cfg.StackName, templatePath, params) + err := createStack(cfg.StackName, templateTargetPath, params) if err != nil { - return fmt.Errorf("failed to create CloudFormation stack: %v", err) + return fmt.Errorf("failed to create CloudFormation stack: %w", err) } return nil } -func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err error) { +func generateDevTemplate(prodTemplatePath string, devTemplatePath string) error { const yqExpression = ` .Parameters.KeyName = { "Description": "SSH Keypair to login to the instance", @@ -110,7 +105,33 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e "ToPort": 22 } ` - inputBytes, err := os.ReadFile(prodTemplatePath) + return generateTemplate(prodTemplatePath, devTemplatePath, yqExpression) +} + +func generateProdTemplate(prodTemplatePath string, devTemplatePath string) error { + const yqExpression = ` +.Resources.ElasticAgentEc2Instance.Properties.Tags += { + "Key": "division", + "Value": "engineering" +} | +.Resources.ElasticAgentEc2Instance.Properties.Tags += { + "Key": "org", + "Value": "security" +} | +.Resources.ElasticAgentEc2Instance.Properties.Tags += { + "Key": "team", + "Value": "cloud-security" +} | +.Resources.ElasticAgentEc2Instance.Properties.Tags += { + "Key": "project", + "Value": "cloudformation" +} +` + return generateTemplate(prodTemplatePath, devTemplatePath, yqExpression) +} + +func generateTemplate(sourcePath string, targetPath string, yqExpression string) (err error) { + inputBytes, err := os.ReadFile(sourcePath) if err != nil { return err } @@ -125,7 +146,7 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e return err } - f, err := os.Create(devTemplatePath) + f, err := os.Create(targetPath) if err != nil { return err } @@ -138,7 +159,7 @@ func generateDevTemplate(prodTemplatePath string, devTemplatePath string) (err e _, err = f.WriteString(generatedTemplateString) if err != nil { - return fmt.Errorf("failed to write to dev template: %w", err) + return fmt.Errorf("failed to write template: %w", err) } return @@ -183,10 +204,14 @@ func createStack(stackName string, templatePath string, params map[string]string return nil } -func getTemplatePath(deploymentType string, env string) string { +func getTemplateSourcePath(deploymentType string) string { if deploymentType == "" { // Default is CNVM deploymentType = DeploymentTypeCNVM } - return templatePaths[deploymentType][env] + return templatePaths[deploymentType] +} + +func getTemplateTargetPath(source string) string { + return strings.Replace(source, ".yml", "-generated.yml", 1) }