diff --git a/assets/aws/Makefile b/assets/aws/Makefile index 66695f6fee082..27f45f2585386 100644 --- a/assets/aws/Makefile +++ b/assets/aws/Makefile @@ -14,7 +14,7 @@ AWS_REGION ?= us-west-2 # This must be a _released_ version of Teleport, i.e. one which has binaries # available for download on https://gravitational.com/teleport/download # Unreleased versions will fail to build. -TELEPORT_VERSION ?= 6.1.3 +TELEPORT_VERSION ?= 6.2.0 # Teleport UID is the UID of a non-privileged 'teleport' user TELEPORT_UID ?= 1007 @@ -71,7 +71,7 @@ oss-ci-build: .PHONY: change-amis-to-public-oss change-amis-to-public-oss: @echo "Making OSS AMIs public" - bash files/make-amis-public.sh oss + bash files/make-amis-public.sh oss $(DESTINATION_REGIONS) # Build local 'debug' AMI .PHONY: ent @@ -99,12 +99,12 @@ ent-ci-build: .PHONY: change-amis-to-public-ent change-amis-to-public-ent: @echo "Making Enterprise AMIs public" - bash files/make-amis-public.sh ent + bash files/make-amis-public.sh ent $(DESTINATION_REGIONS) .PHONY: change-amis-to-public-ent-fips change-amis-to-public-ent-fips: @echo "Making FIPS Enterprise AMIs public" - bash files/make-amis-public.sh ent-fips + bash files/make-amis-public.sh ent-fips $(DESTINATION_REGIONS) # Other helpers diff --git a/assets/aws/files/make-amis-public.sh b/assets/aws/files/make-amis-public.sh index 914cc20663649..9a79dd79020c7 100755 --- a/assets/aws/files/make-amis-public.sh +++ b/assets/aws/files/make-amis-public.sh @@ -1,17 +1,17 @@ -#!/bin/bash +#!/usr/bin/env bash set -e -# Define list of regions to run in -REGION_LIST="us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 eu-central-1 eu-west-1 eu-west-2 sa-east-1" - -# Exit if oss/ent parameters not provided -if [[ "$1" == "" ]]; then - echo "Usage: $(basename $0) [oss/ent/ent-fips]" +# Exit if required parameters not provided +if [[ "$1" == "" ]] || [[ "$2" == "" ]]; then + echo "Usage: $(basename $0) [oss/ent/ent-fips] [comma-separated-destination-region-list]" exit 1 else RUN_MODE="$1" + REGION_LIST="$2" fi +# Note: to run this script on MacOS you will need to install coreutils (using Brew), then edit the PATH in your shell's +# RC file to use coreutils versions first (something like "export PATH=/usr/local/opt/coreutils/libexec/gnubin:$PATH") ABSPATH=$(readlink -f "$0") SCRIPT_DIR=$(dirname "${ABSPATH}") BUILD_DIR=$(readlink -f "${SCRIPT_DIR}/build") @@ -42,6 +42,7 @@ fi BUILD_TIMESTAMP=$(<"${TIMESTAMP_FILE}") # Iterate through AMIs +IFS="," for REGION in ${REGION_LIST}; do AMI_ID=$(aws ec2 describe-images --region ${REGION} --filters "Name=name,Values=${NAME_FILTER}" "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}"| jq -r '.Images[0].ImageId') if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then diff --git a/assets/aws/update-ami-ids.sh b/assets/aws/update-ami-ids.sh index b8d6836c4f0df..78337b58b7f1e 100755 --- a/assets/aws/update-ami-ids.sh +++ b/assets/aws/update-ami-ids.sh @@ -1,6 +1,12 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail +# Note: to run this script on MacOS you will need to: +# - install gnu-sed (using Brew), then edit the PATH in your shell's RC file to use the GNU version first +# -- (something like "export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH") +# - install findutils (using Brew), then edit the PATH in your shell's RC file to use the GNU version first +# -- (something like "export PATH=/usr/local/opt/findutils/libexec/gnubin:$PATH") + # shellcheck disable=SC2086 usage() { echo "Usage: $(basename $0) [-a ] [-m ] [-t ] [-r ] [-v version]" 1>&2; exit 1; } while getopts ":a:m:t:r:v:" o; do diff --git a/examples/aws/cloudformation/ent.yaml b/examples/aws/cloudformation/ent.yaml index b1c1c13421762..2371fcf813a30 100644 --- a/examples/aws/cloudformation/ent.yaml +++ b/examples/aws/cloudformation/ent.yaml @@ -97,21 +97,24 @@ Mappings: t2.xlarge: {Arch: HVM64} AWSRegionArch2AMI: - # All AMIs from AWS - gravitational-teleport-ami-ent-6.0.2 - eu-west-1: {HVM64 : ami-0c736c8094289e22a} - eu-west-2: {HVM64 : ami-0748e8ecfc3ebb868} - us-east-1: {HVM64 : ami-098615f9e05054582} - us-east-2: {HVM64 : ami-092d37b152970c523} - us-west-2: {HVM64 : ami-09813e1ab7ef9abf2} - us-west-1: {HVM64 : ami-064cdbbd893bdda25} - ap-south-1: {HVM64 : ami-0aca5db8064997b1a} - ap-northeast-2: {HVM64 : ami-0d3934da569981a70} - ap-southeast-1: {HVM64 : ami-0723170f168a437f5} - ap-southeast-2: {HVM64 : ami-04fe9ecc0bc020b71} - ap-northeast-1: {HVM64 : ami-0ef2f3ec65297f8be} - ca-central-1: {HVM64 : ami-0f729b2b97644a7de} - eu-central-1: {HVM64 : ami-0714fa1e74a8229de} - sa-east-1: {HVM64 : ami-02d7217c90d99d0d5} + # All AMIs from AWS - gravitational-teleport-ami-ent-6.2.0 + eu-north-1: {HVM64: ami-05ff5c0be3d4b8da4} + ap-south-1: {HVM64 : ami-0e506367fa6bf06ad} + eu-west-1: {HVM64 : ami-08ed956d9054124ec} + eu-west-2: {HVM64 : ami-0c13fdee73c56a9e5} + eu-west-3: {HVM64: ami-087bdce4ab6a2964d} + ap-northeast-1: {HVM64 : ami-028f6fc0f6bcc5467} + ap-northeast-2: {HVM64 : ami-0257a5282caf5dc8b} + ap-northeast-3: {HVM64: ami-0a36f2dfdca83ea7d} + sa-east-1: {HVM64 : ami-0db7a0b15f1fec84e} + ca-central-1: {HVM64 : ami-026797dc673798718} + ap-southeast-1: {HVM64 : ami-0ee78fe8e1d7b0f0b} + ap-southeast-2: {HVM64 : ami-012555117300eccf7} + eu-central-1: {HVM64 : ami-0a9f8367882508a34} + us-east-1: {HVM64 : ami-00a70c0830e3e28be} + us-east-2: {HVM64 : ami-0e3636771bd5a9558} + us-west-1: {HVM64 : ami-0f0e438f7c80db8aa} + us-west-2: {HVM64 : ami-0d4a763166ba78e9e} Resources: # Auth server setup diff --git a/examples/aws/cloudformation/oss.yaml b/examples/aws/cloudformation/oss.yaml index d35e914b37f5c..b924a7426774d 100644 --- a/examples/aws/cloudformation/oss.yaml +++ b/examples/aws/cloudformation/oss.yaml @@ -97,21 +97,24 @@ Mappings: t2.xlarge: {Arch: HVM64} AWSRegionArch2AMI: - # All AMIs from AWS - gravitational-teleport-ami-oss-6.0.2 - eu-west-1: {HVM64 : ami-01fb303b9d3ed6e6e} - eu-west-2: {HVM64 : ami-0fe50b996a5de236e} - us-east-1: {HVM64 : ami-03ea11a9030d743f7} - us-east-2: {HVM64 : ami-03a6f0406f904f5e0} - us-west-2: {HVM64 : ami-0226e43c16ebdc913} - us-west-1: {HVM64 : ami-073a0fb5af141ee60} - ap-south-1: {HVM64 : ami-05e4c581e8ed1aff1} - ap-northeast-2: {HVM64 : ami-01eceef32e28b922a} - ap-southeast-1: {HVM64 : ami-0212cce94a761f9fa} - ap-southeast-2: {HVM64 : ami-02f7eb20742a2c766} - ap-northeast-1: {HVM64 : ami-0535e53234f3af001} - ca-central-1: {HVM64 : ami-0848f22c493b90a5d} - eu-central-1: {HVM64 : ami-0de583abcab304f4a} - sa-east-1: {HVM64 : ami-02219a04cfa8b7a52} + # All AMIs from AWS - gravitational-teleport-ami-oss-6.2.0 + eu-north-1: {HVM64: ami-0eef7480d85b07d78} + ap-south-1: {HVM64 : ami-0d6449bf7fc103c8f} + eu-west-1: {HVM64 : ami-02030ad502e2e822b} + eu-west-2: {HVM64 : ami-023264050aa2a562f} + eu-west-3: {HVM64: ami-0211c6e2e821dd249} + ap-northeast-1: {HVM64 : ami-0738b06d49be46ab2} + ap-northeast-2: {HVM64 : ami-00a439b2218e9cbcd} + ap-northeast-3: {HVM64: ami-02bb8618b75d025aa} + sa-east-1: {HVM64 : ami-004f6e5a6e2dba915} + ca-central-1: {HVM64 : ami-09eda1c3961d66075} + ap-southeast-1: {HVM64 : ami-0c22d9c6ae40b1c80} + ap-southeast-2: {HVM64 : ami-0fc0d65a14b4b8ae6} + eu-central-1: {HVM64 : ami-096b74806fa379c51} + us-east-1: {HVM64 : ami-03078e35a35dce03c} + us-east-2: {HVM64 : ami-0aa7027f2a2ee0b05} + us-west-1: {HVM64 : ami-0644d8fa06ad60960} + us-west-2: {HVM64 : ami-02150067a5fef0196} Resources: # Auth server setup diff --git a/examples/aws/terraform/AMIS.md b/examples/aws/terraform/AMIS.md index 04dd99b5817b0..4b07abbae98ea 100644 --- a/examples/aws/terraform/AMIS.md +++ b/examples/aws/terraform/AMIS.md @@ -6,56 +6,65 @@ is updated when new AMI versions are released. ### OSS ``` -# ap-south-1 v6.0.2 OSS: ami-05e4c581e8ed1aff1 -# ap-northeast-2 v6.0.2 OSS: ami-01eceef32e28b922a -# ap-southeast-1 v6.0.2 OSS: ami-0212cce94a761f9fa -# ap-southeast-2 v6.0.2 OSS: ami-02f7eb20742a2c766 -# ap-northeast-1 v6.0.2 OSS: ami-0535e53234f3af001 -# ca-central-1 v6.0.2 OSS: ami-0848f22c493b90a5d -# eu-central-1 v6.0.2 OSS: ami-0de583abcab304f4a -# eu-west-1 v6.0.2 OSS: ami-01fb303b9d3ed6e6e -# eu-west-2 v6.0.2 OSS: ami-0fe50b996a5de236e -# sa-east-1 v6.0.2 OSS: ami-02219a04cfa8b7a52 -# us-east-1 v6.0.2 OSS: ami-03ea11a9030d743f7 -# us-east-2 v6.0.2 OSS: ami-03a6f0406f904f5e0 -# us-west-1 v6.0.2 OSS: ami-073a0fb5af141ee60 -# us-west-2 v6.0.2 OSS: ami-0226e43c16ebdc913 +# eu-north-1 v6.2.0 OSS: ami-0eef7480d85b07d78 +# ap-south-1 v6.2.0 OSS: ami-0d6449bf7fc103c8f +# eu-west-1 v6.2.0 OSS: ami-02030ad502e2e822b +# eu-west-2 v6.2.0 OSS: ami-023264050aa2a562f +# eu-west-3 v6.2.0 OSS: ami-0211c6e2e821dd249 +# ap-northeast-1 v6.2.0 OSS: ami-0738b06d49be46ab2 +# ap-northeast-2 v6.2.0 OSS: ami-00a439b2218e9cbcd +# ap-northeast-3 v6.2.0 OSS: ami-02bb8618b75d025aa +# sa-east-1 v6.2.0 OSS: ami-004f6e5a6e2dba915 +# ca-central-1 v6.2.0 OSS: ami-09eda1c3961d66075 +# ap-southeast-1 v6.2.0 OSS: ami-0c22d9c6ae40b1c80 +# ap-southeast-2 v6.2.0 OSS: ami-0fc0d65a14b4b8ae6 +# eu-central-1 v6.2.0 OSS: ami-096b74806fa379c51 +# us-east-1 v6.2.0 OSS: ami-03078e35a35dce03c +# us-east-2 v6.2.0 OSS: ami-0aa7027f2a2ee0b05 +# us-west-1 v6.2.0 OSS: ami-0644d8fa06ad60960 +# us-west-2 v6.2.0 OSS: ami-02150067a5fef0196 ``` ### Enterprise ``` -# ap-south-1 v6.0.2 Enterprise: ami-0aca5db8064997b1a -# ap-northeast-2 v6.0.2 Enterprise: ami-0d3934da569981a70 -# ap-southeast-1 v6.0.2 Enterprise: ami-0723170f168a437f5 -# ap-southeast-2 v6.0.2 Enterprise: ami-04fe9ecc0bc020b71 -# ap-northeast-1 v6.0.2 Enterprise: ami-0ef2f3ec65297f8be -# ca-central-1 v6.0.2 Enterprise: ami-0f729b2b97644a7de -# eu-central-1 v6.0.2 Enterprise: ami-0714fa1e74a8229de -# eu-west-1 v6.0.2 Enterprise: ami-0c736c8094289e22a -# eu-west-2 v6.0.2 Enterprise: ami-0748e8ecfc3ebb868 -# sa-east-1 v6.0.2 Enterprise: ami-02d7217c90d99d0d5 -# us-east-1 v6.0.2 Enterprise: ami-098615f9e05054582 -# us-east-2 v6.0.2 Enterprise: ami-092d37b152970c523 -# us-west-1 v6.0.2 Enterprise: ami-064cdbbd893bdda25 -# us-west-2 v6.0.2 Enterprise: ami-09813e1ab7ef9abf2 +# eu-north-1 v6.2.0 Enterprise: ami-05ff5c0be3d4b8da4 +# ap-south-1 v6.2.0 Enterprise: ami-0e506367fa6bf06ad +# eu-west-1 v6.2.0 Enterprise: ami-08ed956d9054124ec +# eu-west-2 v6.2.0 Enterprise: ami-0c13fdee73c56a9e5 +# eu-west-3 v6.2.0 Enterprise: ami-087bdce4ab6a2964d +# ap-northeast-1 v6.2.0 Enterprise: ami-028f6fc0f6bcc5467 +# ap-northeast-2 v6.2.0 Enterprise: ami-0257a5282caf5dc8b +# ap-northeast-3 v6.2.0 Enterprise: ami-0a36f2dfdca83ea7d +# sa-east-1 v6.2.0 Enterprise: ami-0db7a0b15f1fec84e +# ca-central-1 v6.2.0 Enterprise: ami-026797dc673798718 +# ap-southeast-1 v6.2.0 Enterprise: ami-0ee78fe8e1d7b0f0b +# ap-southeast-2 v6.2.0 Enterprise: ami-012555117300eccf7 +# eu-central-1 v6.2.0 Enterprise: ami-0a9f8367882508a34 +# us-east-1 v6.2.0 Enterprise: ami-00a70c0830e3e28be +# us-east-2 v6.2.0 Enterprise: ami-0e3636771bd5a9558 +# us-west-1 v6.2.0 Enterprise: ami-0f0e438f7c80db8aa +# us-west-2 v6.2.0 Enterprise: ami-0d4a763166ba78e9e ``` ### Enterprise FIPS ``` -# ap-south-1 v6.0.2 Enterprise FIPS: ami-0252c2f03c38d5a83 -# ap-northeast-2 v6.0.2 Enterprise FIPS: ami-06a6404a60f7e0e38 -# ap-southeast-1 v6.0.2 Enterprise FIPS: ami-094ea89a3f60855ec -# ap-southeast-2 v6.0.2 Enterprise FIPS: ami-0020456844cb76968 -# ap-northeast-1 v6.0.2 Enterprise FIPS: ami-0b9ee56285aae9d05 -# ca-central-1 v6.0.2 Enterprise FIPS: ami-076b22ef0dfe4037f -# eu-central-1 v6.0.2 Enterprise FIPS: ami-0154cb54cc8587e58 -# eu-west-1 v6.0.2 Enterprise FIPS: ami-08975755b8c23c164 -# eu-west-2 v6.0.2 Enterprise FIPS: ami-07cef22c77c0633ac -# sa-east-1 v6.0.2 Enterprise FIPS: ami-0063942600c3e7bac -# us-east-1 v6.0.2 Enterprise FIPS: ami-02a9b68643fef4ef7 -# us-east-2 v6.0.2 Enterprise FIPS: ami-06354cb40cd214d92 -# us-west-1 v6.0.2 Enterprise FIPS: ami-016c28b5e4b5923f1 -# us-west-2 v6.0.2 Enterprise FIPS: ami-01239b455a88459b0 +# eu-north-1 v6.2.0 Enterprise FIPS: ami-0ef3a593cf76412cc +# ap-south-1 v6.2.0 Enterprise FIPS: ami-0aa26b9f7b648fbf0 +# eu-west-1 v6.2.0 Enterprise FIPS: ami-0a5fb46d5f1355a3c +# eu-west-2 v6.2.0 Enterprise FIPS: ami-045b624f2160bdbcb +# eu-west-3 v6.2.0 Enterprise FIPS: ami-08cbdce943ef2d229 +# ap-northeast-1 v6.2.0 Enterprise FIPS: ami-0d04fb3a9a89177d7 +# ap-northeast-2 v6.2.0 Enterprise FIPS: ami-0bf842bbb61351484 +# ap-northeast-3 v6.2.0 Enterprise FIPS: ami-02911fb25bdc7d813 +# sa-east-1 v6.2.0 Enterprise FIPS: ami-05da34d5495265ef0 +# ca-central-1 v6.2.0 Enterprise FIPS: ami-0b9f86c2838ad8791 +# ap-southeast-1 v6.2.0 Enterprise FIPS: ami-05bcd5ede24cca6bf +# ap-southeast-2 v6.2.0 Enterprise FIPS: ami-00a92f2b6e9a6df4f +# eu-central-1 v6.2.0 Enterprise FIPS: ami-0207c8316b5f94f40 +# us-east-1 v6.2.0 Enterprise FIPS: ami-0fb1d80acbae6a89f +# us-east-2 v6.2.0 Enterprise FIPS: ami-0d3b5b91753377eaa +# us-west-1 v6.2.0 Enterprise FIPS: ami-0a25edc80c846506f +# us-west-2 v6.2.0 Enterprise FIPS: ami-0799002d5898102ba ``` diff --git a/examples/aws/terraform/ha-autoscale-cluster/README.md b/examples/aws/terraform/ha-autoscale-cluster/README.md index a37e2faeea394..4c577f7cc4737 100644 --- a/examples/aws/terraform/ha-autoscale-cluster/README.md +++ b/examples/aws/terraform/ha-autoscale-cluster/README.md @@ -45,7 +45,7 @@ export TF_VAR_cluster_name="teleport.example.com" # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*' # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*' # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name -export TF_VAR_ami_name="gravitational-teleport-ami-ent-6.0.2" +export TF_VAR_ami_name="gravitational-teleport-ami-ent-6.2.0" # AWS SSH key name to provision in installed instances, should be available in the region export TF_VAR_key_name="example" diff --git a/examples/aws/terraform/starter-cluster/README.md b/examples/aws/terraform/starter-cluster/README.md index 07e6e329ae7b7..d3993b6966581 100644 --- a/examples/aws/terraform/starter-cluster/README.md +++ b/examples/aws/terraform/starter-cluster/README.md @@ -86,7 +86,7 @@ TF_VAR_license_path ?="/path/to/license" # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*' # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*' # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name -TF_VAR_ami_name ?="gravitational-teleport-ami-ent-6.0.2" +TF_VAR_ami_name ?="gravitational-teleport-ami-ent-6.2.0" # Route 53 hosted zone to use, must be a root zone registered in AWS, e.g. example.com TF_VAR_route53_zone ?="example.com"