wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-02 18:13:13 +02:00
Code Issues Projects Releases Wiki Activity

add support for AWS temporary tokens

Browse source
This commit is contained in:
xxli 2017-11-20 16:18:50 +08:00
parent e01521bbf4
commit ab15c31c61
4 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
algo
View file

@ -242,6 +242,13 @@ Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing
$ADDITIONAL_PROMPT
[ABCD...]: " -rs aws_secret_key
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
read -p "
If you are using AWS Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html), enter your aws_session_token (aka aws_security_token); otherwise just press ENTER
$ADDITIONAL_PROMPT
[ABCD...]: " -rs aws_session_token
read -p "
Name the vpn server:
@ -287,7 +294,8 @@ Enter the number of your desired region:
esac
ROLES="ec2 vpn cloud"
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_session_token=$aws_session_token aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region"
}
gce () {

4
roles/cloud-ec2/tasks/cloudformation.yml Normal file → Executable file
View file

@ -9,10 +9,12 @@
cloudformation:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
stack_name: "{{ stack_name }}"
state: "present"
region: "{{ region }}"
template: "configs/{{ aws_server_name }}.yml"
tags:
Environment: Algo
register: stack
register: stack

5
roles/cloud-ec2/tasks/encrypt_image.yml Normal file → Executable file
View file

@ -2,6 +2,9 @@
ec2_ami_find:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
#its odd that the parameter name (“security_token”) is shown in an error message generated by this ansible module, rather than being recorded in the modules official docs
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
owner: self
sort: creationDate
sort_order: descending
@ -20,6 +23,8 @@
ec2_ami_copy:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
encrypted: yes
name: algo
kms_key_id: "{{ kms_key_id | default(omit) }}"

7
roles/cloud-ec2/tasks/main.yml Normal file → Executable file
View file

@ -2,12 +2,17 @@
- set_fact:
access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
stack_name: "{{ aws_server_name | replace('.', '-') }}"
- name: Locate official AMI for region
ec2_ami_find:
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
#its odd that the parameter name (“security_token”) is shown in an error message generated by this ansible module, rather than being recorded in the modules official docs
security_token: "{{ security_token }}"
name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
owner: "{{ cloud_providers.ec2.image.owner }}"
sort: creationDate
@ -41,6 +46,8 @@
ec2_remote_facts:
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ security_token }}"
region: "{{ region }}"
filters:
instance-state-name: running