wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-03 10:33:13 +02:00
Code Issues Projects Releases Wiki Activity

add support for AWS temporary tokens

Browse source
This commit is contained in:
xxli 2017-11-20 16:18:50 +08:00
parent e01521bbf4
commit ab15c31c61
4 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
algo
View file

@ -242,6 +242,13 @@ Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing
$ADDITIONAL_PROMPT $ADDITIONAL_PROMPT
[ABCD...]: " -rs aws_secret_key [ABCD...]: " -rs aws_secret_key
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
read -p "
If you are using AWS Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html), enter your aws_session_token (aka aws_security_token); otherwise just press ENTER
$ADDITIONAL_PROMPT
[ABCD...]: " -rs aws_session_token
read -p " read -p "
Name the vpn server: Name the vpn server:
@ -287,7 +294,8 @@ Enter the number of your desired region:
esac esac
ROLES="ec2 vpn cloud" ROLES="ec2 vpn cloud"
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region" #for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_session_token=$aws_session_token aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region"
} }
gce () { gce () {

4
roles/cloud-ec2/tasks/cloudformation.yml Normal file → Executable file
View file

@ -9,10 +9,12 @@
cloudformation: cloudformation:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}" aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}" aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
stack_name: "{{ stack_name }}" stack_name: "{{ stack_name }}"
state: "present" state: "present"
region: "{{ region }}" region: "{{ region }}"
template: "configs/{{ aws_server_name }}.yml" template: "configs/{{ aws_server_name }}.yml"
tags: tags:
Environment: Algo Environment: Algo
register: stack register: stack

5
roles/cloud-ec2/tasks/encrypt_image.yml Normal file → Executable file
View file

@ -2,6 +2,9 @@
ec2_ami_find: ec2_ami_find:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}" aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}" aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
#its odd that the parameter name (“security_token”) is shown in an error message generated by this ansible module, rather than being recorded in the modules official docs
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
owner: self owner: self
sort: creationDate sort: creationDate
sort_order: descending sort_order: descending
@ -20,6 +23,8 @@
ec2_ami_copy: ec2_ami_copy:
aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}" aws_access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true)}}"
aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}" aws_secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true)}}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
encrypted: yes encrypted: yes
name: algo name: algo
kms_key_id: "{{ kms_key_id | default(omit) }}" kms_key_id: "{{ kms_key_id | default(omit) }}"

7
roles/cloud-ec2/tasks/main.yml Normal file → Executable file
View file

@ -2,12 +2,17 @@
- set_fact: - set_fact:
access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" access_key: "{{ aws_access_key | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ aws_session_token | default(lookup('env','AWS_SESSION_TOKEN'), true) }}"
stack_name: "{{ aws_server_name | replace('.', '-') }}" stack_name: "{{ aws_server_name | replace('.', '-') }}"
- name: Locate official AMI for region - name: Locate official AMI for region
ec2_ami_find: ec2_ami_find:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
#its odd that the parameter name (“security_token”) is shown in an error message generated by this ansible module, rather than being recorded in the modules official docs
security_token: "{{ security_token }}"
name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
owner: "{{ cloud_providers.ec2.image.owner }}" owner: "{{ cloud_providers.ec2.image.owner }}"
sort: creationDate sort: creationDate
@ -41,6 +46,8 @@
ec2_remote_facts: ec2_remote_facts:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
#for AWS's temporary credentials, aws_session_token (aka aws_security_token) is also required
security_token: "{{ security_token }}"
region: "{{ region }}" region: "{{ region }}"
filters: filters:
instance-state-name: running instance-state-name: running