v-rosa

I'll try to share my approach to use private GitHub hosted terraform modules with AFT v1.5.1. It relies on GH App to create ephemeral tokens during Global Customization stage which will share with the target account so it can be used during Account Customization stage.

Relates to: aws-ia/terraform-aws-control_tower_account_factory#42

Pre-requirements:

• Create a GH APP:
  • Permissions: allow the clone of repositories
  • Set to a restricted list of terraform modules repos
• Create parameter store entries for GH_APP pem, id and installation_id under AFT_MGT account

naoty

#!/bin/bash -e

aws ssm get-parameters-by-path \
  --path "/myapp/" \
  --with-decryption \
  --query "Parameters[*].[Name,Value]" \
  --output text |
  while read line
  do
    name=$(echo ${line} | cut -f 1 -d ' ' | sed -e 's/\/myapp\///g')

sparkcodeuk

#!/bin/bash
# Force outbound traffic through the attached floating IP

NET_INT="eth0"
CURL_TIMEOUT=3

echo -n "Setting floating IP as the default gateway: "

# Check there's a floating IP attached to this droplet
if [ "$(curl -s --connect-timeout $CURL_TIMEOUT http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)" != "true" ]; then

tanji

• Create the CA:

openssl genrsa -aes256 -out ca.key 4096
openssl req -key ca.key -new -x509 -days 7300 -sha256 -extensions v3_ca -out ca.crt

• Create server certificate and key:

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr

tedmiston

/*
In the node.js intro tutorial (http://nodejs.org/), they show a basic tcp 
server, but for some reason omit a client connecting to it.  I added an 
example at the bottom.

Save the following server in example.js:
*/

var net = require('net');