For help, email email@example.com
What is AICF?
The Automated Infrastructure Compliance Framework is an open-source integrated pipeline for deploying and monitoring infrastructure. Specific features include:
- Pre-deployment policy checking using Open Policy Agent
- Post-deployment AWS/Azure drift detection using Fugue.co
- Terraform for Infrastructure-as-Code deployments
AICF is currently built on AWS Codepipeline and AWS Codebuild and integrates Open Policy Agent, Terraform, and Fugue.
Before deploying by any of the following methods, the values for the following configuration parameters must be gathered:
"ApplicationName" - Any name of your choosing for the AWS codepiplne reference name
"ArtifactS3Bucket" - Name of existing AWS S3 bucket for the AWS codepiplne artifact store
"GitHubOAuthToken" - programmatic auth token for github user
"GitHubUser" - Github user name
"GitHubRepository" - Github repository where terraform '.tf' files are
"GitHubBranch" - Specific Github repository branch to be used for the above terraform files
"TerraformSha256" - Sha256 hash of terraform binary
"TerraformVersion" - Version of of terraform to use during initiation of terraform environment
"TerraformCloudToken" - programmatic auth token for terraform enterprise environment
"Intervalinseconds" - Interval, in seconds, that Fugue will scan AWS evironment
"Fugueenvironmentid" - Id of Fugue environment
"FugueCLIENTID" - Client Id of Fugue username
"FugueCLIENTSECRET" - Secret of the Fugue client Id
In order to deployment AICF via bash CLI environment, one must first have the aws cli binary installed and have properfly configured the ~/.aws/config and ~/.aws/credentials files
Create of json formatted configuration file with the parameters descriped in the Deployment/installation overview
Run the command below, subsituting the name "testStack" with one of your choosing.
$ aws cloudformation create-stack --stack-name testStack --template-body file://aicf.yaml --parameters file://aicf-configuration.json --capabilities CAPABILITY_NAMED_IAM
Accelerated CloudFormation method
Login to the AWS account you wish to deploy the AICF
Click "Next", give your new stack a name and then fill in the variable parameters that are required to deploy the pipeline.
Complete Steps 6 & 7 in the **Console section described below
Manual Method Using the AWS Console
Log onto the your AWS web console
Navigate to the AWS cloudformation service page:
- Click on "Create Stack"
- Ensure "Template is Ready" and "Upload a template file" are chosen. Choose the cloudformation template file (OPAFugueCodepipeline.yaml) in this repository
Fill in the parameters with the information gathered in Deployment/installation overview and click next
Click next again
Ensure the following checkbox is clicked and select "Create Stack"
How to run AICF
Once you deplopy the AICF, it is ready to be usedThe first run will initiate itself once the AWS cloudformation stack is created. By default, the AWS pipeline is configured to run manually. In order to run, execute the following steps:
- In AWS console, nagivate to the codepipeline service. Click on the reference name, "ApplicationName", you chose above.
- Then, click on "Release Change"
- Confirm start of pipeline by clicking on "Release"
Some Example CLI Commands:
$ terraform apply -auto-approve
$ terraform destroy -auto-approve
$ aws cloudformation delete-stack --stack-name testStack --profile e3_sandbox
Install OPA binary locally
curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.13.3/opa_linux_amd64 && chmod +x opa && mv opa /usr/bin
- Clone repo
- Create new branch, make changes and commit and push to remote i.e.
git push --set-upstream origin new-branch
- Log into github and create pull request to the master branch
New Light Technologies, Inc.
Carl Alleyne - firstname.lastname@example.org