Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v13] Backport hardened AMI resources #27454

Merged
merged 2 commits into from Jun 7, 2023
Merged

[v13] Backport hardened AMI resources #27454

merged 2 commits into from Jun 7, 2023

Conversation

tcsc
Copy link
Contributor

@tcsc tcsc commented Jun 6, 2023

tcsc and others added 2 commits June 6, 2023 23:00
@tcsc
Packer resources for hardened AMIs (#26126)
11010d8 
- Converts the original JSON Packer template to HCL, preserving the
   old json version for the legacy AMI builds
 - Updates and modernises the new HCL template
 - Creates a slimmed-down `install-hardened.sh` script that avoids
   installing the monitoring front-end tools, as these are a major
   source of CIS violations (e.g. pulling in X11)
 - Splits the exisiting resources in `files` into two classes:
   - `files` that is common to the old and new AMI, and
   - `monitor-files` that is only installed on the legacy AMI

Note that this patch does not include any high-level tools to drive this
packer script from CI/CD. That is coming in a later PR.
@tcsc @strideynet
Creates Hardened AMI promotion tool (#26754)
8566020 
* Creates Hardened AMI promotion tool

Creates a tool that handles AMI promotion by finding the latest AMI
for a given Teleport release and makks it as public.

This patch also moves the `update-ami-id` script into its own package
directory in the `assets/aws` module, in order to both highlight its
use and tidy up the module root.

* Apply suggestions from code review

Co-authored-by: Noah Stride <noah.stride@goteleport.com>

* Update main.go

---------

Co-authored-by: Noah Stride <noah.stride@goteleport.com>
r0mant
r0mant approved these changes Jun 6, 2023
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tcsc Can you please make sure that our Update AMI IDs workflow still works with these changes?

@tcsc tcsc added this pull request to the merge queue Jun 7, 2023
Merged via the queue into branch/v13 with commit a07db7f Jun 7, 2023
30 checks passed
@tcsc tcsc deleted the tcsc/branch/v13/hardened-amis branch June 7, 2023 06:42
@r0mant r0mant mentioned this pull request Jul 14, 2023
Closed
@fheinecke fheinecke mentioned this pull request Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees
No one assigned
Labels
backport size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tcsc @r0mant @zmb3