From e539987e69e81eae9e86cc1d5b8019578f011bbc Mon Sep 17 00:00:00 2001 From: fidelis-ogunsanmi Date: Thu, 30 Jun 2022 16:03:35 -0400 Subject: [PATCH 1/3] added files for module 01 --- 01-cloudformation/README.md | 10 +++++----- 01-cloudformation/exec.sh | 11 +++++++++++ 01-cloudformation/myReadme.md | 25 +++++++++++++++++++++++++ 01-cloudformation/name.json | 5 +++++ 01-cloudformation/s3-cond.yaml | 19 +++++++++++++++++++ 01-cloudformation/s3-params.yaml | 13 +++++++++++++ 01-cloudformation/s3-pseudo.yaml | 13 +++++++++++++ 01-cloudformation/s3_1.yaml | 6 ++++++ 8 files changed, 97 insertions(+), 5 deletions(-) create mode 100755 01-cloudformation/exec.sh create mode 100644 01-cloudformation/myReadme.md create mode 100644 01-cloudformation/name.json create mode 100644 01-cloudformation/s3-cond.yaml create mode 100644 01-cloudformation/s3-params.yaml create mode 100644 01-cloudformation/s3-pseudo.yaml create mode 100644 01-cloudformation/s3_1.yaml diff --git a/01-cloudformation/README.md b/01-cloudformation/README.md index 8e2346f8..dec2c6e5 100644 --- a/01-cloudformation/README.md +++ b/01-cloudformation/README.md @@ -75,7 +75,7 @@ and get familiar with the basic parts of a CloudFormation template. #### Lab 1.1.1: CloudFormation Template Requirements -Create the *most minimal CFN template possible* that can be used to +Create the _most minimal CFN template possible_ that can be used to create an AWS Simple Storage Service (S3) Bucket. - Always write your CloudFormation [templates in YAML](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-formats.html). @@ -85,8 +85,8 @@ create an AWS Simple Storage Service (S3) Bucket. - Note the output provided by creating the Stack. -- Though *functionally* unnecessary, the Description (i.e. its *purpose*) - element documents your code's *intent*, so provide one. The Description +- Though _functionally_ unnecessary, the Description (i.e. its _purpose_) + element documents your code's _intent_, so provide one. The Description key-value pair should be at the _root level_ of your template. If you place it under the definition of a resource, AWS will allow the template's creation but your description will not populate anything. See @@ -213,7 +213,7 @@ Policy's Amazon Resource Name ([ARN](https://docs.aws.amazon.com/general/latest/ #### Lab 1.2.3: Importing another Stack's Exports -Create a *new* CFN template that describes an IAM User and applies to it +Create a _new_ CFN template that describes an IAM User and applies to it the Managed Policy ARN created by and exported from the previous Stack. - Create this new Stack. @@ -273,7 +273,7 @@ deploy _a single S3 bucket_. using a looping construct to run the template the proper number of times. - Use an external JSON or YAML configuration file to maintain the target - deployment region parameters. Consider using `jq` or `yq` to parse this file. + deployment region parameters. Consider using `jq` or `yq` to parse this file. - Each bucket name should be of the format "_current-Region_-_current-Account_-_friendly-name_" diff --git a/01-cloudformation/exec.sh b/01-cloudformation/exec.sh new file mode 100755 index 00000000..e02d66ef --- /dev/null +++ b/01-cloudformation/exec.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +STACK_NAME="s3-bucket-create" +TEMPLATE="s3-cond.yaml" +PROFILE="labmfa" +REGION="us-east-2" + +aws cloudformation deploy --template-file $TEMPLATE \ + --stack-name $STACK_NAME --profile $PROFILE \ + --parameter-overrides file://name.json \ + --region $REGION \ No newline at end of file diff --git a/01-cloudformation/myReadme.md b/01-cloudformation/myReadme.md new file mode 100644 index 00000000..c294f595 --- /dev/null +++ b/01-cloudformation/myReadme.md @@ -0,0 +1,25 @@ +# Documentation for the cloudformation module + +This holds all the informations about scripts and templates i created in this module + +## Lab 1.1.1 + +- s3_1.yaml template will create a simple s3 bucket. +- I have used the aws cli tool to deploy the stack + - aws cloudformation deploy --template-file s3.yaml --stack-name s3-bucket-create +- If we notice, the bucket has been named: s3-bucket-create-s3bucket-15s1dsy5yhdfa + +## Lab 1.1.2: Stack Parameters + +- s3-params.yaml template will create the bucket and name it using the parameter file name.json +- command used to update the stack is: + - aws cloudformation deploy --template-file s3-params.yaml --stack-name s3-bucket-create --profile labmfa --parameter-overrides file://name.json + +## Lab 1.1.3: Pseudo-Parameters + +- s3-pseudo.yaml has the template +- This will prefix the bucketname with the aws account id + +### Scripts + +- exec.sh: This script does the cli kick of the deployment. diff --git a/01-cloudformation/name.json b/01-cloudformation/name.json new file mode 100644 index 00000000..d44ae148 --- /dev/null +++ b/01-cloudformation/name.json @@ -0,0 +1,5 @@ +{ + "Parameters": { + "BucketName": "fidelis-stelligent-test-bucket" + } +} \ No newline at end of file diff --git a/01-cloudformation/s3-cond.yaml b/01-cloudformation/s3-cond.yaml new file mode 100644 index 00000000..ee144ffc --- /dev/null +++ b/01-cloudformation/s3-cond.yaml @@ -0,0 +1,19 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'AWS CloudFormation Template to create an S3 bucket' + +Parameters: + BucketName: + Type: String + Description: The name of the S3 Bucket to create + +Conditions: + isProduction: !Equals [ !Ref AWS::Region, us-east-1 ] + +Resources: + S3Bucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !If + - isProduction + - !Join [ '-', [ !Ref AWS::AccountId, !Ref BucketName ] ] + - !Join [ '-', [ !Ref AWS::Region, !Ref BucketName ] ] \ No newline at end of file diff --git a/01-cloudformation/s3-params.yaml b/01-cloudformation/s3-params.yaml new file mode 100644 index 00000000..23b7166a --- /dev/null +++ b/01-cloudformation/s3-params.yaml @@ -0,0 +1,13 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'AWS CloudFormation Template to create an S3 bucket' + +Parameters: + BucketName: + Type: String + Description: The name of the S3 Bucket to create + +Resources: + S3Bucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Ref BucketName \ No newline at end of file diff --git a/01-cloudformation/s3-pseudo.yaml b/01-cloudformation/s3-pseudo.yaml new file mode 100644 index 00000000..8f468fa5 --- /dev/null +++ b/01-cloudformation/s3-pseudo.yaml @@ -0,0 +1,13 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'AWS CloudFormation Template to create an S3 bucket' + +Parameters: + BucketName: + Type: String + Description: The name of the S3 Bucket to create + +Resources: + S3Bucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Join [ '-', [ !Ref AWS::AccountId, !Ref BucketName ] ] \ No newline at end of file diff --git a/01-cloudformation/s3_1.yaml b/01-cloudformation/s3_1.yaml new file mode 100644 index 00000000..574a5897 --- /dev/null +++ b/01-cloudformation/s3_1.yaml @@ -0,0 +1,6 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: 'AWS CloudFormation Template to create an S3 bucket' + +Resources: + S3Bucket: + Type: AWS::S3::Bucket \ No newline at end of file From b4f57b75b26dfa991f34df2e3d2aa74774d34482 Mon Sep 17 00:00:00 2001 From: fidelis-ogunsanmi Date: Wed, 6 Jul 2022 10:45:40 -0400 Subject: [PATCH 2/3] added files for module1 --- 01-cloudformation/exec.sh | 14 ++++++++---- 01-cloudformation/myReadme.md | 9 ++++++++ 01-cloudformation/s3-iam.yaml | 39 ++++++++++++++++++++++++++++++++ 01-cloudformation/s3-import.yaml | 18 +++++++++++++++ 4 files changed, 75 insertions(+), 5 deletions(-) create mode 100644 01-cloudformation/s3-iam.yaml create mode 100644 01-cloudformation/s3-import.yaml diff --git a/01-cloudformation/exec.sh b/01-cloudformation/exec.sh index e02d66ef..fc3de8c3 100755 --- a/01-cloudformation/exec.sh +++ b/01-cloudformation/exec.sh @@ -1,11 +1,15 @@ #!/bin/bash -STACK_NAME="s3-bucket-create" -TEMPLATE="s3-cond.yaml" +STACK_NAME="fidelis-test-new-lab" +TEMPLATE="s3-import.yaml" PROFILE="labmfa" -REGION="us-east-2" +REGION="us-east-1" aws cloudformation deploy --template-file $TEMPLATE \ --stack-name $STACK_NAME --profile $PROFILE \ - --parameter-overrides file://name.json \ - --region $REGION \ No newline at end of file + --capabilities CAPABILITY_NAMED_IAM \ + --region $REGION + +# aws cloudformation list-exports \ +# --profile $PROFILE \ +# --region $REGION \ No newline at end of file diff --git a/01-cloudformation/myReadme.md b/01-cloudformation/myReadme.md index c294f595..e49d5ffa 100644 --- a/01-cloudformation/myReadme.md +++ b/01-cloudformation/myReadme.md @@ -23,3 +23,12 @@ This holds all the informations about scripts and templates i created in this mo ### Scripts - exec.sh: This script does the cli kick of the deployment. + +## Lab 1.2.1: Cross-Referencing Resources within a Template + +- s3-iam.yaml creates the stack + +## Lab 1.2.2: Exposing Resource Details via Exports + +- updated s3-iam.yaml to update the stack +- exec.sh has the commands used to list all stack exports diff --git a/01-cloudformation/s3-iam.yaml b/01-cloudformation/s3-iam.yaml new file mode 100644 index 00000000..276f67b8 --- /dev/null +++ b/01-cloudformation/s3-iam.yaml @@ -0,0 +1,39 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Create IAM user with Read access to all buckets. + +Parameters: + S3UserName: + Type: String + Description: The name of the S3 Bucket to create + Default: 01-fidelis-user + +Resources: + + myCustomerManagedPolicyForIAM: + Type: 'AWS::IAM::ManagedPolicy' + Properties: + ManagedPolicyName: FidelisIAMReadOnlyPolicy # give a name to this policy + Description: Customer managed policy for read only access to s3 + Path: '/' + PolicyDocument: # (required) JSON policy document + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - 's3:ListBucket' + - 's3:GetObject' + Resource: '*' + + S3User: + Type: AWS::IAM::User + Properties: + UserName: !Ref S3UserName + ManagedPolicyArns: + - !Ref myCustomerManagedPolicyForIAM + +Outputs: + outputName: + Description: Customer managed policy name + Value: !Ref myCustomerManagedPolicyForIAM + Export: + Name: !Sub "${AWS::StackName}-MyManagedPolicy" \ No newline at end of file diff --git a/01-cloudformation/s3-import.yaml b/01-cloudformation/s3-import.yaml new file mode 100644 index 00000000..0da85807 --- /dev/null +++ b/01-cloudformation/s3-import.yaml @@ -0,0 +1,18 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Create IAM user with Read access to all buckets. + +Parameters: + S3UserName: + Type: String + Description: The name of the S3 Bucket to create + Default: 01-fidelis-user2 + +Resources: + + S3User: + Type: AWS::IAM::User + Properties: + UserName: !Ref S3UserName + Policies: + - Fn::ImportValue: !Sub "${AWS::StackName}-MyManagedPolicy" + \ No newline at end of file From 1b9b9da39c804091d0cd2a20eef7e4979274cf53 Mon Sep 17 00:00:00 2001 From: fidelis-ogunsanmi Date: Wed, 6 Jul 2022 11:24:21 -0400 Subject: [PATCH 3/3] added files for module1 --- 01-cloudformation/exec.sh | 5 +++-- 01-cloudformation/myReadme.md | 4 ++++ 01-cloudformation/s3-import.yaml | 4 ++-- 01-cloudformation/stacks | 6 ++++++ 4 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 01-cloudformation/stacks diff --git a/01-cloudformation/exec.sh b/01-cloudformation/exec.sh index fc3de8c3..b12bfe0b 100755 --- a/01-cloudformation/exec.sh +++ b/01-cloudformation/exec.sh @@ -1,6 +1,6 @@ #!/bin/bash -STACK_NAME="fidelis-test-new-lab" +STACK_NAME="fidelisImportIAM" TEMPLATE="s3-import.yaml" PROFILE="labmfa" REGION="us-east-1" @@ -12,4 +12,5 @@ aws cloudformation deploy --template-file $TEMPLATE \ # aws cloudformation list-exports \ # --profile $PROFILE \ -# --region $REGION \ No newline at end of file +# --region $REGION + diff --git a/01-cloudformation/myReadme.md b/01-cloudformation/myReadme.md index e49d5ffa..0027170c 100644 --- a/01-cloudformation/myReadme.md +++ b/01-cloudformation/myReadme.md @@ -32,3 +32,7 @@ This holds all the informations about scripts and templates i created in this mo - updated s3-iam.yaml to update the stack - exec.sh has the commands used to list all stack exports + +## Lab 1.2.3: Importing another Stack's Exports + +- s3-import.yaml creates the stack diff --git a/01-cloudformation/s3-import.yaml b/01-cloudformation/s3-import.yaml index 0da85807..d9dca6e3 100644 --- a/01-cloudformation/s3-import.yaml +++ b/01-cloudformation/s3-import.yaml @@ -13,6 +13,6 @@ Resources: Type: AWS::IAM::User Properties: UserName: !Ref S3UserName - Policies: - - Fn::ImportValue: !Sub "${AWS::StackName}-MyManagedPolicy" + ManagedPolicyArns: + - Fn::ImportValue: "fidelis-test-lab-MyManagedPolicy" \ No newline at end of file diff --git a/01-cloudformation/stacks b/01-cloudformation/stacks new file mode 100644 index 00000000..179dccd4 --- /dev/null +++ b/01-cloudformation/stacks @@ -0,0 +1,6 @@ +fidelis-lab +fidelis-test-lab +fidelis-test-new-lab +fidelis-new-lab +fidelis01-new-lab +fidelisImportIAM \ No newline at end of file