-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial structure for create s3 buckets with secure best practices
- Loading branch information
Hendrix Roa
committed
Jan 9, 2020
0 parents
commit 8682055
Showing
7 changed files
with
422 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
# Logs | ||
logs | ||
*.log | ||
npm-debug.log* | ||
yarn-debug.log* | ||
yarn-error.log* | ||
|
||
# Runtime data | ||
pids | ||
*.pid | ||
*.seed | ||
*.pid.lock | ||
|
||
# Directory for instrumented libs generated by jscoverage/JSCover | ||
lib-cov | ||
|
||
# Coverage directory used by tools like istanbul | ||
coverage | ||
|
||
# nyc test coverage | ||
.nyc_output | ||
|
||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) | ||
.grunt | ||
|
||
# Bower dependency directory (https://bower.io/) | ||
bower_components | ||
|
||
# node-waf configuration | ||
.lock-wscript | ||
|
||
# Compiled binary addons (https://nodejs.org/api/addons.html) | ||
build/Release | ||
|
||
# Dependency directories | ||
node_modules/ | ||
jspm_packages/ | ||
|
||
# TypeScript v1 declaration files | ||
typings/ | ||
|
||
# Optional npm cache directory | ||
.npm | ||
|
||
# Optional eslint cache | ||
.eslintcache | ||
|
||
# Optional REPL history | ||
.node_repl_history | ||
|
||
# Output of 'npm pack' | ||
*.tgz | ||
|
||
# Yarn Integrity file | ||
.yarn-integrity | ||
|
||
# dotenv environment variables file | ||
.env | ||
|
||
# parcel-bundler cache (https://parceljs.org/) | ||
.cache | ||
|
||
# next.js build output | ||
.next | ||
|
||
# nuxt.js build output | ||
.nuxt | ||
|
||
# vuepress build output | ||
.vuepress/dist | ||
|
||
# Serverless directories | ||
.serverless/ | ||
|
||
# FuseBox cache | ||
.fusebox/ | ||
|
||
# DynamoDB Local files | ||
.dynamodb/ | ||
|
||
# All .env files | ||
*.env | ||
|
||
# Dist directory | ||
dist/ | ||
|
||
# Docs | ||
docs/ | ||
|
||
# swagger | ||
.swagger/ | ||
|
||
# terraform | ||
.terraform/ | ||
terraform.tfstate | ||
|
||
# coverage | ||
/coverage | ||
|
||
# DS_store | ||
.DS_Store | ||
|
||
# keep test env files | ||
!*.test.env | ||
|
||
# Procfile | ||
.procfile | ||
|
||
# Audit File | ||
yarn_audit.json | ||
|
||
# Jetbrains config | ||
.idea/ | ||
yarn-error.log | ||
|
||
# Docker Audit | ||
snyk_docker.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
.PHONY: init | ||
|
||
init: | ||
cd aws_stack && terraform init -var="aws_profile=$(AWS_PROFILE)" -lock=false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Supermassive Infra bootstrap | ||
|
||
Repository bootstrap to perform infra with security best practices and more. | ||
|
||
## Features | ||
- IAM Groups | ||
- IAM Password policy | ||
|
||
## TODO | ||
|
||
- Backend Terraform automation | ||
- AWS Config | ||
and more... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
import * as aws from 'aws-sdk'; | ||
import { prompt } from 'enquirer'; | ||
|
||
const s3 = new aws.S3(); | ||
const user: string = 'deploy'; | ||
|
||
export class BackendTF { | ||
|
||
constructor() { | ||
|
||
} | ||
|
||
private async createS3Bucket(bucketName: string, region: string) { | ||
const params = { | ||
Bucket: bucketName, | ||
ACL: 'private', | ||
CreateBucketConfiguration: { | ||
LocationConstraint: region | ||
}, | ||
}; | ||
await s3.createBucket(params).promise(); | ||
|
||
const publicAccess = { | ||
Bucket: bucketName, | ||
PublicAccessBlockConfiguration: { | ||
BlockPublicAcls: true, | ||
BlockPublicPolicy: true, | ||
IgnorePublicAcls: true, | ||
RestrictPublicBuckets: true, | ||
}, | ||
}; | ||
await s3.putPublicAccessBlock(publicAccess).promise(); | ||
|
||
const bucketEncryption = { | ||
Bucket: bucketName, | ||
ServerSideEncryptionConfiguration: { | ||
Rules: [ | ||
{ | ||
ApplyServerSideEncryptionByDefault: { | ||
SSEAlgorithm: 'AES256', | ||
}, | ||
}, | ||
], | ||
}, | ||
}; | ||
await s3.putBucketEncryption(bucketEncryption).promise(); | ||
|
||
console.log(`Bucket ${bucketName} Created.`); | ||
} | ||
|
||
public async init() { | ||
|
||
const { repoName } = await prompt({ | ||
type: 'input', | ||
name: 'repoName', | ||
message: 'Name of repository or project?', | ||
}); | ||
|
||
const { region } = await prompt({ | ||
type: 'input', | ||
name: 'region', | ||
message: 'Region?', | ||
initial: 'us-east-2' | ||
}); | ||
|
||
} | ||
} | ||
|
||
const backend: BackendTF = new BackendTF(); | ||
backend | ||
.init() | ||
.then() | ||
.catch(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{ | ||
"name": "aws-terrabackend", | ||
"version": "1.0.0", | ||
"description": "", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC", | ||
"devDependencies": { | ||
"@types/minimist": "^1.2.0", | ||
"@types/node": "^11.13.1" | ||
}, | ||
"dependencies": { | ||
"aws-sdk": "^2.424.0", | ||
"enquirer": "^2.3.2", | ||
"ts-node": "^8.0.3", | ||
"typescript": "^3.6.4" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"compilerOptions": { | ||
"lib": ["es5", "es6", "es7", "es2017.object", "dom"], | ||
"target": "es6", | ||
"module": "commonjs", | ||
"moduleResolution": "node", | ||
"emitDecoratorMetadata": true, | ||
"experimentalDecorators": true, | ||
"baseUrl": ".", | ||
"noImplicitAny": true, | ||
"strictNullChecks": true, | ||
"outDir": "dist", | ||
"sourceMap": false, | ||
"typeRoots": [ | ||
"./node_modules/@types" | ||
] | ||
}, | ||
"include": ["scripts/**/*"] | ||
} |
Oops, something went wrong.