From 69e242c780d82728c20d3361ad0a0f591445f868 Mon Sep 17 00:00:00 2001 From: Frank Mata Date: Fri, 18 Aug 2023 16:43:18 +0900 Subject: [PATCH 1/2] Encrypt EBS volumes --- lib/barcelona/network/autoscaling_builder.rb | 1 + lib/barcelona/network/bastion_builder.rb | 1 + lib/barcelona/plugins/pcidss_plugin.rb | 1 + spec/lib/barcelona/network/network_stack_spec.rb | 2 ++ 4 files changed, 5 insertions(+) diff --git a/lib/barcelona/network/autoscaling_builder.rb b/lib/barcelona/network/autoscaling_builder.rb index 3f1054aa..7aaf68c5 100644 --- a/lib/barcelona/network/autoscaling_builder.rb +++ b/lib/barcelona/network/autoscaling_builder.rb @@ -48,6 +48,7 @@ def build_resources "DeviceName" => "/dev/xvda", "Ebs" => { "DeleteOnTermination" => true, + "Encrypted" => true, "Iops" => 3000, "Throughput" => 125, "VolumeSize" => 100, diff --git a/lib/barcelona/network/bastion_builder.rb b/lib/barcelona/network/bastion_builder.rb index 4fc33238..1a99bd5b 100644 --- a/lib/barcelona/network/bastion_builder.rb +++ b/lib/barcelona/network/bastion_builder.rb @@ -114,6 +114,7 @@ def build_resources "DeviceName" => "/dev/xvda", "Ebs" => { "DeleteOnTermination" => true, + "Encrypted" => true, "Iops" => 3000, "Throughput" => 125, "VolumeSize" => 100, diff --git a/lib/barcelona/plugins/pcidss_plugin.rb b/lib/barcelona/plugins/pcidss_plugin.rb index 87bbb346..59c7c168 100644 --- a/lib/barcelona/plugins/pcidss_plugin.rb +++ b/lib/barcelona/plugins/pcidss_plugin.rb @@ -212,6 +212,7 @@ def build_resources "DeviceName" => "/dev/xvda", "Ebs" => { "DeleteOnTermination" => true, + "Encrypted" => true, "Iops" => 3000, "Throughput" => 125, "VolumeSize" => 100, diff --git a/spec/lib/barcelona/network/network_stack_spec.rb b/spec/lib/barcelona/network/network_stack_spec.rb index 3d1c3a09..4a374d90 100644 --- a/spec/lib/barcelona/network/network_stack_spec.rb +++ b/spec/lib/barcelona/network/network_stack_spec.rb @@ -151,6 +151,7 @@ "DeviceName" => "/dev/xvda", "Ebs" => { "DeleteOnTermination" => true, + "Encrypted" => true, "Iops" => 3000, "Throughput" => 125, "VolumeSize" => 100, @@ -387,6 +388,7 @@ "DeviceName" =>"/dev/xvda", "Ebs" => { "DeleteOnTermination" => true, + "Encrypted" => true, "Iops" => 3000, "Throughput" => 125, "VolumeSize" => 100, From 88b891ec067d1dfc7c881619872babc1060eb477 Mon Sep 17 00:00:00 2001 From: Frank Mata Date: Fri, 1 Sep 2023 11:39:35 +0900 Subject: [PATCH 2/2] Update amazon linux 2 ami --- lib/barcelona/network/autoscaling_builder.rb | 32 ++++++++++---------- lib/barcelona/network/bastion_builder.rb | 32 ++++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/lib/barcelona/network/autoscaling_builder.rb b/lib/barcelona/network/autoscaling_builder.rb index 7aaf68c5..f91146c8 100644 --- a/lib/barcelona/network/autoscaling_builder.rb +++ b/lib/barcelona/network/autoscaling_builder.rb @@ -5,23 +5,23 @@ class AutoscalingBuilder < CloudFormation::Builder # amzn2-ami-ecs-hvm-2.0 # You can see the latest version stored in public SSM parameter store # https://ap-northeast-1.console.aws.amazon.com/systems-manager/parameters/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id/description?region=ap-northeast-1 - # latest info is Version: 118, LastModifiedDate: 2023-07-11T02:43:58.706000+09:00, image_name: amzn2-ami-ecs-hvm-2.0.20230705-x86_64-ebs + # latest info is Version: 121, LastModifiedDate: 2023-08-17T00:07:16.575000+09:00, image_name: amzn2-ami-ecs-hvm-2.0.20230809-x86_64-ebs ECS_OPTIMIZED_AMI_IDS = { - "us-east-1" => "ami-0507dff4275d8dd6d", - "us-east-2" => "ami-0a2f86088203932e1", - "us-west-1" => "ami-04a74838790dc77bf", - "us-west-2" => "ami-07395cc0a598ee2eb", - "eu-west-1" => "ami-023f1074e24ccf964", - "eu-west-2" => "ami-079f34f67618526ea", - "eu-west-3" => "ami-06ee90103b4c1602c", - "eu-central-1" => "ami-0895a12593a7b3a0b", - "ap-northeast-1" => "ami-0e432635473484865", - "ap-northeast-2" => "ami-01bba9f96447a3f1e", - "ap-southeast-1" => "ami-0d2ffabfbd38ccd28", - "ap-southeast-2" => "ami-037bc2c139c7ae160", - "ca-central-1" => "ami-0519bf5ddc298485d", - "ap-south-1" => "ami-025fa2a3e27b6e58a", - "sa-east-1" => "ami-0f544759009d3c50b", + "us-east-1" => "ami-0e692fe1bae5ca24c", + "us-east-2" => "ami-098accd64a8a385dc", + "us-west-1" => "ami-08c160e4491d2a9a1", + "us-west-2" => "ami-02a4b44230bc8650a", + "eu-west-1" => "ami-0c5cd894db560d66c", + "eu-west-2" => "ami-02860af96bd3e1696", + "eu-west-3" => "ami-01d44421a18be3f4d", + "eu-central-1" => "ami-0b5009e7f102539b1", + "ap-northeast-1" => "ami-0ae451dcc36be7bb3", + "ap-northeast-2" => "ami-016e409dfaa836cb4", + "ap-southeast-1" => "ami-0c68f952153c18847", + "ap-southeast-2" => "ami-00bcae5b31b05c62c", + "ca-central-1" => "ami-00f7fbbe4ca0bb446", + "ap-south-1" => "ami-0205f72f24e39213b", + "sa-east-1" => "ami-0d306330cbbf3cda9", } def ebs_optimized_by_default? diff --git a/lib/barcelona/network/bastion_builder.rb b/lib/barcelona/network/bastion_builder.rb index 1a99bd5b..f0c672e6 100644 --- a/lib/barcelona/network/bastion_builder.rb +++ b/lib/barcelona/network/bastion_builder.rb @@ -5,23 +5,23 @@ class BastionBuilder < CloudFormation::Builder # Amazon Linux 2 AMI # You can see the latest version stored in public SSM parameter store # https://ap-northeast-1.console.aws.amazon.com/systems-manager/parameters/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2/description?region=ap-northeast-1 - # latest info is Version: 90, LastModifiedDate: 2023-06-30T05:46:13.821000+09:00 + # latest info is Version: 94, LastModifiedDate: 2023-08-25T08:17:22.587000+09:00 )... Use these for bastion_builder.rb AMI_IDS = { - "us-east-1" => "ami-0ee3dd41c47751fe6", - "us-east-2" => "ami-0104b1a6d7c2e71e7", - "us-west-1" => "ami-0f5bca4d7b49c9f49", - "us-west-2" => "ami-04d0def24be0d27d6", - "eu-west-1" => "ami-0f10a5fd495b3e5f8", - "eu-west-2" => "ami-09102fbce920ce7cb", - "eu-west-3" => "ami-0ba85efb9770c80fc", - "eu-central-1" => "ami-07f388ca43c843c04", - "ap-northeast-1" => "ami-0ebe0a87a50664c5a", - "ap-northeast-2" => "ami-0314c6b4d666713d7", - "ap-southeast-1" => "ami-0a92570e87e2a32a6", - "ap-southeast-2" => "ami-02196cf3114f961f7", - "ca-central-1" => "ami-0e2bb53eeda050a28", - "ap-south-1" => "ami-0770726357cfe8240", - "sa-east-1" => "ami-05394326de8feacd8", + "us-east-1" => "ami-0e1c5d8c23330dee3", + "us-east-2" => "ami-071807f4c8241ac3f", + "us-west-1" => "ami-0540080bd63fd242d", + "us-west-2" => "ami-04288abc8d2000768", + "eu-west-1" => "ami-019743dbff6bf9883", + "eu-west-2" => "ami-04b5f63f1e04f469b", + "eu-west-3" => "ami-05335d5404e3b67f1", + "eu-central-1" => "ami-011f11b2ae563e78c", + "ap-northeast-1" => "ami-0fb2e8f28f4a31399", + "ap-northeast-2" => "ami-0500635a02d3f474b", + "ap-southeast-1" => "ami-08df616b01c9d36e6", + "ap-southeast-2" => "ami-056b433d09bdcadeb", + "ca-central-1" => "ami-02f754ea50a61080d", + "ap-south-1" => "ami-036fcf8080bce5f54", + "sa-east-1" => "ami-0ee0b5e7f79d63929", } def build_resources