Fred Damstra [afs macbook]
4503f2272a
Updates and Cleanup for tf update
|
3 年之前 | |
|---|---|---|
| .. | ||
| cloud-init | 4 年之前 | |
| README.md | 4 年之前 | |
| amis.tf | 4 年之前 | |
| certificate.tf | 3 年之前 | |
| ecr.tf | 3 年之前 | |
| elb.tf | 4 年之前 | |
| main.tf | 3 年之前 | |
| outputs.tf | 5 年之前 | |
| rds.tf | 3 年之前 | |
| vars.tf | 4 年之前 | |
| waf.tf | 3 年之前 | |
README.md
xdr customer portal instances
Builds and configures the instances that host the customer portal website. NOTE: the grain ec2_tags:Name and the pillar aws_registry_account are required for portal salt state to complete successfully.
New Portal Server setup steps
- test.version # are we on the correct salt version?
- saltutil.sync_all
- saltutil.refresh_modules # refresh grains
- saltutil.refresh_pillar # refresh pillars
- pillar.get aws_registry_account # This one is needed
- slsutil.renderer salt://docker/portal.sls # Does this render properly?
- grains.get environment # make sure "test" is present
- state.sls os_modifications # get some base stuff out of the way
- grains.get ec2_tags:Name # make sure customer-portal is present for highstate to work
- state.highstate # push everything including docker and docker images
Vault Auth Issues
HELP! I destroyed then recreated the AWS IAM Portal Role and now Vault will not let me log in!!
In Vault disable the auth method
vault auth disable aws
Then in terraform reapply the config.
terragrunt-local apply -target=vault_auth_backend.aws -target=vault_aws_auth_backend_client.aws -target=vault_aws_auth_backend_role.portal
Vault apparently caches the AWS response for the portal IAM role.
https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-3-authenticating-with-an-iam-user-or-role-a3203a3ee088 It is important to note that although the Vault Role is configured with the IAM principal ARN, what Vault actually checks against is a unique internal ID from AWS. So if you destroy and recreate your IAM Role, Vault will reject the login attempt.