-
Notifications
You must be signed in to change notification settings - Fork 1
Deploying a test environment
Hillary edited this page Oct 9, 2020
·
2 revisions
- Have the following installed via
brew:- awscli
- packer
- terraform
- Your
~/.awsdirectory set up with credentials forcyhy-production
- Clone the cyhy_amis repo locally.
- Verify that your
AWS_PROFILEenv var is set tocyhy-production - Set up a pyenv and make sure ansible, boto3, and botocore are installed
cd ~/projects/cyhy_amis
pyenv virtualenv cyhy_amis
pyenv local cyhy_amis
python3 -m pip install --upgrade pip ansible boto3 botocore- Run a script to retrieve the production tfvars from AWS S3 so we can modify it to create a setup for the test environment
cd terraform
scripts/fetch_production_tfvars.sh- Open
prod-a.tfvarsin your editor of choice and make the following modifications for a test deployment:
aws_region = "us-east-2" # from "us-east-1"
aws_availability_zone = "c" # from "a"
tags = {
...
Workspace = "your_workspace" # use a consistent workspace name throughout
}
...
# Clear the array and leave an empty string
nessus_activation_codes = [
""
]
...
# Clear the array and leave an empty string
mgmt_nessus_activation_codes = [
""
]
- Clone the assessment-data-import-terraform repo.
- Create a
your_workspace.ymlfile: as follows:
aws_region = "us-east-2" # from "us-east-1"
aws_availability_zone = "c" # from "a"
tags = {
Team = "CISA Development Team"
Application = "Cyber Hygiene"
Workspace = "your_workspace" # use a consistent workspace name throughout
}
# In production workspaces, "-production" is automatically appended to the
# bucket names below
# In non-production workspaces, "-{workspace_name}" is automatically appended
# to the bucket names below
assessment_data_s3_bucket = "assessment-data"
assessment_data_import_lambda_s3_bucket = "assessment-data-import-lambda"- Run the setup steps from the repo's README.md as follows:
cd ~/projects/assessment-data-import-terraform
terraform init
# If you have not created your terraform workspace:
terraform workspace new <your_workspace>
# If you have previously created your terraform workspace:
terraform workspace select <your_workspace>
terraform apply -var-file=<your_workspace>.yml- Clone the findings-data-import-terraform repo.
- Create a
your_workspace.ymlfile: as follows:
aws_region = "us-east-2" # from "us-east-1"
aws_availability_zone = "c" # from "a"
tags = {
Team = "CISA Development Team"
Application = "Cyber Hygiene"
Workspace = "your_workspace" # use a consistent workspace name throughout
}
# In production workspaces, "-production" is automatically appended to the
# bucket names below
# In non-production workspaces, "-{workspace_name}" is automatically appended
# to the bucket names below
findings_data_s3_bucket = "findings-data"
findings_data_import_lambda_s3_bucket = "findings-data-import-lambda"- Run the setup steps from the repo's README.md as follows. If this is your
first time through the instructions, you will need to perform
newagain.
terraform init
# If you have not created your terraform workspace:
terraform workspace new <your_workspace>
# If you have previously created your terraform workspace:
terraform workspace select <your_workspace>
terraform apply -var-file=<your_workspace>.yml- Refer to the
cyhy_amisREADME section about Building the Terraform-based infrastructure and perform the following:
ansible-galaxy install -r ansible/requirements.yml
cd terraform
terraform init
# If you have not created your terraform workspace:
terraform workspace new <your_workspace>
# If you have previously created your terraform workspace:
terraform workspace select <your_workspace>
./configure.py
terraform apply -var-file=<your_workspace>.yml