Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

run on amazon linux 2023 #379

Merged
merged 3 commits into from
Jan 15, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
formatting and tests
  • Loading branch information
snowiow committed Jan 15, 2024
commit 866eb00ab52f68b46504c1cf2a35155d9a8171aa
2 changes: 1 addition & 1 deletion lib/bastion-host-forward.ts
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@
limitations under the License.
*/

import { Fn} from 'aws-cdk-lib';
import { Fn } from 'aws-cdk-lib';
import {
AmazonLinuxCpuType,
AmazonLinuxGeneration,
4 changes: 2 additions & 2 deletions test/aurora-serverless.test.ts
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@ test('Bastion Host created for normal username/password access', () => {
'Fn::Join': [
'',
[
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
{
'Fn::GetAtt': ['TestAurora252434E9', 'Endpoint.Port'],
},
@@ -97,7 +97,7 @@ test('Bastion Host created with extended Role for IAM Connection', () => {
'Fn::Join': [
'',
[
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
{
'Fn::GetAtt': ['TestAurora252434E9', 'Endpoint.Port'],
},
29 changes: 28 additions & 1 deletion test/generic-bastion-host-forward.test.ts
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@ test('Bastion Host created for normal access', () => {
template.hasResourceProperties('AWS::EC2::Instance', {
UserData: {
'Fn::Base64':
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:6379\n timeout connect 10s\n timeout client 20m\n timeout server 50m\n mode tcp\n server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//',
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:6379\n timeout connect 10s\n timeout client 20m\n timeout server 50m\n mode tcp\n server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//',
},
Tags: [
{
@@ -72,3 +72,30 @@ test('Bastion Host with own securityGroup', () => {
assert.equal(securityGroup.securityGroupId, bastionHostSecurityGroup.securityGroupId);
assert.equal(securityGroup.allowAllOutbound, bastionHostSecurityGroup.allowAllOutbound);
});

test('Bastion Host has encrypted EBS', () => {
const app = new App();
const stack = new Stack(app, 'TestStack');
const testVpc = new Vpc(stack, 'TestVpc');

// WHEN
new GenericBastionHostForward(stack, 'MyTestConstruct', {
vpc: testVpc,
address: '127.0.0.1',
port: '6379',
});

const template = Template.fromStack(stack);

// THEN
template.hasResourceProperties('AWS::EC2::Instance', {
BlockDeviceMappings: [
{
DeviceName: '/dev/xvda',
Ebs: {
Encrypted: true,
},
},
],
});
});
4 changes: 2 additions & 2 deletions test/rds.test.ts
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ test('Bastion Host created for normal username/password access', () => {
'Fn::Join': [
'',
[
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
{
'Fn::GetAtt': ['TestRDSDF309CB7', 'Endpoint.Port'],
},
@@ -99,7 +99,7 @@ test('Bastion Host created with extended Role for IAM RDS Connection', () => {
'Fn::Join': [
'',
[
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:',
{
'Fn::GetAtt': ['TestRDSDF309CB7', 'Endpoint.Port'],
},
15 changes: 4 additions & 11 deletions tsconfig.json
Original file line number Diff line number Diff line change
@@ -7,9 +7,7 @@
"declaration": true,
"experimentalDecorators": true,
"incremental": true,
"lib": [
"es2020"
],
"lib": ["es2020"],
"module": "CommonJS",
"noEmitOnError": true,
"noFallthroughCasesInSwitch": true,
@@ -28,12 +26,7 @@
"composite": false,
"tsBuildInfoFile": "tsconfig.tsbuildinfo"
},
"include": [
"**/*.ts"
],
"exclude": [
"node_modules",
".types-compat"
],
"include": ["**/*.ts"],
"exclude": ["node_modules", ".types-compat"],
"_generated_by_jsii_": "Generated by jsii - safe to delete, and ideally should be in .gitignore"
}
}