Skip to content

Commit

Permalink
Merge pull request #2599 from cisagov/AL-add-PE-API-KEY
Browse files Browse the repository at this point in the history
Add P&E API key to Fargate env variables
  • Loading branch information
aloftus23 authored Mar 4, 2024
2 parents ee53747 + 7996088 commit 881b250
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 39 deletions.
4 changes: 0 additions & 4 deletions backend/env.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,6 @@ staging:
MATOMO_URL: http://matomo.crossfeed.local
EXPORT_BUCKET_NAME: cisa-crossfeed-staging-exports
PE_API_URL: ${ssm:/crossfeed/staging/PE_API_URL}
PE_API_KEY: ${ssm:/crossfeed/staging/PE_API_KEY}
CF_API_KEY: ${ssm:/crossfeed/staging/CF_API_KEY}
REPORTS_BUCKET_NAME: cisa-crossfeed-staging-reports
CLOUDWATCH_BUCKET_NAME: cisa-crossfeed-staging-cloudwatch
STAGE: staging
Expand Down Expand Up @@ -95,8 +93,6 @@ prod:
MATOMO_URL: http://matomo.crossfeed.local
EXPORT_BUCKET_NAME: cisa-crossfeed-prod-exports
PE_API_URL: ${ssm:/crossfeed/prod/PE_API_URL}
PE_API_KEY: ${ssm:/crossfeed/prod/PE_API_KEY}
CF_API_KEY: ${ssm:/crossfeed/prod/CF_API_KEY}
REPORTS_BUCKET_NAME: cisa-crossfeed-prod-reports
CLOUDWATCH_BUCKET_NAME: cisa-crossfeed-prod-cloudwatch
STAGE: prod
Expand Down
34 changes: 0 additions & 34 deletions infrastructure/elastic.tf
Original file line number Diff line number Diff line change
Expand Up @@ -28,38 +28,4 @@ resource "aws_instance" "elk_stack" {
}
}

data "aws_iam_policy_document" "elk_policy" {
statement {
effect = "Allow"
actions = ["cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"logs:DescribeLogGroups",
"logs:FilterLogEvents",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"sns:ListTopics",
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"sts:AssumeRole",
"sts:GetCallerIdentity",
"tag:GetResources"]
resources = ["*"]
}
}

# Define IAM user
resource "aws_iam_user" "elk_integration_user" {
name = "ELKIntegrationUser"
}

# Attach policy to the IAM user
resource "aws_iam_user_policy" "lb_ro" {
name = "test"
user = aws_iam_user.elk_integration_user.name
policy = data.aws_iam_policy_document.elk_policy.json
}

2 changes: 2 additions & 0 deletions infrastructure/prod.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ ssm_dnstwist_queue_url = "/crossfeed/prod/DNSTWIST_QUEUE_URL"
ssm_hibp_queue_url = "/crossfeed/prod/HIBP_QUEUE_URL"
ssm_intelx_queue_url = "/crossfeed/prod/INTELX_QUEUE_URL"
ssm_cybersixgill_queue_url = "/crossfeed/prod/CYBERSIXGILL_QUEUE_URL"
ssm_pe_api_key = "/crossfeed/prod/PE_API_KEY"
ssm_cf_api_key = "/crossfeed/prod/CF_API_KEY"
db_group_name = "crossfeed-prod-db-group"
worker_ecs_repository_name = "crossfeed-prod-worker"
worker_ecs_cluster_name = "crossfeed-prod-worker"
Expand Down
2 changes: 2 additions & 0 deletions infrastructure/stage.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@ ssm_dnstwist_queue_url = "/crossfeed/staging/DNSTWIST_QUEUE_URL"
ssm_hibp_queue_url = "/crossfeed/staging/HIBP_QUEUE_URL"
ssm_intelx_queue_url = "/crossfeed/staging/INTELX_QUEUE_URL"
ssm_cybersixgill_queue_url = "/crossfeed/staging/CYBERSIXGILL_QUEUE_URL"
ssm_pe_api_key = "/crossfeed/staging/PE_API_KEY"
ssm_cf_api_key = "/crossfeed/staging/CF_API_KEY"
db_group_name = "crossfeed-staging-db-group"
worker_ecs_repository_name = "crossfeed-staging-worker"
worker_ecs_cluster_name = "crossfeed-staging-worker"
Expand Down
12 changes: 12 additions & 0 deletions infrastructure/vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,18 @@ variable "ssm_lg_api_key" {
default = "/crossfeed/staging/LG_API_KEY"
}

variable "ssm_pe_api_key" {
description = "ssm_pe_api_key"
type = string
default = "/crossfeed/staging/PE_API_KEY"
}

variable "ssm_cf_api_key" {
description = "ssm_cf_api_key"
type = string
default = "/crossfeed/staging/CF_API_KEY"
}

variable "ssm_lg_workspace_name" {
description = "ssm_lg_workspace_name"
type = string
Expand Down
16 changes: 15 additions & 1 deletion infrastructure/worker.tf
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,9 @@ resource "aws_iam_role_policy" "worker_task_execution_role_policy" {
"${data.aws_ssm_parameter.hibp_queue_url.arn}",
"${data.aws_ssm_parameter.intelx_queue_url.arn}",
"${data.aws_ssm_parameter.cybersixgill_queue_url.arn}",
"${aws_ssm_parameter.es_endpoint.arn}"
"${aws_ssm_parameter.es_endpoint.arn}",
"${data.aws_ssm_parameter.pe_api_key.arn}",
"${data.aws_ssm_parameter.cf_api_key.arn}"
]
}
]
Expand Down Expand Up @@ -304,6 +306,14 @@ resource "aws_ecs_task_definition" "worker" {
{
"name": "ELASTICSEARCH_ENDPOINT",
"valueFrom": "${aws_ssm_parameter.es_endpoint.arn}"
},
{
"name": "PE_API_KEY",
"valueFrom": "${data.aws_ssm_parameter.pe_api_key.arn}"
},
{
"name": "CF_API_KEY",
"valueFrom": "${data.aws_ssm_parameter.cf_api_key.arn}"
}
]
}
Expand Down Expand Up @@ -375,6 +385,10 @@ data "aws_ssm_parameter" "intelx_queue_url" { name = var.ssm_intelx_queue_url }

data "aws_ssm_parameter" "cybersixgill_queue_url" { name = var.ssm_cybersixgill_queue_url }

data "aws_ssm_parameter" "pe_api_key" { name = var.ssm_pe_api_key }

data "aws_ssm_parameter" "cf_api_key" { name = var.ssm_cf_api_key }

resource "aws_s3_bucket" "export_bucket" {
bucket = var.export_bucket_name
tags = {
Expand Down

0 comments on commit 881b250

Please sign in to comment.